CVE-2024-46715 – driver: iio: add missing checks on iio_info's callback access
https://notcve.org/view.php?id=CVE-2024-46715
In the Linux kernel, the following vulnerability has been resolved: driver: iio: add missing checks on iio_info's callback access Some callbacks from iio_info structure are accessed without any check, so if a driver doesn't implement them trying to access the corresponding sysfs entries produce a kernel oops such as: [ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute [...] [ 2203.783416] Call trace: [ 2203.783429] iio_read_channel_info_avail from dev_attr_show+0x18/0x48 [ 2203.789807] dev_attr_show from sysfs_kf_seq_show+0x90/0x120 [ 2203.794181] sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4 [ 2203.798555] seq_read_iter from vfs_read+0x238/0x2a0 [ 2203.802236] vfs_read from ksys_read+0xa4/0xd4 [ 2203.805385] ksys_read from ret_fast_syscall+0x0/0x54 [ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0) [ 2203.812880] dfa0: 00000003 b6f10f80 00000003 b6eab000 00020000 00000000 [ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000 [ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0 [ 2203.830363] Code: bad PC value [ 2203.832695] ---[ end trace 0000000000000000 ]--- • https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70 https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1 https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 •
CVE-2024-46714 – drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
https://notcve.org/view.php?id=CVE-2024-46714
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Callers can pass null in filter (i.e. from returned from the function wbscl_get_filter_coeffs_16p) and a null check is added to ensure that is not the case. This fixes 4 NULL_RETURNS issues reported by Coverity. • https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b https://git.kernel.org/stable/c/c083c8be6bdd046049884bec076660d4ec9a19ca https://git.kernel.org/stable/c/6d94c05a13fadd80c3e732f14c83b2632ebfaa50 https://git.kernel.org/stable/c/1726914cb17cedab233820d26b86764dc08857b4 https://git.kernel.org/stable/c/e3a95f29647ae45d1ec9541cd7df64f40bf2120a https://git.kernel.org/stable/c/54834585e91cab13e9f82d3a811deb212a4df786 https://git.kernel.org/stable/c/c4d31653c03b90e51515b1380115d1aedad925dd •
CVE-2024-46713 – perf/aux: Fix AUX buffer serialization
https://notcve.org/view.php?id=CVE-2024-46713
In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment the perf_event::mmap_mutex order was already wrong, that is, it nesting under mmap_lock is not new with this patch. • https://git.kernel.org/stable/c/45bfb2e50471abbbfd83d40d28c986078b0d24ff https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82 https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370 https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a •
CVE-2024-46711 – mptcp: pm: fix ID 0 endp usage after multiple re-creations
https://notcve.org/view.php?id=CVE-2024-46711
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix ID 0 endp usage after multiple re-creations 'local_addr_used' and 'add_addr_accepted' are decremented for addresses not related to the initial subflow (ID0), because the source and destination addresses of the initial subflows are known from the beginning: they don't count as "additional local address being used" or "ADD_ADDR being accepted". It is then required not to increment them when the entrypoint used by the initial subflow is removed and re-added during a connection. Without this modification, this entrypoint cannot be removed and re-added more than once. • https://git.kernel.org/stable/c/3ad14f54bd7448384458e69f0183843f683ecce8 https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044 •
CVE-2024-46710 – drm/vmwgfx: Prevent unmapping active read buffers
https://notcve.org/view.php?id=CVE-2024-46710
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers The kms paths keep a persistent map active to read and compare the cursor buffer. These maps can race with each other in simple scenario where: a) buffer "a" mapped for update b) buffer "a" mapped for compare c) do the compare d) unmap "a" for compare e) update the cursor f) unmap "a" for update At step "e" the buffer has been unmapped and the read contents is bogus. Prevent unmapping of active read buffers by simply keeping a count of how many paths have currently active maps and unmap only when the count reaches 0. • https://git.kernel.org/stable/c/485d98d472d53f9617ffdfba5e677ac29ad4fe20 https://git.kernel.org/stable/c/58a3714db4d9dcaeb9fc4905141e17b9f536c0a5 https://git.kernel.org/stable/c/0851b1ec650adadcaa23ec96daad95a55bf966f0 https://git.kernel.org/stable/c/d5228d158e4c0b1663b3983044913c15c3d0135e https://git.kernel.org/stable/c/aba07b9a0587f50e5d3346eaa19019cf3f86c0ea •