CVE-2024-35846

En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mm: zswap: corrige el bloqueo NULL del reductor con cgroup_disable=memory. Christian informa una deref NULL en zswap que dividió en dos hasta el reductor zswap. El problema también surgió en los rastreadores de errores de libguestfs [1] y Red Hat bugzilla [2]. El problema es que cuando memcg está deshabilitado con el indicador de tiempo de arranque, es posible que se llame al reductor zswap con sc->memcg == NULL. Esto está bien en muchos lugares, como en las operaciones de lruvec. Pero fallo en memcg_page_state(), que para empezar solo se usa debido a la contabilidad sin nodos de la memoria zswap de cgroup. Nhat detectó que memcg puede ser NULL en el caso de que memcg esté deshabilitado y luego también pude reproducir el fallo localmente. [1] https://github.com/libguestfs/libguestfs/issues/139 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252

In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat bugzilla [2]. The problem is that when memcg is disabled with the boot time flag, the zswap shrinker might get called with sc->memcg == NULL. This is okay in many places, like the lruvec operations. But it crashes in memcg_page_state() - which is only used due to the non-node accounting of cgroup's the zswap memory to begin with. Nhat spotted that the memcg can be NULL in the memcg-disabled case, and I was then able to reproduce the crash locally as well. [1] https://github.com/libguestfs/libguestfs/issues/139 [2] https://bugzilla.redhat.com/show_bug.cgi?id=2275252

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.