CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56630 – ocfs2: free inode when ocfs2_get_init_inode() fails
https://notcve.org/view.php?id=CVE-2024-56630
In the Linux kernel, the following vulnerability has been resolved: ocfs2: free inode when ocfs2_get_init_inode() fails syzbot is reporting busy inodes after unmount, for commit 9c89fe0af826 ("ocfs2: Handle error from dquot_initialize()") forgot to call iput() when new_inode() succeeded and dquot_initialize() failed. • https://git.kernel.org/stable/c/9c89fe0af826bfff36d8019ea6fd78db09b3c478 https://git.kernel.org/stable/c/911fcc95b530615b484e8920741fc5e4bc4e684a https://git.kernel.org/stable/c/9c19ea59965ebb482e227532f7bbb01792fb028c https://git.kernel.org/stable/c/c5327720a4655303ffa3f632d86ee205dd783f32 https://git.kernel.org/stable/c/67c2c6d0564ca05348ba4f8f6eaf7a0713f56c15 https://git.kernel.org/stable/c/a84d507d3290aca249b44ae992af9e10590cc5f6 https://git.kernel.org/stable/c/03db61c43c8e2729896fda6b9a95c7fb5c875c20 https://git.kernel.org/stable/c/965b5dd1894f4525f38c1b5f99b0106a0 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56629 – HID: wacom: fix when get product name maybe null pointer
https://notcve.org/view.php?id=CVE-2024-56629
In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev->product reporting by certain devices, null pointer dereferences occur when dev->product is empty, leading to potential system crashes. This issue was found on EXCELSIOR DL37-D05 device with Loongson-LS3A6000-7A2000-DL37 motherboard. Kernel logs: [ 56.470885] usb 4-3: new full-speed USB device number 4 using ohci-pci [ 56.671638] usb 4-3: string descriptor 0 read error: -22 [ 56.671644] usb 4-3: New USB device found, idVendor=056a, idProduct=0374, bcdDevice= 1.07 [ 56.671647] usb 4-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.678839] hid-generic 0003:056A:0374.0004: hiddev0,hidraw3: USB HID v1.10 Device [HID 056a:0374] on usb-0000:00:05.0-3/input0 [ 56.697719] CPU 2 Unable to handle kernel paging request at virtual address 0000000000000000, era == 90000000066e35c8, ra == ffff800004f98a80 [ 56.697732] Oops[#1]: [ 56.697734] CPU: 2 PID: 2742 Comm: (udev-worker) Tainted: G OE 6.6.0-loong64-desktop #25.00.2000.015 [ 56.697737] Hardware name: Inspur CE520L2/C09901N000000000, BIOS 2.09.00 10/11/2024 [ 56.697739] pc 90000000066e35c8 ra ffff800004f98a80 tp 9000000125478000 sp 900000012547b8a0 [ 56.697741] a0 0000000000000000 a1 ffff800004818b28 a2 0000000000000000 a3 0000000000000000 [ 56.697743] a4 900000012547b8f0 a5 0000000000000000 a6 0000000000000000 a7 0000000000000000 [ 56.697745] t0 ffff800004818b2d t1 0000000000000000 t2 0000000000000003 t3 0000000000000005 [ 56.697747] t4 0000000000000000 t5 0000000000000000 t6 0000000000000000 t7 0000000000000000 [ 56.697748] t8 0000000000000000 u0 0000000000000000 s9 0000000000000000 s0 900000011aa48028 [ 56.697750] s1 0000000000000000 s2 0000000000000000 s3 ffff800004818e80 s4 ffff800004810000 [ 56.697751] s5 90000001000b98d0 s6 ffff800004811f88 s7 ffff800005470440 s8 0000000000000000 [ 56.697753] ra: ffff800004f98a80 wacom_update_name+0xe0/0x300 [wacom] [ 56.697802] ERA: 90000000066e35c8 strstr+0x28/0x120 [ 56.697806] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 56.697816] PRMD: 0000000c (PPLV0 +PIE +PWE) [ 56.697821] EUEN: 00000000 (-FPE -SXE -ASXE -BTE) [ 56.697827] ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7) [ 56.697831] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 56.697835] BADV: 0000000000000000 [ 56.697836] PRID: 0014d000 (Loongson-64bit, Loongson-3A6000) [ 56.697838] Modules linked in: wacom(+) bnep bluetooth rfkill qrtr nls_iso8859_1 nls_cp437 snd_hda_codec_conexant snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore input_leds mousedev led_class joydev deepin_netmonitor(OE) fuse nfnetlink dmi_sysfs ip_tables x_tables overlay amdgpu amdxcp drm_exec gpu_sched drm_buddy radeon drm_suballoc_helper i2c_algo_bit drm_ttm_helper r8169 ttm drm_display_helper spi_loongson_pci xhci_pci cec xhci_pci_renesas spi_loongson_core hid_generic realtek gpio_loongson_64bit [ 56.697887] Process (udev-worker) (pid: 2742, threadinfo=00000000aee0d8b4, task=00000000a9eff1f3) [ 56.697890] Stack : 0000000000000000 ffff800004817e00 0000000000000000 0000251c00000000 [ 56.697896] 0000000000000000 00000011fffffffd 0000000000000000 0000000000000000 [ 56.697901] 0000000000000000 1b67a968695184b9 0000000000000000 90000001000b98d0 [ 56.697906] 90000001000bb8d0 900000011aa48028 0000000000000000 ffff800004f9d74c [ 56.697911] 90000001000ba000 ffff800004f9ce58 0000000000000000 ffff800005470440 [ 56.697916] ffff800004811f88 90000001000b98d0 9000000100da2aa8 90000001000bb8d0 [ 56.697921] 0000000000000000 90000001000ba000 900000011aa48028 ffff800004f9d74c [ 56.697926] ffff8000054704e8 90000001000bb8b8 90000001000ba000 0000000000000000 [ 56.697931] 90000001000bb8d0 ---truncated--- • https://git.kernel.org/stable/c/09dc28acaec74d7467c7c9b81dc8676e5bc957ce https://git.kernel.org/stable/c/d031eef3cc2e3bf524509e38fb898e5335c85c96 https://git.kernel.org/stable/c/5912a921289edb34d40aeab32ea6d52d41e75fed https://git.kernel.org/stable/c/2ed3e3a3ac06af8a6391c3d6a7791b7967d7d43a https://git.kernel.org/stable/c/2cd323c55bd3f356bf23ae1b4c20100abcdc29d6 https://git.kernel.org/stable/c/a7f0509556fa2f9789639dbcee9eed46e471ccef https://git.kernel.org/stable/c/e689bc6697a7fcebd4a945ab0b1e1112c76024d8 https://git.kernel.org/stable/c/59548215b76be98cf3422eea9a67d6ea5 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56627 – ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
https://notcve.org/view.php?id=CVE-2024-56627
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read An offset from client could be a negative value, It could lead to an out-of-bounds read from the stream_buf. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf. • https://git.kernel.org/stable/c/de4d790dcf53be41736239d7ee63849a16ff5d10 https://git.kernel.org/stable/c/27de4295522e9a33e4a3fc72f7b8193df9eebe41 https://git.kernel.org/stable/c/81eed631935f2c52cdaf6691c6d48e0b06e8ad73 https://git.kernel.org/stable/c/fc342cf86e2dc4d2edb0fc2ff5e28b6c7845adb9 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56626 – ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
https://notcve.org/view.php?id=CVE-2024-56626
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write An offset from client could be a negative value, It could allows to write data outside the bounds of the allocated buffer. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf. • https://git.kernel.org/stable/c/8cd7490fc0f268883e86e840cda5311257af69ca https://git.kernel.org/stable/c/164d3597d26d9acff5d5b8bc3208bdcca942dd6a https://git.kernel.org/stable/c/c5797f195c67132d061d29c57a7c6d30530686f0 https://git.kernel.org/stable/c/313dab082289e460391c82d855430ec8a28ddf81 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56623 – scsi: qla2xxx: Fix use after free on unload
https://notcve.org/view.php?id=CVE-2024-56623
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNLOADING flag and kthread_stop). On setting the UNLOADING flag when dpc_thread happens to run at the time and sees the flag, this causes dpc_thread to exit and clean up itself. When kthread_stop is called for final cleanup, this causes use after free. Remove UNLOADING signal to terminate dpc_thread. Use the kthread_stop as the main signal to exit dpc_thread. [596663.812935] kernel BUG at mm/slub.c:294! [596663.812950] invalid opcode: 0000 [#1] SMP PTI [596663.812957] CPU: 13 PID: 1475935 Comm: rmmod Kdump: loaded Tainted: G IOE --------- - - 4.18.0-240.el8.x86_64 #1 [596663.812960] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012 [596663.812974] RIP: 0010:__slab_free+0x17d/0x360 ... [596663.813008] Call Trace: [596663.813022] ? • https://git.kernel.org/stable/c/12f04fc8580eafb0510f805749553eb6213f323e https://git.kernel.org/stable/c/ca36d9d53745d5ec8946ef85006d4da605ea7c54 https://git.kernel.org/stable/c/b3e6f25176f248762a24d25ab8cf8c5e90874f80 https://git.kernel.org/stable/c/15369e774f27ec790f207de87c0b541e3f90b22d https://git.kernel.org/stable/c/6abf16d3c915b2feb68c1c8b25fcb71b13f98478 https://git.kernel.org/stable/c/07c903db0a2ff84b68efa1a74a4de353ea591eb0 •