CVE-2024-46737 – nvmet-tcp: fix kernel crash if commands allocation fails
https://notcve.org/view.php?id=CVE-2024-46737
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds() the kernel crashes in nvmet_tcp_release_queue_work() because of a NULL pointer dereference. nvmet: failed to install queue 0 cntlid 1 ret 6 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Fix the bug by setting queue->nr_cmds to zero in case nvmet_tcp_alloc_cmd() fails. • https://git.kernel.org/stable/c/872d26a391da92ed8f0c0f5cb5fef428067b7f30 https://git.kernel.org/stable/c/03e1fd0327fa5e2174567f5fe9290fe21d21b8f4 https://git.kernel.org/stable/c/50632b877ce55356f5d276b9add289b1e7ddc683 https://git.kernel.org/stable/c/91dad30c5607e62864f888e735d0965567827bdf https://git.kernel.org/stable/c/7957c731fc2b23312f8935812dee5a0b14b04e2d https://git.kernel.org/stable/c/489f2913a63f528cfe3f21722583fb981967ecda https://git.kernel.org/stable/c/6c04d1e3ab22cc5394ef656429638a5947f87244 https://git.kernel.org/stable/c/5572a55a6f830ee3f3a994b6b962a5c32 •
CVE-2024-46733 – btrfs: fix qgroup reserve leaks in cow_file_range
https://notcve.org/view.php?id=CVE-2024-46733
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix qgroup reserve leaks in cow_file_range In the buffered write path, the dirty page owns the qgroup reserve until it creates an ordered_extent. Therefore, any errors that occur before the ordered_extent is created must free that reservation, or else the space is leaked. The fstest generic/475 exercises various IO error paths, and is able to trigger errors in cow_file_range where we fail to get to allocating the ordered extent. Note that because we *do* clear delalloc, we are likely to remove the inode from the delalloc list, so the inodes/pages to not have invalidate/launder called on them in the commit abort path. This results in failures at the unmount stage of the test that look like: BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672 ------------[ cut here ]------------ WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs] Modules linked in: btrfs blake2b_generic libcrc32c xor zstd_compress raid6_pq CPU: 3 PID: 22588 Comm: umount Kdump: loaded Tainted: G W 6.10.0-rc7-gab56fde445b8 #21 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 RIP: 0010:close_ctree+0x222/0x4d0 [btrfs] RSP: 0018:ffffb4465283be00 EFLAGS: 00010202 RAX: 0000000000000001 RBX: ffffa1a1818e1000 RCX: 0000000000000001 RDX: 0000000000000000 RSI: ffffb4465283bbe0 RDI: ffffa1a19374fcb8 RBP: ffffa1a1818e13c0 R08: 0000000100028b16 R09: 0000000000000000 R10: 0000000000000003 R11: 0000000000000003 R12: ffffa1a18ad7972c R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f9168312b80(0000) GS:ffffa1a4afcc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f91683c9140 CR3: 000000010acaa000 CR4: 00000000000006f0 Call Trace: <TASK> ? close_ctree+0x222/0x4d0 [btrfs] ? __warn.cold+0x8e/0xea ? • https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f https://git.kernel.org/stable/c/30479f31d44d47ed00ae0c7453d9b253537005b2 •
CVE-2024-46732 – drm/amd/display: Assign linear_pitch_alignment even for VM
https://notcve.org/view.php?id=CVE-2024-46732
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linear_pitch_alignment even for VM [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments • https://git.kernel.org/stable/c/4bd7710f2fecfc5fb2dda1ca2adc69db8a66b8b6 https://git.kernel.org/stable/c/d219f902b16d42f0cb8c499ea8f31cf3c0f36349 https://git.kernel.org/stable/c/d2fe7ac613a1ea8c346c9f5c89dc6ecc27232997 https://git.kernel.org/stable/c/c44b568931d23aed9d37ecbb31fb5fbdd198bf7b https://git.kernel.org/stable/c/984debc133efa05e62f5aa1a7a1dd8ca0ef041f4 •
CVE-2024-46731 – drm/amd/pm: fix the Out-of-bounds read warning
https://notcve.org/view.php?id=CVE-2024-46731
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. • https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376 https://git.kernel.org/stable/c/3317966efcdc5101e93db21514b68917e7eb34ea https://git.kernel.org/stable/c/20c6373a6be93039f9d66029bb1e21038a060be1 https://git.kernel.org/stable/c/f1e261ced9bcad772a45a2fcdf413c3490e87299 https://git.kernel.org/stable/c/d83fb9f9f63e9a120bf405b078f829f0b2e58934 https://git.kernel.org/stable/c/12c6967428a099bbba9dfd247bb4322a984fcc0b •
CVE-2024-46730 – drm/amd/display: Ensure array index tg_inst won't be -1
https://notcve.org/view.php?id=CVE-2024-46730
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure array index tg_inst won't be -1 [WHY & HOW] tg_inst will be a negative if timing_generator_count equals 0, which should be checked before used. This fixes 2 OVERRUN issues reported by Coverity. • https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4 https://git.kernel.org/stable/c/687fe329f18ab0ab0496b20ed2cb003d4879d931 •