CVE-2024-46760 – wifi: rtw88: usb: schedule rx work after everything is set up
https://notcve.org/view.php?id=CVE-2024-46760
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: schedule rx work after everything is set up Right now it's possible to hit NULL pointer dereference in rtw_rx_fill_rx_status on hw object and/or its fields because initialization routine can start getting USB replies before rtw_dev is fully setup. The stack trace looks like this: rtw_rx_fill_rx_status rtw8821c_query_rx_desc rtw_usb_rx_handler ... queue_work rtw_usb_read_port_complete ... usb_submit_urb rtw_usb_rx_resubmit rtw_usb_init_rx rtw_usb_probe So while we do the async stuff rtw_usb_probe continues and calls rtw_register_hw, which does all kinds of initialization (e.g. via ieee80211_register_hw) that rtw_rx_fill_rx_status relies on. Fix this by moving the first usb_submit_urb after everything is set up. For me, this bug manifested as: [ 8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped [ 8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status because I'm using Larry's backport of rtw88 driver with the NULL checks in rtw_rx_fill_rx_status. • https://git.kernel.org/stable/c/c83d464b82a8ad62ec9077637f75d73fe955635a https://git.kernel.org/stable/c/25eaef533bf3ccc6fee5067aac16f41f280e343e https://git.kernel.org/stable/c/adc539784c98a7cc602cbf557debfc2e7b9be8b3 •
CVE-2024-46759 – hwmon: (adc128d818) Fix underflows seen when writing limit attributes
https://notcve.org/view.php?id=CVE-2024-46759
In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. • https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777 https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426 https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38 https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc0029 •
CVE-2024-46758 – hwmon: (lm95234) Fix underflows seen when writing limit attributes
https://notcve.org/view.php?id=CVE-2024-46758
In the Linux kernel, the following vulnerability has been resolved: hwmon: (lm95234) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. • https://git.kernel.org/stable/c/93f0f5721d0cca45dac50af1ae6f9a9826c699fd https://git.kernel.org/stable/c/438453dfbbdcf4be26891492644aa3ecbb42c336 https://git.kernel.org/stable/c/59c1fb9874a01c9abc49a0a32f192a7e7b4e2650 https://git.kernel.org/stable/c/0fc27747633aa419f9af40e7bdfa00d2ec94ea81 https://git.kernel.org/stable/c/da765bebd90e1b92bdbc3c6a27a3f3cc81529ab6 https://git.kernel.org/stable/c/46e4fd338d5bdbaf60e41cda625b24949d2af201 https://git.kernel.org/stable/c/16f42953231be1e7be77bc24005270d9e0d9d2ee https://git.kernel.org/stable/c/af64e3e1537896337405f880c1e9ac1f8 •
CVE-2024-46757 – hwmon: (nct6775-core) Fix underflows seen when writing limit attributes
https://notcve.org/view.php?id=CVE-2024-46757
In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. • https://git.kernel.org/stable/c/298a55f11edd811f2189b74eb8f53dee34d4f14c https://git.kernel.org/stable/c/d6035c55fa9afefc23f85f57eff1d4a1d82c5b10 https://git.kernel.org/stable/c/8a1e958e26640ce015abdbb75c8896301b9bf398 https://git.kernel.org/stable/c/02bb3b4c7d5695ff4be01e0f55676bba49df435e https://git.kernel.org/stable/c/0c23e18cef20b989a9fd7cb0a745e1259b969159 https://git.kernel.org/stable/c/2f695544084a559f181cafdfd3f864c5ff9dd1db https://git.kernel.org/stable/c/996221b030995cc5f5baa4a642201d64b62a17cd https://git.kernel.org/stable/c/0403e10bf0824bf0ec2bb135d4cf1c0cc •
CVE-2024-46756 – hwmon: (w83627ehf) Fix underflows seen when writing limit attributes
https://notcve.org/view.php?id=CVE-2024-46756
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. • https://git.kernel.org/stable/c/93cf73a7bfdce683bde3a7bb65f270d3bd24497b https://git.kernel.org/stable/c/77ab0fd231c4ca873ec6908e761970360acc6df2 https://git.kernel.org/stable/c/56cfdeb2c77291f0b5e4592731adfb6ca8fc7c24 https://git.kernel.org/stable/c/cc4be794c8d8c253770103e097ab9dbdb5f99ae1 https://git.kernel.org/stable/c/d92f0baf99a7e327dcceab37cce57c38aab1f691 https://git.kernel.org/stable/c/8fecb75bff1b7d87a071c32a37aa0700f2be379d https://git.kernel.org/stable/c/26825b62bd1bd3e53b4f44e0745cb516d5186343 https://git.kernel.org/stable/c/5c1de37969b7bc0abcb20b86e91e70cae •