CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50095 – RDMA/mad: Improve handling of timed out WRs of mad agent
https://notcve.org/view.php?id=CVE-2024-50095
In the Linux kernel, the following vulnerability has been resolved: RDMA/mad: Improve handling of timed out WRs of mad agent Current timeout handler of mad agent acquires/releases mad_agent_priv lock for every timed out WRs. This causes heavy locking contention when higher no. of WRs are to be handled inside timeout handler. This leads to softlockup with below trace in some use cases where rdma-cm path is used to establish connection between peer nodes Trace: ----- BUG: soft lockup - CPU#4 stuck for 26s! [kworker/u128:3:19767] CPU: 4 PID: 19767 Comm: kworker/u128:3 Kdump: loaded Tainted: G OE ------- --- 5.14.0-427.13.1.el9_4.x86_64 #1 Hardware name: Dell Inc. PowerEdge R740/01YM03, BIOS 2.4.8 11/26/2019 Workqueue: ib_mad1 timeout_sends [ib_core] RIP: 0010:__do_softirq+0x78/0x2ac RSP: 0018:ffffb253449e4f98 EFLAGS: 00000246 RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 000000000000001f RDX: 000000000000001d RSI: 000000003d1879ab RDI: fff363b66fd3a86b RBP: ffffb253604cbcd8 R08: 0000009065635f3b R09: 0000000000000000 R10: 0000000000000040 R11: ffffb253449e4ff8 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000040 FS: 0000000000000000(0000) GS:ffff8caa1fc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd9ec9db900 CR3: 0000000891934006 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> ? show_trace_log_lvl+0x1c4/0x2df ? • https://git.kernel.org/stable/c/713adaf0ecfc49405f6e5d9e409d984f628de818 https://git.kernel.org/stable/c/7022a517bf1ca37ef5a474365bcc5eafd345a13a https://git.kernel.org/stable/c/e80eadb3604a92d2d086e956b8b2692b699d4d0a https://git.kernel.org/stable/c/a195a42dd25ca4f12489687065d00be64939409f https://git.kernel.org/stable/c/3e799fa463508abe7a738ce5d0f62a8dfd05262a https://git.kernel.org/stable/c/2a777679b8ccd09a9a65ea0716ef10365179caac •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50093 – thermal: intel: int340x: processor: Fix warning during module unload
https://notcve.org/view.php?id=CVE-2024-50093
In the Linux kernel, the following vulnerability has been resolved: thermal: intel: int340x: processor: Fix warning during module unload The processor_thermal driver uses pcim_device_enable() to enable a PCI device, which means the device will be automatically disabled on driver detach. Thus there is no need to call pci_disable_device() again on it. With recent PCI device resource management improvements, e.g. commit f748a07a0b64 ("PCI: Remove legacy pcim_release()"), this problem is exposed and triggers the warining below. [ 224.010735] proc_thermal_pci 0000:00:04.0: disabling already-disabled device [ 224.010747] WARNING: CPU: 8 PID: 4442 at drivers/pci/pci.c:2250 pci_disable_device+0xe5/0x100 ... [ 224.010844] Call Trace: [ 224.010845] <TASK> [ 224.010847] ? show_regs+0x6d/0x80 [ 224.010851] ? __warn+0x8c/0x140 [ 224.010854] ? pci_disable_device+0xe5/0x100 [ 224.010856] ? • https://git.kernel.org/stable/c/acd65d5d1cf4a3324c8970ba74632abe069fe23e https://git.kernel.org/stable/c/8403021b6f32d68a7e3a6b8428ecaf5c153a9974 https://git.kernel.org/stable/c/b4ab78f4adeaf6c98be5d375518dd4fb666eac5e https://git.kernel.org/stable/c/dd64ea03375618684477f946be4f5e253f8676c2 https://git.kernel.org/stable/c/434525a864136c928b54fd2512b4c0167c207463 https://git.kernel.org/stable/c/99ca0b57e49fb73624eede1c4396d9e3d10ccf14 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50091 – dm vdo: don't refer to dedupe_context after releasing it
https://notcve.org/view.php?id=CVE-2024-50091
In the Linux kernel, the following vulnerability has been resolved: dm vdo: don't refer to dedupe_context after releasing it Clear the dedupe_context pointer in a data_vio whenever ownership of the context is lost, so that vdo can't examine it accidentally. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm vdo: no hacer referencia a dedupe_context después de liberarlo. Borre el puntero dedupe_context en un data_vio siempre que se pierda la propiedad del contexto, de modo que vdo no pueda examinarlo accidentalmente. • https://git.kernel.org/stable/c/63ef073084c67878d7a92e15ad055172da3f05a3 https://git.kernel.org/stable/c/0808ebf2f80b962e75741a41ced372a7116f1e26 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52920 – bpf: support non-r10 register spill/fill to/from stack in precision tracking
https://notcve.org/view.php?id=CVE-2023-52920
In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction (jump) history to record instructions that performed register spill/fill to/from stack, regardless if this was done through read-only r10 register, or any other register after copying r10 into it *and* potentially adjusting offset. To make this work reliably, we push extra per-instruction flags into instruction history, encoding stack slot index (spi) and stack frame number in extra 10 bit flags we take away from prev_idx in instruction history. We don't touch idx field for maximum performance, as it's checked most frequently during backtracking. This change removes basically the last remaining practical limitation of precision backtracking logic in BPF verifier. It fixes known deficiencies, but also opens up new opportunities to reduce number of verified states, explored in the subsequent patches. There are only three differences in selftests' BPF object files according to veristat, all in the positive direction (less states). File Program Insns (A) Insns (B) Insns (DIFF) States (A) States (B) States (DIFF) -------------------------------------- ------------- --------- --------- ------------- ---------- ---------- ------------- test_cls_redirect_dynptr.bpf.linked3.o cls_redirect 2987 2864 -123 (-4.12%) 240 231 -9 (-3.75%) xdp_synproxy_kern.bpf.linked3.o syncookie_tc 82848 82661 -187 (-0.23%) 5107 5073 -34 (-0.67%) xdp_synproxy_kern.bpf.linked3.o syncookie_xdp 85116 84964 -152 (-0.18%) 5162 5130 -32 (-0.62%) Note, I avoided renaming jmp_history to more generic insn_hist to minimize number of lines changed and potential merge conflicts between bpf and bpf-next trees. Notice also cur_hist_entry pointer reset to NULL at the beginning of instruction verification loop. This pointer avoids the problem of relying on last jump history entry's insn_idx to determine whether we already have entry for current instruction or not. It can happen that we added jump history entry because current instruction is_jmp_point(), but also we need to add instruction flags for stack access. • https://git.kernel.org/stable/c/ecc2aeeaa08a355d84d3ca9c3d2512399a194f29 https://git.kernel.org/stable/c/41f6f64e6999a837048b1bd13a2f8742964eca6b •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50088 – btrfs: fix uninitialized pointer free in add_inode_ref()
https://notcve.org/view.php?id=CVE-2024-50088
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free in add_inode_ref() The add_inode_ref() function does not initialize the "name" struct when it is declared. If any of the following calls to "read_one_inode() returns NULL, dir = read_one_inode(root, parent_objectid); if (!dir) { ret = -ENOENT; goto out; } inode = read_one_inode(root, inode_objectid); if (!inode) { ret = -EIO; goto out; } then "name.name" would be freed on "out" before being initialized. out: ... kfree(name.name); This issue was reported by Coverity with CID 1526744. • https://git.kernel.org/stable/c/1cf474cd474bc5d3ef63086ffd009a87a5b7bb2e https://git.kernel.org/stable/c/e43eec81c5167b655b72c781b0e75e62a05e415e https://git.kernel.org/stable/c/12cf028381aa19bc38465341512c280256e8d82d https://git.kernel.org/stable/c/e11ce03b58743bf1e096c48fcaa7e6f08eb75dfa https://git.kernel.org/stable/c/a941f3d5b1469c60a7e70e775584f110b47e0d16 https://git.kernel.org/stable/c/66691c6e2f18d2aa4b22ffb624b9bdc97e9979e4 •