CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43826 – nfs: pass explicit offset/count to trace events
https://notcve.org/view.php?id=CVE-2024-43826
In the Linux kernel, the following vulnerability has been resolved: nfs: pass explicit offset/count to trace events nfs_folio_length is unsafe to use without having the folio locked and a check for a NULL ->f_mapping that protects against truncations and can lead to kernel crashes. E.g. when running xfstests generic/065 with all nfs trace points enabled. Follow the model of the XFS trace points and pass in an explŃ–cit offset and length. This has the additional benefit that these values can be more accurate as some of the users touch partial folio ranges. • https://git.kernel.org/stable/c/eb5654b3b89d5e836312cea9f3fdb49457852e89 https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722 https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43825 – iio: Fix the sorting functionality in iio_gts_build_avail_time_table
https://notcve.org/view.php?id=CVE-2024-43825
In the Linux kernel, the following vulnerability has been resolved: iio: Fix the sorting functionality in iio_gts_build_avail_time_table The sorting in iio_gts_build_avail_time_table is not working as intended. It could result in an out-of-bounds access when the time is zero. Here are more details: 1. When the gts->itime_table[i].time_us is zero, e.g., the time sequence is `3, 0, 1`, the inner for-loop will not terminate and do out-of-bound writes. This is because once `times[j] > new`, the value `new` will be added in the current position and the `times[j]` will be moved to `j+1` position, which makes the if-condition always hold. Meanwhile, idx will be added one, making the loop keep running without termination and out-of-bound write. 2. If none of the gts->itime_table[i].time_us is zero, the elements will just be copied without being sorted as described in the comment "Sort times from all tables to one and remove duplicates". For more details, please refer to https://lore.kernel.org/all/6dd0d822-046c-4dd2-9532-79d7ab96ec05@gmail.com. • https://git.kernel.org/stable/c/38416c28e16890b52fdd5eb73479299ec3f062f3 https://git.kernel.org/stable/c/31ff8464ef540785344994986a010031410f9ff3 https://git.kernel.org/stable/c/b5046de32fd1532c3f67065197fc1da82f0b5193 https://git.kernel.org/stable/c/5acc3f971a01be48d5ff4252d8f9cdb87998cdfb •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43824 – PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init()
https://notcve.org/view.php?id=CVE-2024-43824
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() Instead of getting the epc_features from pci_epc_get_features() API, use the cached pci_epf_test::epc_features value to avoid the NULL check. Since the NULL check is already performed in pci_epf_test_bind(), having one more check in pci_epf_test_core_init() is redundant and it is not possible to hit the NULL pointer dereference. Also with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier" flag"), 'epc_features' got dereferenced without the NULL check, leading to the following false positive Smatch warning: drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed 'epc_features' could be null (see line 747) Thus, remove the redundant NULL check and also use the epc_features:: {msix_capable/msi_capable} flags directly to avoid local variables. [kwilczynski: commit log] • https://git.kernel.org/stable/c/5e50ee27d4a52a817ab152128c48690ec7c5cdf1 https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80 https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43823 – PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()
https://notcve.org/view.php?id=CVE-2024-43823
In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() If IORESOURCE_MEM is not provided in Device Tree due to any error, resource_list_first_type() will return NULL and pci_parse_request_of_pci_ranges() will just emit a warning. This will cause a NULL pointer dereference. Fix this bug by adding NULL return check. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/0f71c60ffd26943fa9646aa73ad7889ace116ce2 https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506 https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23 https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597 https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43821 – scsi: lpfc: Fix a possible null pointer dereference
https://notcve.org/view.php?id=CVE-2024-43821
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix a possible null pointer dereference In function lpfc_xcvr_data_show, the memory allocation with kmalloc might fail, thereby making rdp_context a null pointer. In the following context and functions that use this pointer, there are dereferencing operations, leading to null pointer dereference. To fix this issue, a null pointer check should be added. If it is null, use scnprintf to notify the user and return len. • https://git.kernel.org/stable/c/479b0917e4477f49df2e3be454aac3cfa5dec171 https://git.kernel.org/stable/c/57600a7dd2b52c904f7c8d2cac0fd8c23868e680 https://git.kernel.org/stable/c/45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c https://git.kernel.org/stable/c/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa •