CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53112 – ocfs2: uncache inode which has failed entering the group
https://notcve.org/view.php?id=CVE-2024-53112
In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? • https://git.kernel.org/stable/c/7909f2bf835376a20d6dbf853eb459a27566eba2 https://git.kernel.org/stable/c/ac0cfe8ac35cf1be54131b90d114087b558777ca https://git.kernel.org/stable/c/5ae8cc0b0c027e9cab22596049bc4dd1cbc37ee4 https://git.kernel.org/stable/c/28d4ed71ae0b4baedca3e85ee6d8f227ec75ebf6 https://git.kernel.org/stable/c/0e04746db2ec4aec04cef5763b9d9aa32829ae2f https://git.kernel.org/stable/c/620d22598110b0d0cb97a3fcca65fc473ea86e73 https://git.kernel.org/stable/c/843dfc804af4b338ead42331dd58081b428ecdf8 https://git.kernel.org/stable/c/b751c50e19d66cfb7360c0b55cf17b072 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53110 – vp_vdpa: fix id_table array not null terminated error
https://notcve.org/view.php?id=CVE-2024-53110
In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error Allocate one extra virtio_device_id as null terminator, otherwise vdpa_mgmtdev_get_classes() may iterate multiple times and visit undefined memory. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vp_vdpa: se corrige el error de matriz id_table no terminada en nulo. Asigne un virtio_device_id adicional como terminador nulo; de lo contrario, vdpa_mgmtdev_get_classes() puede iterar varias veces y visitar memoria no definida. • https://git.kernel.org/stable/c/ffbda8e9df10d1784d5427ec199e7d8308e3763f https://git.kernel.org/stable/c/870d68fe17b5d9032049dcad98b5781a344a8657 https://git.kernel.org/stable/c/c4d64534d4b1c47d2f1ce427497f971ad4735aae https://git.kernel.org/stable/c/0a886489d274596ad1a80789d3a773503210a615 https://git.kernel.org/stable/c/4e39ecadf1d2a08187139619f1f314b64ba7d947 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53109 – nommu: pass NULL argument to vma_iter_prealloc()
https://notcve.org/view.php?id=CVE-2024-53109
In the Linux kernel, the following vulnerability has been resolved: nommu: pass NULL argument to vma_iter_prealloc() When deleting a vma entry from a maple tree, it has to pass NULL to vma_iter_prealloc() in order to calculate internal state of the tree, but it passed a wrong argument. As a result, nommu kernels crashed upon accessing a vma iterator, such as acct_collect() reading the size of vma entries after do_munmap(). This commit fixes this issue by passing a right argument to the preallocation call. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nommu: pasar argumento NULL a vma_iter_prealloc(). Al eliminar una entrada vma de un árbol maple, tiene que pasar NULL a vma_iter_prealloc() para calcular el estado interno del árbol, pero pasó un argumento incorrecto. Como resultado, los kernels nommu fallaban al acceder a un iterador vma, como acct_collect() que lee el tamaño de las entradas vma después de do_munmap(). • https://git.kernel.org/stable/c/b5df09226450165c434084d346fcb6d4858b0d52 https://git.kernel.org/stable/c/8bbf0ab631cdf1dade6745f137cff98751e6ced7 https://git.kernel.org/stable/c/aceaf33b7666b72dfb86e0aa977be81e3bcbc727 https://git.kernel.org/stable/c/247d720b2c5d22f7281437fd6054a138256986ba •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53108 – drm/amd/display: Adjust VSDB parser for replay feature
https://notcve.org/view.php?id=CVE-2024-53108
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust VSDB parser for replay feature At some point, the IEEE ID identification for the replay check in the AMD EDID was added. However, this check causes the following out-of-bounds issues when using KASAN: [ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu] [ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383 ... [ 27.821207] Memory state around the buggy address: [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821243] ^ [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821268] ================================================================== This is caused because the ID extraction happens outside of the range of the edid lenght. This commit addresses this issue by considering the amd_vsdb_block size. (cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Ajustar el analizador VSDB para la función de reproducción En algún momento, se agregó la identificación IEEE ID para la comprobación de reproducción en AMD EDID. Sin embargo, esta comprobación provoca los siguientes problemas fuera de límites al utilizar KASAN: [ 27.804016] ERROR: KASAN: slab-out-of-bounds en amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu] [ 27.804788] Lectura de tamaño 1 en la dirección ffff8881647fdb00 por la tarea systemd-udevd/383 ... [ 27.821207] Estado de la memoria alrededor de la dirección con errores: [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821243] ^ [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821268] ===================================================================== Esto se debe a que la extracción de ID se realiza fuera del rango de longitud de edid. Esta confirmación soluciona este problema al considerar el tamaño de amd_vsdb_block. • https://git.kernel.org/stable/c/0a326fbc8f72a320051f27328d4d4e7abdfe68d7 https://git.kernel.org/stable/c/8db867061f4c76505ad62422b65d666b45289217 https://git.kernel.org/stable/c/16dd2825c23530f2259fc671960a3a65d2af69bd •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53106 – ima: fix buffer overrun in ima_eventdigest_init_common
https://notcve.org/view.php?id=CVE-2024-53106
In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in ima_eventdigest_init_common Function ima_eventdigest_init() calls ima_eventdigest_init_common() with HASH_ALGO__LAST which is then used to access the array hash_digest_size[] leading to buffer overrun. Have a conditional statement to handle this. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ima: se corrige el desbordamiento del búfer en la función ima_eventdigest_init_common La función ima_eventdigest_init() llama a ima_eventdigest_init_common() con HASH_ALGO__LAST, que luego se utiliza para acceder a la matriz hash_digest_size[], lo que provoca un desbordamiento del búfer. Se debe tener una declaración condicional para manejar esto. • https://git.kernel.org/stable/c/9fab303a2cb3d323ca3a32a8b4ab60b451141901 https://git.kernel.org/stable/c/e01aae58e818503f2ffcd34c6f7dc6f90af1057e https://git.kernel.org/stable/c/8a84765c62cc0469864e2faee43aae253ad16082 https://git.kernel.org/stable/c/1ecf0df5205cfb0907eb7984b8671257965a5232 https://git.kernel.org/stable/c/923168a0631bc42fffd55087b337b1b6c54dcff5 •