CVE-2023-52433 – netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
https://notcve.org/view.php?id=CVE-2023-52433
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path might walk over an already released object. Once transaction is finished, async GC will collect such expired element. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nft_set_rbtree: omitir sincronización GC para nuevos elementos en esta transacción los nuevos elementos en esta transacción pueden caducar antes de que finalice dicha transacción. Omita la sincronización del GC para dichos elementos; de lo contrario, la ruta de confirmación podría pasar por encima de un objeto ya liberado. • https://git.kernel.org/stable/c/f6c383b8c31a93752a52697f8430a71dcbc46adf https://git.kernel.org/stable/c/e4d71d6a9c7db93f7bf20c3a0f0659d63d7de681 https://git.kernel.org/stable/c/e3213ff99a355cda811b41e8dbb3472d13167a3a https://git.kernel.org/stable/c/2ee52ae94baabf7ee09cf2a8d854b990dac5d0e4 https://git.kernel.org/stable/c/9db9feb841f7449772f9393c16b9ef4536d8c127 https://git.kernel.org/stable/c/03caf75da1059f0460666c826e9f50e13dfd0017 https://git.kernel.org/stable/c/c323ed65f66e5387ee0a73452118d49f1dae81b8 https://git.kernel.org/stable/c/9af7dfb3c9d7985172a240f85e684c5cd • CWE-273: Improper Check for Dropped Privileges •
CVE-2023-52429
https://notcve.org/view.php?id=CVE-2023-52429
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count. dm_table_create en drivers/md/dm-table.c en el kernel de Linux hasta 6.7.4 puede intentar (en alloc_targets) asignar más de INT_MAX bytes y fallar debido a que falta una verificación de la estructura dm_ioctl.target_count. • https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bd504bcfec41a503b32054da5472904b404341a4 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK https://www.spinics.net/lis • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2024-25740
https://notcve.org/view.php?id=CVE-2024-25740
A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released. Se encontró una falla de pérdida de memoria en el controlador UBI en drivers/mtd/ubi/attach.c en el kernel de Linux hasta 6.7.4 para UBI_IOCATT, porque kobj->name no está publicado. • https://lore.kernel.org/lkml/0171b6cc-95ee-3538-913b-65a391a446b3%40huawei.com/T • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2024-25739 – kernel: crash due to a missing check for leb_size
https://notcve.org/view.php?id=CVE-2024-25739
create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. create_empty_lvol en drivers/mtd/ubi/vtbl.c en el kernel de Linux hasta 6.7.4 puede intentar asignar cero bytes y fallar debido a que falta una verificación de ubi->leb_size. A flaw was found in the Linux kernel. The create_empty_lvol function in the drivers/mtd/ubi/vtbl.c file can attempt to allocate zero bytes of memory when the LEB size is smaller than a single volume table record. This issue can result in a denial of service. • https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9 https://groups.google.com/g/syzkaller/c/Xl97YcQA4hg https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://www.spinics.net/lists/kernel/msg5074816.html https://access.redhat.com/security/cve/CVE-2024-25739 https://bugzilla.redhat.com/show_bug.cgi?id=2263879 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2024-1312 – Kernel: race condition leads to use after free during vma lock in lock_vma_under_rcu
https://notcve.org/view.php?id=CVE-2024-1312
A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system. Se encontró una falla de use-after-free en el subsistema de administración de memoria del kernel de Linux cuando un usuario gana dos carreras al mismo tiempo con una falla en la función mas_prev_slot. Este problema podría permitir que un usuario local bloquee el sistema. • https://access.redhat.com/security/cve/CVE-2024-1312 https://bugzilla.redhat.com/show_bug.cgi?id=2225569 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mm/memory.c?h=v6.8-rc3&id=657b5146955eba331e01b9a6ae89ce2e716ba306 • CWE-416: Use After Free •