CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42161 – bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
https://notcve.org/view.php?id=CVE-2024-42161
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as: [...] unsigned long long val; \ [...] \ switch (__CORE_RELO(s, field, BYTE_SIZE)) { \ case 1: val = *(const unsigned char *)p; break; \ case 2: val = *(const unsigned short *)p; break; \ case 4: val = *(const unsigned int *)p; break; \ case 8: val = *(const unsigned long long *)p; break; \ } \ [...] val; \ } \ This patch adds a default entry in the switch statement that sets `val' to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE. Tested in bpf-next master. No regressions. • https://git.kernel.org/stable/c/b694989bb13ed5f166e633faa1eb0f21c6d261a6 https://git.kernel.org/stable/c/3364c2ed1c241989847f19cf83e3db903ce689e3 https://git.kernel.org/stable/c/a21d76bd0b0d39518e9a4c19f6cf7c042a974aff https://git.kernel.org/stable/c/7e5471b5efebc30dd0bc035cda86693a5c73d45f https://git.kernel.org/stable/c/ff941a8449e712eaf7efca1a13bfb9afd3d99fc2 https://git.kernel.org/stable/c/009367099eb61a4fc2af44d4eb06b6b4de7de6db •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42160 – f2fs: check validation of fault attrs in f2fs_build_fault_attr()
https://notcve.org/view.php?id=CVE-2024-42160
In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fs_build_fault_attr() - It missed to check validation of fault attrs in parse_options(), let's fix to add check condition in f2fs_build_fault_attr(). - Use f2fs_build_fault_attr() in __sbi_store() to clean up code. • https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77 •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42159 – scsi: mpi3mr: Sanitise num_phys
https://notcve.org/view.php?id=CVE-2024-42159
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't be allowed. A vulnerability was found in the Linux kernel's mpi3mr driver in the mpi3mr_sas_port_add() function, where a lack of proper checks could lead to values that are larger than what the defined size of the num_phys field in the mr_sas_node structure being inserted, causing the field to be overwritten and potentially corrupting the structure. This issue could lead to memory corruption or crashes. • https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df https://git.kernel.org/stable/c/586b41060113ae43032ec6c4a16d518cef5da6e0 https://git.kernel.org/stable/c/c8707901b53a48106d7501bdbd0350cefaefa4cf https://git.kernel.org/stable/c/3668651def2c1622904e58b0280ee93121f2b10b https://access.redhat.com/security/cve/CVE-2024-42159 https://bugzilla.redhat.com/show_bug.cgi?id=2301530 • CWE-787: Out-of-bounds Write •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42153 – i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
https://notcve.org/view.php?id=CVE-2024-42153
In the Linux kernel, the following vulnerability has been resolved: i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr When del_timer_sync() is called in an interrupt context it throws a warning because of potential deadlock. The timer is used only to exit from wait_for_completion() after a timeout so replacing the call with wait_for_completion_timeout() allows to remove the problematic timer and its related functions altogether. • https://git.kernel.org/stable/c/41561f28e76a47dc6de0a954da85d0b5c42874eb https://git.kernel.org/stable/c/a349e5ab4dc9954746e836cd10b407ce48f9b2f6 https://git.kernel.org/stable/c/effe0500afda017a86c94482b1e36bc37586c9af https://git.kernel.org/stable/c/2849a1b747cf37aa5b684527104d3a53f1e296d2 https://git.kernel.org/stable/c/3503372d0bf7b324ec0bd6b90606703991426176 https://git.kernel.org/stable/c/3d32327f5cfc087ee3922a3bcdcc29880dcdb50f https://git.kernel.org/stable/c/92e494a7568b60ae80d57fc0deafcaf3a4029ab3 https://git.kernel.org/stable/c/27cd3873fa76ebeb9f948baae40cb9a6d •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42152 – nvmet: fix a possible leak when destroy a ctrl during qp establishment
https://notcve.org/view.php?id=CVE-2024-42152
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a possible leak when destroy a ctrl during qp establishment In nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we know that a ctrl was allocated (in the admin connect request handler) and we need to release pending AERs, clear ctrl->sqs and sq->ctrl (for nvme-loop primarily), and drop the final reference on the ctrl. However, a small window is possible where nvmet_sq_destroy starts (as a result of the client giving up and disconnecting) concurrently with the nvme admin connect cmd (which may be in an early stage). But *before* kill_and_confirm of sq->ref (i.e. the admin connect managed to get an sq live reference). In this case, sq->ctrl was allocated however after it was captured in a local variable in nvmet_sq_destroy. This prevented the final reference drop on the ctrl. Solve this by re-capturing the sq->ctrl after all inflight request has completed, where for sure sq->ctrl reference is final, and move forward based on that. This issue was observed in an environment with many hosts connecting multiple ctrls simoutanuosly, creating a delay in allocating a ctrl leading up to this race window. • https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa https://git.kernel.org/stable/c/b4fed1443a6571d49c6ffe7d97af3bbe5ee6dff5 https://git.kernel.org/stable/c/940a71f08ef153ef807f751310b0648d1fa5d0da https://git.kernel.org/stable/c/5502c1f1d0d7472706cc1f201aecf1c935d302d1 https://git.kernel.org/stable/c/818004f2a380420c19872171be716174d4985e33 https://git.kernel.org/stable/c/c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4 https://access.redhat.com/security/cve/CVE-2024-42152 https://bugzilla.redhat.com/show_bug.cgi?id=2301519 • CWE-404: Improper Resource Shutdown or Release •