CVE-2024-36890

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/slab: make __free(kfree) acepta punteros de error Actualmente, si una asignación liberada automáticamente es un puntero de error que provocará un bloqueo. Un ejemplo de esto está en wm831x_gpio_dbg_show(). 171 caracteres *etiqueta __free(kfree) = gpiochip_dup_line_label(chip, i); 172 if (IS_ERR(etiqueta)) { 173 dev_err(wm831x->dev, "Error al duplicar la etiqueta
"); 174 continúan; 175 } La función de limpieza automática también debería comprobar si hay indicadores de error; de lo contrario, seguiremos teniendo problemas como este.

In the Linux kernel, the following vulnerability has been resolved: mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) = gpiochip_dup_line_label(chip, i); 172 if (IS_ERR(label)) { 173 dev_err(wm831x->dev, "Failed to duplicate label
"); 174 continue; 175 } The auto clean up function should check for error pointers as well, otherwise we're going to keep hitting issues like this.

Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.