CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2024-46833 – net: hns3: void array out of bound when loop tnl_num
https://notcve.org/view.php?id=CVE-2024-46833
In the Linux kernel, the following vulnerability has been resolved: net: hns3: void array out of bound when loop tnl_num When query reg inf of SSU, it loops tnl_num times. However, tnl_num comes from hardware and the length of array is a fixed value. To void array out of bound, make sure the loop time is not greater than the length of array • https://git.kernel.org/stable/c/c33a9806dc806bcb4a31dc71fb06979219181ad4 https://git.kernel.org/stable/c/86db7bfb06704ef17340eeae71c832f21cfce35c •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2024-46832 – MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed
https://notcve.org/view.php?id=CVE-2024-46832
In the Linux kernel, the following vulnerability has been resolved: MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed This avoids warning: [ 0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 Caused by get_c0_compare_int on secondary CPU. We also skipped saving IRQ number to struct clock_event_device *cd as it's never used by clockevent core, as per comments it's only meant for "non CPU local devices". • https://git.kernel.org/stable/c/d3ff0f98a52f0aafe35aa314d1c442f4318be3db https://git.kernel.org/stable/c/e6cd871627abbb459d0ff6521d6bb9cf9d9f7522 https://git.kernel.org/stable/c/b1d2051373bfc65371ce4ac8911ed984d0178c98 https://git.kernel.org/stable/c/32ee0520159f1e8c2d6597c19690df452c528f30 https://git.kernel.org/stable/c/189d3ed3b25beee26ffe2abed278208bece13f52 https://git.kernel.org/stable/c/50f2b98dc83de7809a5c5bf0ccf9af2e75c37c13 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2024-46831 – net: microchip: vcap: Fix use-after-free error in kunit test
https://notcve.org/view.php?id=CVE-2024-46831
In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap: Fix use-after-free error in kunit test This is a clear use-after-free error. We remove it, and rely on checking the return code of vcap_del_rule. • https://git.kernel.org/stable/c/c956b9b318d9036701c471dd458f9ed31defc629 https://git.kernel.org/stable/c/b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b https://git.kernel.org/stable/c/f7fe95f40c85311c98913fe6ae2c56adb7f767a7 https://git.kernel.org/stable/c/a3c1e45156ad39f225cd7ddae0f81230a3b1e657 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2024-46830 – KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS
https://notcve.org/view.php?id=CVE-2024-46830
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS Grab kvm->srcu when processing KVM_SET_VCPU_EVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX reads guest memory. Note, kvm_vcpu_ioctl_x86_set_vcpu_events() can also be called from KVM_RUN via sync_regs(), which already holds SRCU. I.e. trying to precisely use kvm_vcpu_srcu_read_lock() around the problematic SMM code would cause problems. Acquiring SRCU isn't all that expensive, so for simplicity, grab it unconditionally for KVM_SET_VCPU_EVENTS. ============================= WARNING: suspicious RCU usage 6.10.0-rc7-332d2c1d713e-next-vm #552 Not tainted ----------------------------- include/linux/kvm_host.h:1027 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by repro/1071: #0: ffff88811e424430 (&vcpu->mutex){+.+.}-{3:3}, at: kvm_vcpu_ioctl+0x7d/0x970 [kvm] stack backtrace: CPU: 15 PID: 1071 Comm: repro Not tainted 6.10.0-rc7-332d2c1d713e-next-vm #552 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Call Trace: <TASK> dump_stack_lvl+0x7f/0x90 lockdep_rcu_suspicious+0x13f/0x1a0 kvm_vcpu_gfn_to_memslot+0x168/0x190 [kvm] kvm_vcpu_read_guest+0x3e/0x90 [kvm] nested_vmx_load_msr+0x6b/0x1d0 [kvm_intel] load_vmcs12_host_state+0x432/0xb40 [kvm_intel] vmx_leave_nested+0x30/0x40 [kvm_intel] kvm_vcpu_ioctl_x86_set_vcpu_events+0x15d/0x2b0 [kvm] kvm_arch_vcpu_ioctl+0x1107/0x1750 [kvm] ? mark_held_locks+0x49/0x70 ? • https://git.kernel.org/stable/c/f7e570780efc5cec9b2ed1e0472a7da14e864fdb https://git.kernel.org/stable/c/080dbe7e9b86a0392d8dffc00d9971792afc121f https://git.kernel.org/stable/c/e302786233e6bc512986d007c96458ccf5ca21c7 https://git.kernel.org/stable/c/b4c0d89c92e957ecccce12e66b63875d0cc7af7e https://git.kernel.org/stable/c/fa297c33faefe51e10244e8a378837fca4963228 https://git.kernel.org/stable/c/939375737b5a0b1bf9b1e75129054e11bc9ca65e https://git.kernel.org/stable/c/ecdbe8ac86fb5538ccc623a41f88ec96c7168ab9 https://git.kernel.org/stable/c/4bcdd831d9d01e0fb64faea50732b59b2 •
CVSS: -EPSS: %CPEs: 14EXPL: 0CVE-2024-46829 – rtmutex: Drop rt_mutex::wait_lock before scheduling
https://notcve.org/view.php?id=CVE-2024-46829
In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In the good case it returns with the lock held and in the deadlock case it emits a warning and goes into an endless scheduling loop with the lock held, which triggers the 'scheduling in atomic' warning. Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning and dropping into the schedule for ever loop. [ tglx: Moved unlock before the WARN(), removed the pointless comment, massaged changelog, added Fixes tag ] • https://git.kernel.org/stable/c/3d5c9340d1949733eb37616abd15db36aef9a57c https://git.kernel.org/stable/c/95f9aded9436aa3ce714aeff3f45fcc1431df7d2 https://git.kernel.org/stable/c/ea018da95368adfb700689bd9842714f7c3db665 https://git.kernel.org/stable/c/1201613a70dd34bd347ba2970919b3f1d5fbfb4a https://git.kernel.org/stable/c/a2e64fcdc83c645813f7b93e4df291841ba7c625 https://git.kernel.org/stable/c/fb52f40e085ef4074f1335672cd62c1f832af13b https://git.kernel.org/stable/c/2b1f3807ed9cafb59c956ce76a05d25e67103f2e https://git.kernel.org/stable/c/432efdbe7da5ecfcbc0c2180cfdbab144 •