CVE-2024-26581 – netfilter: nft_set_rbtree: skip end interval element from gc
https://notcve.org/view.php?id=CVE-2024-26581
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_set_rbtree: omitir elemento de intervalo final de gc rbtree lazy gc al insertar puede recopilar un elemento de intervalo final que se acaba de agregar en estas transacciones, omitir elementos de intervalo final que aún no están activo. A flaw was found in the Linux kernel’s Netfilter subsystem. This issue occurs in the nft_set_rbtree. rbtree lazy gc on insert, which might collect an end interval element just added in a transaction and skip the end interval elements not yet active. • https://github.com/madfxr/CVE-2024-26581-Checker https://git.kernel.org/stable/c/acaee227cf79c45a5d2d49c3e9a66333a462802c https://git.kernel.org/stable/c/893cb3c3513cf661a0ff45fe0cfa83fe27131f76 https://git.kernel.org/stable/c/50cbb9d195c197af671869c8cadce3bd483735a0 https://git.kernel.org/stable/c/89a4d1a89751a0fbd520e64091873e19cc0979e8 https://git.kernel.org/stable/c/f718863aca469a109895cb855e6b81fff4827d71 https://git.kernel.org/stable/c/cd66733932399475fe933cb3ec03e687ed401462 https://git.kernel.org/stable/c/10e9cb39313627f2eae4cd70c4b742074e998fd8 https: • CWE-416: Use After Free •
CVE-2023-52433 – netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
https://notcve.org/view.php?id=CVE-2023-52433
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an already released object. Once transaction is finished, async GC will collect such expired element. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nft_set_rbtree: omitir sincronización GC para nuevos elementos en esta transacción los nuevos elementos en esta transacción pueden caducar antes de que finalice dicha transacción. Omita la sincronización del GC para dichos elementos; de lo contrario, la ruta de confirmación podría pasar por encima de un objeto ya liberado. • https://git.kernel.org/stable/c/f6c383b8c31a93752a52697f8430a71dcbc46adf https://git.kernel.org/stable/c/e4d71d6a9c7db93f7bf20c3a0f0659d63d7de681 https://git.kernel.org/stable/c/e3213ff99a355cda811b41e8dbb3472d13167a3a https://git.kernel.org/stable/c/2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4 https://git.kernel.org/stable/c/9db9feb841f7449772f9393c16b9ef4536d8c127 https://git.kernel.org/stable/c/03caf75da1059f0460666c826e9f50e13dfd0017 https://git.kernel.org/stable/c/c323ed65f66e5387ee0a73452118d49f1dae81b8 https://git.kernel.org/stable/c/9af7dfb3c9d7985172a240f85e684c5cd • CWE-273: Improper Check for Dropped Privileges •
CVE-2023-52429
https://notcve.org/view.php?id=CVE-2023-52429
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. dm_table_create en drivers/md/dm-table.c en el kernel de Linux hasta 6.7.4 puede intentar (en alloc_targets) asignar más de INT_MAX bytes y fallar debido a que falta una verificación de la estructura dm_ioctl.target_count. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd504bcfec41a503b32054da5472904b404341a4 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK https://www.spinics.net/lis • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2024-25740
https://notcve.org/view.php?id=CVE-2024-25740
A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released. Se encontró una falla de pérdida de memoria en el controlador UBI en drivers/mtd/ubi/attach.c en el kernel de Linux hasta 6.7.4 para UBI_IOCATT, porque kobj->name no está publicado. • https://lore.kernel.org/lkml/0171b6cc-95ee-3538-913b-65a391a446b3%40huawei.com/T • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2024-25739 – kernel: crash due to a missing check for leb_size
https://notcve.org/view.php?id=CVE-2024-25739
create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. create_empty_lvol en drivers/mtd/ubi/vtbl.c en el kernel de Linux hasta 6.7.4 puede intentar asignar cero bytes y fallar debido a que falta una verificación de ubi->leb_size. A flaw was found in the Linux kernel. The create_empty_lvol function in the drivers/mtd/ubi/vtbl.c file can attempt to allocate zero bytes of memory when the LEB size is smaller than a single volume table record. This issue can result in a denial of service. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9 https://groups.google.com/g/syzkaller/c/Xl97YcQA4hg https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://www.spinics.net/lists/kernel/msg5074816.html https://access.redhat.com/security/cve/CVE-2024-25739 https://bugzilla.redhat.com/show_bug.cgi?id=2263879 • CWE-754: Improper Check for Unusual or Exceptional Conditions •