Action not permitted
Modal body text goes here.
Modal Title
Modal Body
wid-sec-w-2024-3367
Vulnerability from csaf_certbund
Published
2024-11-06 23:00
Modified
2024-11-17 23:00
Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder nicht näher beschriebene Auswirkungen zu erzielen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder nicht n\u00e4her beschriebene Auswirkungen zu erzielen.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-3367 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3367.json" }, { "category": "self", "summary": "WID-SEC-2024-3367 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3367" }, { "category": "external", "summary": "Kernel CVE Announce Mailingliste", "url": "https://lore.kernel.org/linux-cve-announce/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50142", "url": "https://lore.kernel.org/linux-cve-announce/2024110743-CVE-2024-50142-e0dc@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50143", "url": "https://lore.kernel.org/linux-cve-announce/2024110743-CVE-2024-50143-4678@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50144", "url": "https://lore.kernel.org/linux-cve-announce/2024110743-CVE-2024-50144-973b@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50145", "url": "https://lore.kernel.org/linux-cve-announce/2024110744-CVE-2024-50145-10b6@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50146", "url": "https://lore.kernel.org/linux-cve-announce/2024110744-CVE-2024-50146-964d@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50147", "url": "https://lore.kernel.org/linux-cve-announce/2024110744-CVE-2024-50147-d5b6@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50148", "url": "https://lore.kernel.org/linux-cve-announce/2024110744-CVE-2024-50148-b75c@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50155", "url": "https://lore.kernel.org/linux-cve-announce/2024110746-CVE-2024-50155-f220@gregkh/#u" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50156", "url": "https://lore.kernel.org/linux-cve-announce/2024110746-CVE-2024-50156-6878@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50157", "url": "https://lore.kernel.org/linux-cve-announce/2024110746-CVE-2024-50157-5d80@gregkh/#u" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50158", "url": "https://lore.kernel.org/linux-cve-announce/2024110746-CVE-2024-50158-96bf@gregkh/#u" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50159", "url": "https://lore.kernel.org/linux-cve-announce/2024110747-CVE-2024-50159-3dec@gregkh/#u" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50160", "url": "https://lore.kernel.org/linux-cve-announce/2024110747-CVE-2024-50160-d61e@gregkh/#u" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50161", "url": "https://lore.kernel.org/linux-cve-announce/2024110747-CVE-2024-50161-1313@gregkh/#u" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50162", "url": "https://lore.kernel.org/linux-cve-announce/2024110747-CVE-2024-50162-474e@gregkh/#u" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50163", "url": "https://lore.kernel.org/linux-cve-announce/2024110747-CVE-2024-50163-6769@gregkh/#u" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50164", "url": "https://lore.kernel.org/linux-cve-announce/2024110748-CVE-2024-50164-b109@gregkh/#u" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50165", "url": "https://lore.kernel.org/linux-cve-announce/2024110748-CVE-2024-50165-5e80@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50166", "url": "https://lore.kernel.org/linux-cve-announce/2024110748-CVE-2024-50166-7fde@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50167", "url": "https://lore.kernel.org/linux-cve-announce/2024110748-CVE-2024-50167-c275@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50168", "url": "https://lore.kernel.org/linux-cve-announce/2024110748-CVE-2024-50168-60c2@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50169", "url": "https://lore.kernel.org/linux-cve-announce/2024110749-CVE-2024-50169-9df5@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50170", "url": "https://lore.kernel.org/linux-cve-announce/2024110749-CVE-2024-50170-05db@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50171", "url": "https://lore.kernel.org/linux-cve-announce/2024110749-CVE-2024-50171-38cb@gregkh/" }, { "category": "external", "summary": "Linux Kernel CVE Announcement CVE-2024-50172", "url": "https://lore.kernel.org/linux-cve-announce/2024110749-CVE-2024-50172-6cd4@gregkh/#u" }, { "category": "external", "summary": "openSUSE Security Update OPENSUSE-SU-2024:14500-1 vom 2024-11-16", "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2NO44GTYBSPPWKFDREFWHITK4XKTNVLP/" } ], "source_lang": "en-US", "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service", "tracking": { "current_release_date": "2024-11-17T23:00:00.000+00:00", "generator": { "date": "2024-11-18T09:04:53.340+00:00", "engine": { "name": "BSI-WID", "version": "1.3.8" } }, "id": "WID-SEC-W-2024-3367", "initial_release_date": "2024-11-06T23:00:00.000+00:00", "revision_history": [ { "date": "2024-11-06T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-11-17T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von openSUSE aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Open Source Linux Kernel", "product": { "name": "Open Source Linux Kernel", "product_id": "T008144", "product_identification_helper": { "cpe": "cpe:/a:linux:linux_kernel:-" } } } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "SUSE openSUSE", "product": { "name": "SUSE openSUSE", "product_id": "T027843", "product_identification_helper": { "cpe": "cpe:/o:suse:opensuse:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-50142", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50142" }, { "cve": "CVE-2024-50143", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50143" }, { "cve": "CVE-2024-50144", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50144" }, { "cve": "CVE-2024-50145", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50145" }, { "cve": "CVE-2024-50146", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50146" }, { "cve": "CVE-2024-50147", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50147" }, { "cve": "CVE-2024-50148", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50148" }, { "cve": "CVE-2024-50155", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50155" }, { "cve": "CVE-2024-50156", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50156" }, { "cve": "CVE-2024-50157", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50157" }, { "cve": "CVE-2024-50158", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50158" }, { "cve": "CVE-2024-50159", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50159" }, { "cve": "CVE-2024-50160", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50160" }, { "cve": "CVE-2024-50161", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50161" }, { "cve": "CVE-2024-50162", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50162" }, { "cve": "CVE-2024-50163", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50163" }, { "cve": "CVE-2024-50164", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50164" }, { "cve": "CVE-2024-50165", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50165" }, { "cve": "CVE-2024-50166", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50166" }, { "cve": "CVE-2024-50167", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50167" }, { "cve": "CVE-2024-50168", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50168" }, { "cve": "CVE-2024-50169", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50169" }, { "cve": "CVE-2024-50170", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50170" }, { "cve": "CVE-2024-50171", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50171" }, { "cve": "CVE-2024-50172", "notes": [ { "category": "description", "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten, wie z.B. Bluetooth, pbf, net und anderen. Ein Angreifer kann dadurch einen Denial of Service Zustand oder nicht n\u00e4her bekannte Auswirkungen erzielen." } ], "product_status": { "known_affected": [ "T027843", "T008144" ] }, "release_date": "2024-11-06T23:00:00.000+00:00", "title": "CVE-2024-50172" } ] }
cve-2024-50163
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
The bpf_redirect_info is shared between the SKB and XDP redirect paths,
and the two paths use the same numeric flag values in the ri->flags
field (specifically, BPF_F_BROADCAST == BPF_F_NEXTHOP). This means that
if skb bpf_redirect_neigh() is used with a non-NULL params argument and,
subsequently, an XDP redirect is performed using the same
bpf_redirect_info struct, the XDP path will get confused and end up
crashing, which syzbot managed to trigger.
With the stack-allocated bpf_redirect_info, the structure is no longer
shared between the SKB and XDP paths, so the crash doesn't happen
anymore. However, different code paths using identically-numbered flag
values in the same struct field still seems like a bit of a mess, so
this patch cleans that up by moving the flag definitions together and
redefining the three flags in BPF_F_REDIRECT_INTERNAL to not overlap
with the flags used for XDP. It also adds a BUILD_BUG_ON() check to make
sure the overlap is not re-introduced by mistake.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: e624d4ed4aa8cc3c69d1359b0aaea539203ed266 Version: e624d4ed4aa8cc3c69d1359b0aaea539203ed266 Version: e624d4ed4aa8cc3c69d1359b0aaea539203ed266 Version: e624d4ed4aa8cc3c69d1359b0aaea539203ed266 Version: e624d4ed4aa8cc3c69d1359b0aaea539203ed266 |
||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "include/uapi/linux/bpf.h", "net/core/filter.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "4e1e428533845d48828bd3875c0e92e8565b9962", "status": "affected", "version": "e624d4ed4aa8cc3c69d1359b0aaea539203ed266", "versionType": "git" }, { "lessThan": "314dbee9fe4f5cee36435465de52c988d7caa466", "status": "affected", "version": "e624d4ed4aa8cc3c69d1359b0aaea539203ed266", "versionType": "git" }, { "lessThan": "0fca5ed4be8e8bfbfb9bd97845af596bab7192d3", "status": "affected", "version": "e624d4ed4aa8cc3c69d1359b0aaea539203ed266", "versionType": "git" }, { "lessThan": "cec288e05ceac9a0d3a3a1fd279534b11844c826", "status": "affected", "version": "e624d4ed4aa8cc3c69d1359b0aaea539203ed266", "versionType": "git" }, { "lessThan": "09d88791c7cd888d5195c84733caf9183dcfbd16", "status": "affected", "version": "e624d4ed4aa8cc3c69d1359b0aaea539203ed266", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "include/uapi/linux/bpf.h", "net/core/filter.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.14" }, { "lessThan": "5.14", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.170", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Make sure internal and UAPI bpf_redirect flags don\u0027t overlap\n\nThe bpf_redirect_info is shared between the SKB and XDP redirect paths,\nand the two paths use the same numeric flag values in the ri-\u003eflags\nfield (specifically, BPF_F_BROADCAST == BPF_F_NEXTHOP). This means that\nif skb bpf_redirect_neigh() is used with a non-NULL params argument and,\nsubsequently, an XDP redirect is performed using the same\nbpf_redirect_info struct, the XDP path will get confused and end up\ncrashing, which syzbot managed to trigger.\n\nWith the stack-allocated bpf_redirect_info, the structure is no longer\nshared between the SKB and XDP paths, so the crash doesn\u0027t happen\nanymore. However, different code paths using identically-numbered flag\nvalues in the same struct field still seems like a bit of a mess, so\nthis patch cleans that up by moving the flag definitions together and\nredefining the three flags in BPF_F_REDIRECT_INTERNAL to not overlap\nwith the flags used for XDP. It also adds a BUILD_BUG_ON() check to make\nsure the overlap is not re-introduced by mistake." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:26.654Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/4e1e428533845d48828bd3875c0e92e8565b9962" }, { "url": "https://git.kernel.org/stable/c/314dbee9fe4f5cee36435465de52c988d7caa466" }, { "url": "https://git.kernel.org/stable/c/0fca5ed4be8e8bfbfb9bd97845af596bab7192d3" }, { "url": "https://git.kernel.org/stable/c/cec288e05ceac9a0d3a3a1fd279534b11844c826" }, { "url": "https://git.kernel.org/stable/c/09d88791c7cd888d5195c84733caf9183dcfbd16" } ], "title": "bpf: Make sure internal and UAPI bpf_redirect flags don\u0027t overlap", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50163", "datePublished": "2024-11-07T09:31:40.146Z", "dateReserved": "2024-10-21T19:36:19.961Z", "dateUpdated": "2024-12-19T09:34:26.654Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50142
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
xfrm: validate new SA's prefixlen using SA family when sel.family is unset
This expands the validation introduced in commit 07bf7908950a ("xfrm:
Validate address prefix lengths in the xfrm selector.")
syzbot created an SA with
usersa.sel.family = AF_UNSPEC
usersa.sel.prefixlen_s = 128
usersa.family = AF_INET
Because of the AF_UNSPEC selector, verify_newsa_info doesn't put
limits on prefixlen_{s,d}. But then copy_from_user_state sets
x->sel.family to usersa.family (AF_INET). Do the same conversion in
verify_newsa_info before validating prefixlen_{s,d}, since that's how
prefixlen is going to be used later on.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/xfrm/xfrm_user.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f31398570acf0f0804c644006f7bfa9067106b0a", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "401ad99a5ae7180dd9449eac104cb755f442e7f3", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "8df5cd51fd70c33aa1776e5cbcd82b0a86649d73", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "2d08a6c31c65f23db71a5385ee9cf9d8f9a67a71", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "bce1afaa212ec380bf971614f70909a27882b862", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "7d9868180bd1e4cf37e7c5067362658971162366", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "e68dd80ba498265d2266b12dc3459164f4ff0c4a", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "3f0ab59e6537c6a8f9e1b355b48f9c05a76e8563", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/xfrm/xfrm_user.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "2.6.12" }, { "lessThan": "2.6.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.323", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.285", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.229", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.170", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset\n\nThis expands the validation introduced in commit 07bf7908950a (\"xfrm:\nValidate address prefix lengths in the xfrm selector.\")\n\nsyzbot created an SA with\n usersa.sel.family = AF_UNSPEC\n usersa.sel.prefixlen_s = 128\n usersa.family = AF_INET\n\nBecause of the AF_UNSPEC selector, verify_newsa_info doesn\u0027t put\nlimits on prefixlen_{s,d}. But then copy_from_user_state sets\nx-\u003esel.family to usersa.family (AF_INET). Do the same conversion in\nverify_newsa_info before validating prefixlen_{s,d}, since that\u0027s how\nprefixlen is going to be used later on." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:02.678Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f31398570acf0f0804c644006f7bfa9067106b0a" }, { "url": "https://git.kernel.org/stable/c/401ad99a5ae7180dd9449eac104cb755f442e7f3" }, { "url": "https://git.kernel.org/stable/c/8df5cd51fd70c33aa1776e5cbcd82b0a86649d73" }, { "url": "https://git.kernel.org/stable/c/2d08a6c31c65f23db71a5385ee9cf9d8f9a67a71" }, { "url": "https://git.kernel.org/stable/c/bce1afaa212ec380bf971614f70909a27882b862" }, { "url": "https://git.kernel.org/stable/c/7d9868180bd1e4cf37e7c5067362658971162366" }, { "url": "https://git.kernel.org/stable/c/e68dd80ba498265d2266b12dc3459164f4ff0c4a" }, { "url": "https://git.kernel.org/stable/c/3f0ab59e6537c6a8f9e1b355b48f9c05a76e8563" } ], "title": "xfrm: validate new SA\u0027s prefixlen using SA family when sel.family is unset", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50142", "datePublished": "2024-11-07T09:31:19.415Z", "dateReserved": "2024-10-21T19:36:19.956Z", "dateUpdated": "2024-12-19T09:34:02.678Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50147
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5: Fix command bitmask initialization
Command bitmask have a dedicated bit for MANAGE_PAGES command, this bit
isn't Initialize during command bitmask Initialization, only during
MANAGE_PAGES.
In addition, mlx5_cmd_trigger_completions() is trying to trigger
completion for MANAGE_PAGES command as well.
Hence, in case health error occurred before any MANAGE_PAGES command
have been invoke (for example, during mlx5_enable_hca()),
mlx5_cmd_trigger_completions() will try to trigger completion for
MANAGE_PAGES command, which will result in null-ptr-deref error.[1]
Fix it by Initialize command bitmask correctly.
While at it, re-write the code for better understanding.
[1]
BUG: KASAN: null-ptr-deref in mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core]
Write of size 4 at addr 0000000000000214 by task kworker/u96:2/12078
CPU: 10 PID: 12078 Comm: kworker/u96:2 Not tainted 6.9.0-rc2_for_upstream_debug_2024_04_07_19_01 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
Workqueue: mlx5_health0000:08:00.0 mlx5_fw_fatal_reporter_err_work [mlx5_core]
Call Trace:
<TASK>
dump_stack_lvl+0x7e/0xc0
kasan_report+0xb9/0xf0
kasan_check_range+0xec/0x190
mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core]
mlx5_cmd_flush+0x94/0x240 [mlx5_core]
enter_error_state+0x6c/0xd0 [mlx5_core]
mlx5_fw_fatal_reporter_err_work+0xf3/0x480 [mlx5_core]
process_one_work+0x787/0x1490
? lockdep_hardirqs_on_prepare+0x400/0x400
? pwq_dec_nr_in_flight+0xda0/0xda0
? assign_work+0x168/0x240
worker_thread+0x586/0xd30
? rescuer_thread+0xae0/0xae0
kthread+0x2df/0x3b0
? kthread_complete_and_exit+0x20/0x20
ret_from_fork+0x2d/0x70
? kthread_complete_and_exit+0x20/0x20
ret_from_fork_asm+0x11/0x20
</TASK>
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/mellanox/mlx5/core/cmd.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "d1606090bb294cecb7de3c4ed177f5aa0abd4c4e", "status": "affected", "version": "9b98d395b85dd042fe83fb696b1ac02e6c93a520", "versionType": "git" }, { "lessThan": "d88564c79d1cedaf2655f12261eca0d2796bde4e", "status": "affected", "version": "9b98d395b85dd042fe83fb696b1ac02e6c93a520", "versionType": "git" }, { "lessThan": "2feac1e562be0efc621a6722644a90f355d53473", "status": "affected", "version": "9b98d395b85dd042fe83fb696b1ac02e6c93a520", "versionType": "git" }, { "lessThan": "d62b14045c6511a7b2d4948d1a83a4e592deeb05", "status": "affected", "version": "9b98d395b85dd042fe83fb696b1ac02e6c93a520", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/mellanox/mlx5/core/cmd.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.1" }, { "lessThan": "6.1", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix command bitmask initialization\n\nCommand bitmask have a dedicated bit for MANAGE_PAGES command, this bit\nisn\u0027t Initialize during command bitmask Initialization, only during\nMANAGE_PAGES.\n\nIn addition, mlx5_cmd_trigger_completions() is trying to trigger\ncompletion for MANAGE_PAGES command as well.\n\nHence, in case health error occurred before any MANAGE_PAGES command\nhave been invoke (for example, during mlx5_enable_hca()),\nmlx5_cmd_trigger_completions() will try to trigger completion for\nMANAGE_PAGES command, which will result in null-ptr-deref error.[1]\n\nFix it by Initialize command bitmask correctly.\n\nWhile at it, re-write the code for better understanding.\n\n[1]\nBUG: KASAN: null-ptr-deref in mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core]\nWrite of size 4 at addr 0000000000000214 by task kworker/u96:2/12078\nCPU: 10 PID: 12078 Comm: kworker/u96:2 Not tainted 6.9.0-rc2_for_upstream_debug_2024_04_07_19_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nWorkqueue: mlx5_health0000:08:00.0 mlx5_fw_fatal_reporter_err_work [mlx5_core]\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x7e/0xc0\n kasan_report+0xb9/0xf0\n kasan_check_range+0xec/0x190\n mlx5_cmd_trigger_completions+0x1db/0x600 [mlx5_core]\n mlx5_cmd_flush+0x94/0x240 [mlx5_core]\n enter_error_state+0x6c/0xd0 [mlx5_core]\n mlx5_fw_fatal_reporter_err_work+0xf3/0x480 [mlx5_core]\n process_one_work+0x787/0x1490\n ? lockdep_hardirqs_on_prepare+0x400/0x400\n ? pwq_dec_nr_in_flight+0xda0/0xda0\n ? assign_work+0x168/0x240\n worker_thread+0x586/0xd30\n ? rescuer_thread+0xae0/0xae0\n kthread+0x2df/0x3b0\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork+0x2d/0x70\n ? kthread_complete_and_exit+0x20/0x20\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e" } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:08.329Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/d1606090bb294cecb7de3c4ed177f5aa0abd4c4e" }, { "url": "https://git.kernel.org/stable/c/d88564c79d1cedaf2655f12261eca0d2796bde4e" }, { "url": "https://git.kernel.org/stable/c/2feac1e562be0efc621a6722644a90f355d53473" }, { "url": "https://git.kernel.org/stable/c/d62b14045c6511a7b2d4948d1a83a4e592deeb05" } ], "title": "net/mlx5: Fix command bitmask initialization", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50147", "datePublished": "2024-11-07T09:31:24.151Z", "dateReserved": "2024-10-21T19:36:19.958Z", "dateUpdated": "2024-12-19T09:34:08.329Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50159
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()
Clang static checker(scan-build) throws below warning:
| drivers/firmware/arm_scmi/driver.c:line 2915, column 2
| Attempt to free released memory.
When devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup()
will run twice which causes double free of 'dbg->name'.
Remove the redundant scmi_debugfs_common_cleanup() to fix this problem.
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/firmware/arm_scmi/driver.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "6d91d07913aee90556362d648d6a28a1eda419dc", "status": "affected", "version": "c3d4aed763ce4a39f8ed36c7b7cd9a6a35971329", "versionType": "git" }, { "lessThan": "fb324fdaf546bf14bc4c17e0037bca6cb952b121", "status": "affected", "version": "c3d4aed763ce4a39f8ed36c7b7cd9a6a35971329", "versionType": "git" }, { "lessThan": "39b13dce1a91cdfc3bec9238f9e89094551bd428", "status": "affected", "version": "c3d4aed763ce4a39f8ed36c7b7cd9a6a35971329", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/firmware/arm_scmi/driver.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.3" }, { "lessThan": "6.3", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()\n\nClang static checker(scan-build) throws below warning\uff1a\n | drivers/firmware/arm_scmi/driver.c:line 2915, column 2\n | Attempt to free released memory.\n\nWhen devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup()\nwill run twice which causes double free of \u0027dbg-\u003ename\u0027.\n\nRemove the redundant scmi_debugfs_common_cleanup() to fix this problem." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:22.006Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/6d91d07913aee90556362d648d6a28a1eda419dc" }, { "url": "https://git.kernel.org/stable/c/fb324fdaf546bf14bc4c17e0037bca6cb952b121" }, { "url": "https://git.kernel.org/stable/c/39b13dce1a91cdfc3bec9238f9e89094551bd428" } ], "title": "firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50159", "datePublished": "2024-11-07T09:31:36.167Z", "dateReserved": "2024-10-21T19:36:19.961Z", "dateUpdated": "2024-12-19T09:34:22.006Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50166
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
fsl/fman: Fix refcount handling of fman-related devices
In mac_probe() there are multiple calls to of_find_device_by_node(),
fman_bind() and fman_port_bind() which takes references to of_dev->dev.
Not all references taken by these calls are released later on error path
in mac_probe() and in mac_remove() which lead to reference leaks.
Add references release.
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/freescale/fman/mac.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5ed4334fc9512f934fe2ae9c4cf7f8142e451b8b", "status": "affected", "version": "3933961682a30ae7d405cda344c040a129fea422", "versionType": "git" }, { "lessThan": "3c2a3619d565fe16bf59b0a047bab103a2ee4490", "status": "affected", "version": "3933961682a30ae7d405cda344c040a129fea422", "versionType": "git" }, { "lessThan": "1dec67e0d9fbb087c2ab17bf1bd17208231c3bb1", "status": "affected", "version": "3933961682a30ae7d405cda344c040a129fea422", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/freescale/fman/mac.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.5" }, { "lessThan": "4.5", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsl/fman: Fix refcount handling of fman-related devices\n\nIn mac_probe() there are multiple calls to of_find_device_by_node(),\nfman_bind() and fman_port_bind() which takes references to of_dev-\u003edev.\nNot all references taken by these calls are released later on error path\nin mac_probe() and in mac_remove() which lead to reference leaks.\n\nAdd references release." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:30.015Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5ed4334fc9512f934fe2ae9c4cf7f8142e451b8b" }, { "url": "https://git.kernel.org/stable/c/3c2a3619d565fe16bf59b0a047bab103a2ee4490" }, { "url": "https://git.kernel.org/stable/c/1dec67e0d9fbb087c2ab17bf1bd17208231c3bb1" } ], "title": "fsl/fman: Fix refcount handling of fman-related devices", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50166", "datePublished": "2024-11-07T09:31:42.793Z", "dateReserved": "2024-10-21T19:36:19.962Z", "dateUpdated": "2024-12-19T09:34:30.015Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50145
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()
build_skb() returns NULL in case of a memory allocation failure so handle
it inside __octep_oq_process_rx() to avoid NULL pointer dereference.
__octep_oq_process_rx() is called during NAPI polling by the driver. If
skb allocation fails, keep on pulling packets out of the Rx DMA queue: we
shouldn't break the polling immediately and thus falsely indicate to the
octep_napi_poll() that the Rx pressure is going down. As there is no
associated skb in this case, don't process the packets and don't push them
up the network stack - they are skipped.
Helper function is implemented to unmmap/flush all the fragment buffers
used by the dropped packet. 'alloc_failures' counter is incremented to
mark the skb allocation error in driver statistics.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/marvell/octeon_ep/octep_rx.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "09ce491112bbf0b866e2638d3e961c1c73d1f00b", "status": "affected", "version": "37d79d0596062057f588bdbb2ebad5455a43d353", "versionType": "git" }, { "lessThan": "c2d2dc4f88bb3cfc4f3cc320fd3ff51b0ae5b0ea", "status": "affected", "version": "37d79d0596062057f588bdbb2ebad5455a43d353", "versionType": "git" }, { "lessThan": "2dedcb6f99f4c1a11944e7cc35dbeb9b18a5cbac", "status": "affected", "version": "37d79d0596062057f588bdbb2ebad5455a43d353", "versionType": "git" }, { "lessThan": "eb592008f79be52ccef88cd9a5249b3fc0367278", "status": "affected", "version": "37d79d0596062057f588bdbb2ebad5455a43d353", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/marvell/octeon_ep/octep_rx.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.19" }, { "lessThan": "5.19", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()\n\nbuild_skb() returns NULL in case of a memory allocation failure so handle\nit inside __octep_oq_process_rx() to avoid NULL pointer dereference.\n\n__octep_oq_process_rx() is called during NAPI polling by the driver. If\nskb allocation fails, keep on pulling packets out of the Rx DMA queue: we\nshouldn\u0027t break the polling immediately and thus falsely indicate to the\noctep_napi_poll() that the Rx pressure is going down. As there is no\nassociated skb in this case, don\u0027t process the packets and don\u0027t push them\nup the network stack - they are skipped.\n\nHelper function is implemented to unmmap/flush all the fragment buffers\nused by the dropped packet. \u0027alloc_failures\u0027 counter is incremented to\nmark the skb allocation error in driver statistics.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:06.081Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/09ce491112bbf0b866e2638d3e961c1c73d1f00b" }, { "url": "https://git.kernel.org/stable/c/c2d2dc4f88bb3cfc4f3cc320fd3ff51b0ae5b0ea" }, { "url": "https://git.kernel.org/stable/c/2dedcb6f99f4c1a11944e7cc35dbeb9b18a5cbac" }, { "url": "https://git.kernel.org/stable/c/eb592008f79be52ccef88cd9a5249b3fc0367278" } ], "title": "octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50145", "datePublished": "2024-11-07T09:31:22.202Z", "dateReserved": "2024-10-21T19:36:19.956Z", "dateUpdated": "2024-12-19T09:34:06.081Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50165
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Preserve param->string when parsing mount options
In bpf_parse_param(), keep the value of param->string intact so it can
be freed later. Otherwise, the kmalloc area pointed to by param->string
will be leaked as shown below:
unreferenced object 0xffff888118c46d20 (size 8):
comm "new_name", pid 12109, jiffies 4295580214
hex dump (first 8 bytes):
61 6e 79 00 38 c9 5c 7e any.8.\~
backtrace (crc e1b7f876):
[<00000000c6848ac7>] kmemleak_alloc+0x4b/0x80
[<00000000de9f7d00>] __kmalloc_node_track_caller_noprof+0x36e/0x4a0
[<000000003e29b886>] memdup_user+0x32/0xa0
[<0000000007248326>] strndup_user+0x46/0x60
[<0000000035b3dd29>] __x64_sys_fsconfig+0x368/0x3d0
[<0000000018657927>] x64_sys_call+0xff/0x9f0
[<00000000c0cabc95>] do_syscall_64+0x3b/0xc0
[<000000002f331597>] entry_SYSCALL_64_after_hwframe+0x4b/0x53
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "kernel/bpf/inode.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5d7a0a426540319327309035509cb768a2f5c2c4", "status": "affected", "version": "6c1752e0b6ca8c7021d6da3926738d8d88f601a9", "versionType": "git" }, { "lessThan": "1f97c03f43fadc407de5b5cb01c07755053e1c22", "status": "affected", "version": "6c1752e0b6ca8c7021d6da3926738d8d88f601a9", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "kernel/bpf/inode.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.9" }, { "lessThan": "6.9", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Preserve param-\u003estring when parsing mount options\n\nIn bpf_parse_param(), keep the value of param-\u003estring intact so it can\nbe freed later. Otherwise, the kmalloc area pointed to by param-\u003estring\nwill be leaked as shown below:\n\nunreferenced object 0xffff888118c46d20 (size 8):\n comm \"new_name\", pid 12109, jiffies 4295580214\n hex dump (first 8 bytes):\n 61 6e 79 00 38 c9 5c 7e any.8.\\~\n backtrace (crc e1b7f876):\n [\u003c00000000c6848ac7\u003e] kmemleak_alloc+0x4b/0x80\n [\u003c00000000de9f7d00\u003e] __kmalloc_node_track_caller_noprof+0x36e/0x4a0\n [\u003c000000003e29b886\u003e] memdup_user+0x32/0xa0\n [\u003c0000000007248326\u003e] strndup_user+0x46/0x60\n [\u003c0000000035b3dd29\u003e] __x64_sys_fsconfig+0x368/0x3d0\n [\u003c0000000018657927\u003e] x64_sys_call+0xff/0x9f0\n [\u003c00000000c0cabc95\u003e] do_syscall_64+0x3b/0xc0\n [\u003c000000002f331597\u003e] entry_SYSCALL_64_after_hwframe+0x4b/0x53" } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:28.862Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5d7a0a426540319327309035509cb768a2f5c2c4" }, { "url": "https://git.kernel.org/stable/c/1f97c03f43fadc407de5b5cb01c07755053e1c22" } ], "title": "bpf: Preserve param-\u003estring when parsing mount options", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50165", "datePublished": "2024-11-07T09:31:41.923Z", "dateReserved": "2024-10-21T19:36:19.962Z", "dateUpdated": "2024-12-19T09:34:28.862Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50161
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Check the remaining info_cnt before repeating btf fields
When trying to repeat the btf fields for array of nested struct, it
doesn't check the remaining info_cnt. The following splat will be
reported when the value of ret * nelems is greater than BTF_FIELDS_MAX:
------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in ../kernel/bpf/btf.c:3951:49
index 11 is out of range for type 'btf_field_info [11]'
CPU: 6 UID: 0 PID: 411 Comm: test_progs ...... 6.11.0-rc4+ #1
Tainted: [O]=OOT_MODULE
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ...
Call Trace:
<TASK>
dump_stack_lvl+0x57/0x70
dump_stack+0x10/0x20
ubsan_epilogue+0x9/0x40
__ubsan_handle_out_of_bounds+0x6f/0x80
? kallsyms_lookup_name+0x48/0xb0
btf_parse_fields+0x992/0xce0
map_create+0x591/0x770
__sys_bpf+0x229/0x2410
__x64_sys_bpf+0x1f/0x30
x64_sys_call+0x199/0x9f0
do_syscall_64+0x3b/0xc0
entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7fea56f2cc5d
......
</TASK>
---[ end trace ]---
Fix it by checking the remaining info_cnt in btf_repeat_fields() before
repeating the btf fields.
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "kernel/bpf/btf.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "6f957d972feee9b385ea3ae6530310a84e55ba71", "status": "affected", "version": "64e8ee814819f21beeeda00d4119221443d77992", "versionType": "git" }, { "lessThan": "797d73ee232dd1833dec4824bc53a22032e97c1c", "status": "affected", "version": "64e8ee814819f21beeeda00d4119221443d77992", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "kernel/bpf/btf.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.11" }, { "lessThan": "6.11", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check the remaining info_cnt before repeating btf fields\n\nWhen trying to repeat the btf fields for array of nested struct, it\ndoesn\u0027t check the remaining info_cnt. The following splat will be\nreported when the value of ret * nelems is greater than BTF_FIELDS_MAX:\n\n ------------[ cut here ]------------\n UBSAN: array-index-out-of-bounds in ../kernel/bpf/btf.c:3951:49\n index 11 is out of range for type \u0027btf_field_info [11]\u0027\n CPU: 6 UID: 0 PID: 411 Comm: test_progs ...... 6.11.0-rc4+ #1\n Tainted: [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ...\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x57/0x70\n dump_stack+0x10/0x20\n ubsan_epilogue+0x9/0x40\n __ubsan_handle_out_of_bounds+0x6f/0x80\n ? kallsyms_lookup_name+0x48/0xb0\n btf_parse_fields+0x992/0xce0\n map_create+0x591/0x770\n __sys_bpf+0x229/0x2410\n __x64_sys_bpf+0x1f/0x30\n x64_sys_call+0x199/0x9f0\n do_syscall_64+0x3b/0xc0\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n RIP: 0033:0x7fea56f2cc5d\n ......\n \u003c/TASK\u003e\n ---[ end trace ]---\n\nFix it by checking the remaining info_cnt in btf_repeat_fields() before\nrepeating the btf fields." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:24.268Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/6f957d972feee9b385ea3ae6530310a84e55ba71" }, { "url": "https://git.kernel.org/stable/c/797d73ee232dd1833dec4824bc53a22032e97c1c" } ], "title": "bpf: Check the remaining info_cnt before repeating btf fields", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50161", "datePublished": "2024-11-07T09:31:38.118Z", "dateReserved": "2024-10-21T19:36:19.961Z", "dateUpdated": "2024-12-19T09:34:24.268Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50169
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
vsock: Update rx_bytes on read_skb()
Make sure virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt()
calls are balanced (i.e. virtio_vsock_sock::rx_bytes doesn't lie) after
vsock_transport::read_skb().
While here, also inform the peer that we've freed up space and it has more
credit.
Failing to update rx_bytes after packet is dequeued leads to a warning on
SOCK_STREAM recv():
[ 233.396654] rx_queue is empty, but rx_bytes is non-zero
[ 233.396702] WARNING: CPU: 11 PID: 40601 at net/vmw_vsock/virtio_transport_common.c:589
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/vmw_vsock/virtio_transport_common.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "66cd51de31c682a311c2fa25c580b7ea45859dd9", "status": "affected", "version": "634f1a7110b439c65fd8a809171c1d2d28bcea6f", "versionType": "git" }, { "lessThan": "e5ca2b98090b4bb1c393088c724af6c37812a829", "status": "affected", "version": "634f1a7110b439c65fd8a809171c1d2d28bcea6f", "versionType": "git" }, { "lessThan": "3543152f2d330141d9394d28855cb90b860091d2", "status": "affected", "version": "634f1a7110b439c65fd8a809171c1d2d28bcea6f", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/vmw_vsock/virtio_transport_common.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.4" }, { "lessThan": "6.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock: Update rx_bytes on read_skb()\n\nMake sure virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt()\ncalls are balanced (i.e. virtio_vsock_sock::rx_bytes doesn\u0027t lie) after\nvsock_transport::read_skb().\n\nWhile here, also inform the peer that we\u0027ve freed up space and it has more\ncredit.\n\nFailing to update rx_bytes after packet is dequeued leads to a warning on\nSOCK_STREAM recv():\n\n[ 233.396654] rx_queue is empty, but rx_bytes is non-zero\n[ 233.396702] WARNING: CPU: 11 PID: 40601 at net/vmw_vsock/virtio_transport_common.c:589" } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:33.435Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/66cd51de31c682a311c2fa25c580b7ea45859dd9" }, { "url": "https://git.kernel.org/stable/c/e5ca2b98090b4bb1c393088c724af6c37812a829" }, { "url": "https://git.kernel.org/stable/c/3543152f2d330141d9394d28855cb90b860091d2" } ], "title": "vsock: Update rx_bytes on read_skb()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50169", "datePublished": "2024-11-07T09:31:45.804Z", "dateReserved": "2024-10-21T19:36:19.962Z", "dateUpdated": "2024-12-19T09:34:33.435Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50146
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Don't call cleanup on profile rollback failure
When profile rollback fails in mlx5e_netdev_change_profile, the netdev
profile var is left set to NULL. Avoid a crash when unloading the driver
by not calling profile->cleanup in such a case.
This was encountered while testing, with the original trigger that
the wq rescuer thread creation got interrupted (presumably due to
Ctrl+C-ing modprobe), which gets converted to ENOMEM (-12) by
mlx5e_priv_init, the profile rollback also fails for the same reason
(signal still active) so the profile is left as NULL, leading to a crash
later in _mlx5e_remove.
[ 732.473932] mlx5_core 0000:08:00.1: E-Switch: Unload vfs: mode(OFFLOADS), nvfs(2), necvfs(0), active vports(2)
[ 734.525513] workqueue: Failed to create a rescuer kthread for wq "mlx5e": -EINTR
[ 734.557372] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12
[ 734.559187] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: new profile init failed, -12
[ 734.560153] workqueue: Failed to create a rescuer kthread for wq "mlx5e": -EINTR
[ 734.589378] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12
[ 734.591136] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12
[ 745.537492] BUG: kernel NULL pointer dereference, address: 0000000000000008
[ 745.538222] #PF: supervisor read access in kernel mode
<snipped>
[ 745.551290] Call Trace:
[ 745.551590] <TASK>
[ 745.551866] ? __die+0x20/0x60
[ 745.552218] ? page_fault_oops+0x150/0x400
[ 745.555307] ? exc_page_fault+0x79/0x240
[ 745.555729] ? asm_exc_page_fault+0x22/0x30
[ 745.556166] ? mlx5e_remove+0x6b/0xb0 [mlx5_core]
[ 745.556698] auxiliary_bus_remove+0x18/0x30
[ 745.557134] device_release_driver_internal+0x1df/0x240
[ 745.557654] bus_remove_device+0xd7/0x140
[ 745.558075] device_del+0x15b/0x3c0
[ 745.558456] mlx5_rescan_drivers_locked.part.0+0xb1/0x2f0 [mlx5_core]
[ 745.559112] mlx5_unregister_device+0x34/0x50 [mlx5_core]
[ 745.559686] mlx5_uninit_one+0x46/0xf0 [mlx5_core]
[ 745.560203] remove_one+0x4e/0xd0 [mlx5_core]
[ 745.560694] pci_device_remove+0x39/0xa0
[ 745.561112] device_release_driver_internal+0x1df/0x240
[ 745.561631] driver_detach+0x47/0x90
[ 745.562022] bus_remove_driver+0x84/0x100
[ 745.562444] pci_unregister_driver+0x3b/0x90
[ 745.562890] mlx5_cleanup+0xc/0x1b [mlx5_core]
[ 745.563415] __x64_sys_delete_module+0x14d/0x2f0
[ 745.563886] ? kmem_cache_free+0x1b0/0x460
[ 745.564313] ? lockdep_hardirqs_on_prepare+0xe2/0x190
[ 745.564825] do_syscall_64+0x6d/0x140
[ 745.565223] entry_SYSCALL_64_after_hwframe+0x4b/0x53
[ 745.565725] RIP: 0033:0x7f1579b1288b
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/mellanox/mlx5/core/en_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "3955b77494c3c7d14873b1db67e7e00c46a714db", "status": "affected", "version": "3ef14e463f6ed0218710f56b97e1a7d0448784d2", "versionType": "git" }, { "lessThan": "4dbc1d1a9f39c3711ad2a40addca04d07d9ab5d0", "status": "affected", "version": "3ef14e463f6ed0218710f56b97e1a7d0448784d2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/mellanox/mlx5/core/en_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.12" }, { "lessThan": "5.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Don\u0027t call cleanup on profile rollback failure\n\nWhen profile rollback fails in mlx5e_netdev_change_profile, the netdev\nprofile var is left set to NULL. Avoid a crash when unloading the driver\nby not calling profile-\u003ecleanup in such a case.\n\nThis was encountered while testing, with the original trigger that\nthe wq rescuer thread creation got interrupted (presumably due to\nCtrl+C-ing modprobe), which gets converted to ENOMEM (-12) by\nmlx5e_priv_init, the profile rollback also fails for the same reason\n(signal still active) so the profile is left as NULL, leading to a crash\nlater in _mlx5e_remove.\n\n [ 732.473932] mlx5_core 0000:08:00.1: E-Switch: Unload vfs: mode(OFFLOADS), nvfs(2), necvfs(0), active vports(2)\n [ 734.525513] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.557372] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.559187] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: new profile init failed, -12\n [ 734.560153] workqueue: Failed to create a rescuer kthread for wq \"mlx5e\": -EINTR\n [ 734.589378] mlx5_core 0000:08:00.1: mlx5e_netdev_init_profile:6235:(pid 6086): mlx5e_priv_init failed, err=-12\n [ 734.591136] mlx5_core 0000:08:00.1 eth3: mlx5e_netdev_change_profile: failed to rollback to orig profile, -12\n [ 745.537492] BUG: kernel NULL pointer dereference, address: 0000000000000008\n [ 745.538222] #PF: supervisor read access in kernel mode\n\u003csnipped\u003e\n [ 745.551290] Call Trace:\n [ 745.551590] \u003cTASK\u003e\n [ 745.551866] ? __die+0x20/0x60\n [ 745.552218] ? page_fault_oops+0x150/0x400\n [ 745.555307] ? exc_page_fault+0x79/0x240\n [ 745.555729] ? asm_exc_page_fault+0x22/0x30\n [ 745.556166] ? mlx5e_remove+0x6b/0xb0 [mlx5_core]\n [ 745.556698] auxiliary_bus_remove+0x18/0x30\n [ 745.557134] device_release_driver_internal+0x1df/0x240\n [ 745.557654] bus_remove_device+0xd7/0x140\n [ 745.558075] device_del+0x15b/0x3c0\n [ 745.558456] mlx5_rescan_drivers_locked.part.0+0xb1/0x2f0 [mlx5_core]\n [ 745.559112] mlx5_unregister_device+0x34/0x50 [mlx5_core]\n [ 745.559686] mlx5_uninit_one+0x46/0xf0 [mlx5_core]\n [ 745.560203] remove_one+0x4e/0xd0 [mlx5_core]\n [ 745.560694] pci_device_remove+0x39/0xa0\n [ 745.561112] device_release_driver_internal+0x1df/0x240\n [ 745.561631] driver_detach+0x47/0x90\n [ 745.562022] bus_remove_driver+0x84/0x100\n [ 745.562444] pci_unregister_driver+0x3b/0x90\n [ 745.562890] mlx5_cleanup+0xc/0x1b [mlx5_core]\n [ 745.563415] __x64_sys_delete_module+0x14d/0x2f0\n [ 745.563886] ? kmem_cache_free+0x1b0/0x460\n [ 745.564313] ? lockdep_hardirqs_on_prepare+0xe2/0x190\n [ 745.564825] do_syscall_64+0x6d/0x140\n [ 745.565223] entry_SYSCALL_64_after_hwframe+0x4b/0x53\n [ 745.565725] RIP: 0033:0x7f1579b1288b" } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:07.200Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/3955b77494c3c7d14873b1db67e7e00c46a714db" }, { "url": "https://git.kernel.org/stable/c/4dbc1d1a9f39c3711ad2a40addca04d07d9ab5d0" } ], "title": "net/mlx5e: Don\u0027t call cleanup on profile rollback failure", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50146", "datePublished": "2024-11-07T09:31:23.123Z", "dateReserved": "2024-10-21T19:36:19.956Z", "dateUpdated": "2024-12-19T09:34:07.200Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50158
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Fix out of bound check
Driver exports pacing stats only on GenP5 and P7 adapters. But while
parsing the pacing stats, driver has a check for "rdev->dbr_pacing". This
caused a trace when KASAN is enabled.
BUG: KASAN: slab-out-of-bounds in bnxt_re_get_hw_stats+0x2b6a/0x2e00 [bnxt_re]
Write of size 8 at addr ffff8885942a6340 by task modprobe/4809
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/infiniband/hw/bnxt_re/hw_counters.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "05c5fcc1869a08e36a29691699b6534e5a00a82b", "status": "affected", "version": "8b6573ff3420a2da1deb469a480dbc454745f784", "versionType": "git" }, { "lessThan": "c11b9b03ea5252898f91f3388c248f0dc47bda52", "status": "affected", "version": "8b6573ff3420a2da1deb469a480dbc454745f784", "versionType": "git" }, { "lessThan": "a9e6e7443922ac0a48243c35d03834c96926bff1", "status": "affected", "version": "8b6573ff3420a2da1deb469a480dbc454745f784", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/infiniband/hw/bnxt_re/hw_counters.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.6" }, { "lessThan": "6.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix out of bound check\n\nDriver exports pacing stats only on GenP5 and P7 adapters. But while\nparsing the pacing stats, driver has a check for \"rdev-\u003edbr_pacing\". This\ncaused a trace when KASAN is enabled.\n\nBUG: KASAN: slab-out-of-bounds in bnxt_re_get_hw_stats+0x2b6a/0x2e00 [bnxt_re]\nWrite of size 8 at addr ffff8885942a6340 by task modprobe/4809" } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:20.899Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/05c5fcc1869a08e36a29691699b6534e5a00a82b" }, { "url": "https://git.kernel.org/stable/c/c11b9b03ea5252898f91f3388c248f0dc47bda52" }, { "url": "https://git.kernel.org/stable/c/a9e6e7443922ac0a48243c35d03834c96926bff1" } ], "title": "RDMA/bnxt_re: Fix out of bound check", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50158", "datePublished": "2024-11-07T09:31:35.264Z", "dateReserved": "2024-10-21T19:36:19.961Z", "dateUpdated": "2024-12-19T09:34:20.899Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50168
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
The sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skb
in case of skb->len being too long, add dev_kfree_skb() to fix it.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/i825xx/sun3_82586.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "137010d26dc5cd47cd62fef77cbe952d31951b7a", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "8d5b20fbc548650019afa96822b6a33ea4ec8aa5", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "db755e55349045375c5c7036e8650afb3ff419d8", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "9c6ce55e6f0bd1541f112833006b4052614c7d94", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "1a17a4ac2d57102497fac53b53c666dba6a0c20d", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "6dc937a3086e344f965ca5c459f8f3eb6b68d890", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "84f2bac74000dbb7a177d9b98a17031ec8d07ec5", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "2cb3f56e827abb22c4168ad0c1bbbf401bb2f3b8", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/i825xx/sun3_82586.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "2.6.12" }, { "lessThan": "2.6.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.323", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.285", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.229", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.170", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sun3_82586: fix potential memory leak in sun3_82586_send_packet()\n\nThe sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skb\nin case of skb-\u003elen being too long, add dev_kfree_skb() to fix it." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:32.319Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/137010d26dc5cd47cd62fef77cbe952d31951b7a" }, { "url": "https://git.kernel.org/stable/c/8d5b20fbc548650019afa96822b6a33ea4ec8aa5" }, { "url": "https://git.kernel.org/stable/c/db755e55349045375c5c7036e8650afb3ff419d8" }, { "url": "https://git.kernel.org/stable/c/9c6ce55e6f0bd1541f112833006b4052614c7d94" }, { "url": "https://git.kernel.org/stable/c/1a17a4ac2d57102497fac53b53c666dba6a0c20d" }, { "url": "https://git.kernel.org/stable/c/6dc937a3086e344f965ca5c459f8f3eb6b68d890" }, { "url": "https://git.kernel.org/stable/c/84f2bac74000dbb7a177d9b98a17031ec8d07ec5" }, { "url": "https://git.kernel.org/stable/c/2cb3f56e827abb22c4168ad0c1bbbf401bb2f3b8" } ], "title": "net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50168", "datePublished": "2024-11-07T09:31:44.843Z", "dateReserved": "2024-10-21T19:36:19.962Z", "dateUpdated": "2024-12-19T09:34:32.319Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50157
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop
Driver waits indefinitely for the fifo occupancy to go below a threshold
as soon as the pacing interrupt is received. This can cause soft lockup on
one of the processors, if the rate of DB is very high.
Add a loop count for FPGA and exit the __wait_for_fifo_occupancy_below_th
if the loop is taking more time. Pacing will be continuing until the
occupancy is below the threshold. This is ensured by the checks in
bnxt_re_pacing_timer_exp and further scheduling the work for pacing based
on the fifo occupancy.
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/infiniband/hw/bnxt_re/main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "2fb6b2e82413e401b72dfeacd7a60416fcfc5b41", "status": "affected", "version": "2ad4e6303a6d7518632739eaf67821a3553db1bd", "versionType": "git" }, { "lessThan": "8be3e5b0c96beeefe9d5486b96575d104d3e7d17", "status": "affected", "version": "2ad4e6303a6d7518632739eaf67821a3553db1bd", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/infiniband/hw/bnxt_re/main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.6" }, { "lessThan": "6.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop\n\nDriver waits indefinitely for the fifo occupancy to go below a threshold\nas soon as the pacing interrupt is received. This can cause soft lockup on\none of the processors, if the rate of DB is very high.\n\nAdd a loop count for FPGA and exit the __wait_for_fifo_occupancy_below_th\nif the loop is taking more time. Pacing will be continuing until the\noccupancy is below the threshold. This is ensured by the checks in\nbnxt_re_pacing_timer_exp and further scheduling the work for pacing based\non the fifo occupancy." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:19.764Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/2fb6b2e82413e401b72dfeacd7a60416fcfc5b41" }, { "url": "https://git.kernel.org/stable/c/8be3e5b0c96beeefe9d5486b96575d104d3e7d17" } ], "title": "RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50157", "datePublished": "2024-11-07T09:31:34.355Z", "dateReserved": "2024-10-21T19:36:19.960Z", "dateUpdated": "2024-12-19T09:34:19.764Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50162
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: devmap: provide rxq after redirect
rxq contains a pointer to the device from where
the redirect happened. Currently, the BPF program
that was executed after a redirect via BPF_MAP_TYPE_DEVMAP*
does not have it set.
This is particularly bad since accessing ingress_ifindex, e.g.
SEC("xdp")
int prog(struct xdp_md *pkt)
{
return bpf_redirect_map(&dev_redirect_map, 0, 0);
}
SEC("xdp/devmap")
int prog_after_redirect(struct xdp_md *pkt)
{
bpf_printk("ifindex %i", pkt->ingress_ifindex);
return XDP_PASS;
}
depends on access to rxq, so a NULL pointer gets dereferenced:
<1>[ 574.475170] BUG: kernel NULL pointer dereference, address: 0000000000000000
<1>[ 574.475188] #PF: supervisor read access in kernel mode
<1>[ 574.475194] #PF: error_code(0x0000) - not-present page
<6>[ 574.475199] PGD 0 P4D 0
<4>[ 574.475207] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI
<4>[ 574.475217] CPU: 4 UID: 0 PID: 217 Comm: kworker/4:1 Not tainted 6.11.0-rc5-reduced-00859-g780801200300 #23
<4>[ 574.475226] Hardware name: Intel(R) Client Systems NUC13ANHi7/NUC13ANBi7, BIOS ANRPL357.0026.2023.0314.1458 03/14/2023
<4>[ 574.475231] Workqueue: mld mld_ifc_work
<4>[ 574.475247] RIP: 0010:bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c
<4>[ 574.475257] Code: cc cc cc cc cc cc cc 80 00 00 00 cc cc cc cc cc cc cc cc f3 0f 1e fa 0f 1f 44 00 00 66 90 55 48 89 e5 f3 0f 1e fa 48 8b 57 20 <48> 8b 52 00 8b 92 e0 00 00 00 48 bf f8 a6 d5 c4 5d a0 ff ff be 0b
<4>[ 574.475263] RSP: 0018:ffffa62440280c98 EFLAGS: 00010206
<4>[ 574.475269] RAX: ffffa62440280cd8 RBX: 0000000000000001 RCX: 0000000000000000
<4>[ 574.475274] RDX: 0000000000000000 RSI: ffffa62440549048 RDI: ffffa62440280ce0
<4>[ 574.475278] RBP: ffffa62440280c98 R08: 0000000000000002 R09: 0000000000000001
<4>[ 574.475281] R10: ffffa05dc8b98000 R11: ffffa05f577fca40 R12: ffffa05dcab24000
<4>[ 574.475285] R13: ffffa62440280ce0 R14: ffffa62440549048 R15: ffffa62440549000
<4>[ 574.475289] FS: 0000000000000000(0000) GS:ffffa05f4f700000(0000) knlGS:0000000000000000
<4>[ 574.475294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
<4>[ 574.475298] CR2: 0000000000000000 CR3: 000000025522e000 CR4: 0000000000f50ef0
<4>[ 574.475303] PKRU: 55555554
<4>[ 574.475306] Call Trace:
<4>[ 574.475313] <IRQ>
<4>[ 574.475318] ? __die+0x23/0x70
<4>[ 574.475329] ? page_fault_oops+0x180/0x4c0
<4>[ 574.475339] ? skb_pp_cow_data+0x34c/0x490
<4>[ 574.475346] ? kmem_cache_free+0x257/0x280
<4>[ 574.475357] ? exc_page_fault+0x67/0x150
<4>[ 574.475368] ? asm_exc_page_fault+0x26/0x30
<4>[ 574.475381] ? bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c
<4>[ 574.475386] bq_xmit_all+0x158/0x420
<4>[ 574.475397] __dev_flush+0x30/0x90
<4>[ 574.475407] veth_poll+0x216/0x250 [veth]
<4>[ 574.475421] __napi_poll+0x28/0x1c0
<4>[ 574.475430] net_rx_action+0x32d/0x3a0
<4>[ 574.475441] handle_softirqs+0xcb/0x2c0
<4>[ 574.475451] do_softirq+0x40/0x60
<4>[ 574.475458] </IRQ>
<4>[ 574.475461] <TASK>
<4>[ 574.475464] __local_bh_enable_ip+0x66/0x70
<4>[ 574.475471] __dev_queue_xmit+0x268/0xe40
<4>[ 574.475480] ? selinux_ip_postroute+0x213/0x420
<4>[ 574.475491] ? alloc_skb_with_frags+0x4a/0x1d0
<4>[ 574.475502] ip6_finish_output2+0x2be/0x640
<4>[ 574.475512] ? nf_hook_slow+0x42/0xf0
<4>[ 574.475521] ip6_finish_output+0x194/0x300
<4>[ 574.475529] ? __pfx_ip6_finish_output+0x10/0x10
<4>[ 574.475538] mld_sendpack+0x17c/0x240
<4>[ 574.475548] mld_ifc_work+0x192/0x410
<4>[ 574.475557] process_one_work+0x15d/0x380
<4>[ 574.475566] worker_thread+0x29d/0x3a0
<4>[ 574.475573] ? __pfx_worker_thread+0x10/0x10
<4>[ 574.475580] ? __pfx_worker_thread+0x10/0x10
<4>[ 574.475587] kthread+0xcd/0x100
<4>[ 574.475597] ? __pfx_kthread+0x10/0x10
<4>[ 574.475606] ret_from_fork+0x31/0x50
<4>[ 574.475615] ? __pfx_kthread+0x10/0x10
<4>[ 574.475623] ret_from_fork_asm+0x1a/0x
---truncated---
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: cb261b594b4108668e00f565184c7c221efe0359 Version: cb261b594b4108668e00f565184c7c221efe0359 Version: cb261b594b4108668e00f565184c7c221efe0359 Version: cb261b594b4108668e00f565184c7c221efe0359 Version: cb261b594b4108668e00f565184c7c221efe0359 |
||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "kernel/bpf/devmap.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "fe068afb868660fe683a8391c6c17ecbe2254922", "status": "affected", "version": "cb261b594b4108668e00f565184c7c221efe0359", "versionType": "git" }, { "lessThan": "a778fbe087c19f4ece5f5fc14173328f070c3803", "status": "affected", "version": "cb261b594b4108668e00f565184c7c221efe0359", "versionType": "git" }, { "lessThan": "49454f09936a9a96edfb047156889879cb4001eb", "status": "affected", "version": "cb261b594b4108668e00f565184c7c221efe0359", "versionType": "git" }, { "lessThan": "9167d1c274a336e4763eeb3f3f9cb763c55df5aa", "status": "affected", "version": "cb261b594b4108668e00f565184c7c221efe0359", "versionType": "git" }, { "lessThan": "ca9984c5f0ab3690d98b13937b2485a978c8dd73", "status": "affected", "version": "cb261b594b4108668e00f565184c7c221efe0359", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "kernel/bpf/devmap.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.14" }, { "lessThan": "5.14", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.170", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: devmap: provide rxq after redirect\n\nrxq contains a pointer to the device from where\nthe redirect happened. Currently, the BPF program\nthat was executed after a redirect via BPF_MAP_TYPE_DEVMAP*\ndoes not have it set.\n\nThis is particularly bad since accessing ingress_ifindex, e.g.\n\nSEC(\"xdp\")\nint prog(struct xdp_md *pkt)\n{\n return bpf_redirect_map(\u0026dev_redirect_map, 0, 0);\n}\n\nSEC(\"xdp/devmap\")\nint prog_after_redirect(struct xdp_md *pkt)\n{\n bpf_printk(\"ifindex %i\", pkt-\u003eingress_ifindex);\n return XDP_PASS;\n}\n\ndepends on access to rxq, so a NULL pointer gets dereferenced:\n\n\u003c1\u003e[ 574.475170] BUG: kernel NULL pointer dereference, address: 0000000000000000\n\u003c1\u003e[ 574.475188] #PF: supervisor read access in kernel mode\n\u003c1\u003e[ 574.475194] #PF: error_code(0x0000) - not-present page\n\u003c6\u003e[ 574.475199] PGD 0 P4D 0\n\u003c4\u003e[ 574.475207] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n\u003c4\u003e[ 574.475217] CPU: 4 UID: 0 PID: 217 Comm: kworker/4:1 Not tainted 6.11.0-rc5-reduced-00859-g780801200300 #23\n\u003c4\u003e[ 574.475226] Hardware name: Intel(R) Client Systems NUC13ANHi7/NUC13ANBi7, BIOS ANRPL357.0026.2023.0314.1458 03/14/2023\n\u003c4\u003e[ 574.475231] Workqueue: mld mld_ifc_work\n\u003c4\u003e[ 574.475247] RIP: 0010:bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c\n\u003c4\u003e[ 574.475257] Code: cc cc cc cc cc cc cc 80 00 00 00 cc cc cc cc cc cc cc cc f3 0f 1e fa 0f 1f 44 00 00 66 90 55 48 89 e5 f3 0f 1e fa 48 8b 57 20 \u003c48\u003e 8b 52 00 8b 92 e0 00 00 00 48 bf f8 a6 d5 c4 5d a0 ff ff be 0b\n\u003c4\u003e[ 574.475263] RSP: 0018:ffffa62440280c98 EFLAGS: 00010206\n\u003c4\u003e[ 574.475269] RAX: ffffa62440280cd8 RBX: 0000000000000001 RCX: 0000000000000000\n\u003c4\u003e[ 574.475274] RDX: 0000000000000000 RSI: ffffa62440549048 RDI: ffffa62440280ce0\n\u003c4\u003e[ 574.475278] RBP: ffffa62440280c98 R08: 0000000000000002 R09: 0000000000000001\n\u003c4\u003e[ 574.475281] R10: ffffa05dc8b98000 R11: ffffa05f577fca40 R12: ffffa05dcab24000\n\u003c4\u003e[ 574.475285] R13: ffffa62440280ce0 R14: ffffa62440549048 R15: ffffa62440549000\n\u003c4\u003e[ 574.475289] FS: 0000000000000000(0000) GS:ffffa05f4f700000(0000) knlGS:0000000000000000\n\u003c4\u003e[ 574.475294] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\u003c4\u003e[ 574.475298] CR2: 0000000000000000 CR3: 000000025522e000 CR4: 0000000000f50ef0\n\u003c4\u003e[ 574.475303] PKRU: 55555554\n\u003c4\u003e[ 574.475306] Call Trace:\n\u003c4\u003e[ 574.475313] \u003cIRQ\u003e\n\u003c4\u003e[ 574.475318] ? __die+0x23/0x70\n\u003c4\u003e[ 574.475329] ? page_fault_oops+0x180/0x4c0\n\u003c4\u003e[ 574.475339] ? skb_pp_cow_data+0x34c/0x490\n\u003c4\u003e[ 574.475346] ? kmem_cache_free+0x257/0x280\n\u003c4\u003e[ 574.475357] ? exc_page_fault+0x67/0x150\n\u003c4\u003e[ 574.475368] ? asm_exc_page_fault+0x26/0x30\n\u003c4\u003e[ 574.475381] ? bpf_prog_5e13354d9cf5018a_prog_after_redirect+0x17/0x3c\n\u003c4\u003e[ 574.475386] bq_xmit_all+0x158/0x420\n\u003c4\u003e[ 574.475397] __dev_flush+0x30/0x90\n\u003c4\u003e[ 574.475407] veth_poll+0x216/0x250 [veth]\n\u003c4\u003e[ 574.475421] __napi_poll+0x28/0x1c0\n\u003c4\u003e[ 574.475430] net_rx_action+0x32d/0x3a0\n\u003c4\u003e[ 574.475441] handle_softirqs+0xcb/0x2c0\n\u003c4\u003e[ 574.475451] do_softirq+0x40/0x60\n\u003c4\u003e[ 574.475458] \u003c/IRQ\u003e\n\u003c4\u003e[ 574.475461] \u003cTASK\u003e\n\u003c4\u003e[ 574.475464] __local_bh_enable_ip+0x66/0x70\n\u003c4\u003e[ 574.475471] __dev_queue_xmit+0x268/0xe40\n\u003c4\u003e[ 574.475480] ? selinux_ip_postroute+0x213/0x420\n\u003c4\u003e[ 574.475491] ? alloc_skb_with_frags+0x4a/0x1d0\n\u003c4\u003e[ 574.475502] ip6_finish_output2+0x2be/0x640\n\u003c4\u003e[ 574.475512] ? nf_hook_slow+0x42/0xf0\n\u003c4\u003e[ 574.475521] ip6_finish_output+0x194/0x300\n\u003c4\u003e[ 574.475529] ? __pfx_ip6_finish_output+0x10/0x10\n\u003c4\u003e[ 574.475538] mld_sendpack+0x17c/0x240\n\u003c4\u003e[ 574.475548] mld_ifc_work+0x192/0x410\n\u003c4\u003e[ 574.475557] process_one_work+0x15d/0x380\n\u003c4\u003e[ 574.475566] worker_thread+0x29d/0x3a0\n\u003c4\u003e[ 574.475573] ? __pfx_worker_thread+0x10/0x10\n\u003c4\u003e[ 574.475580] ? __pfx_worker_thread+0x10/0x10\n\u003c4\u003e[ 574.475587] kthread+0xcd/0x100\n\u003c4\u003e[ 574.475597] ? __pfx_kthread+0x10/0x10\n\u003c4\u003e[ 574.475606] ret_from_fork+0x31/0x50\n\u003c4\u003e[ 574.475615] ? __pfx_kthread+0x10/0x10\n\u003c4\u003e[ 574.475623] ret_from_fork_asm+0x1a/0x\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:25.474Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/fe068afb868660fe683a8391c6c17ecbe2254922" }, { "url": "https://git.kernel.org/stable/c/a778fbe087c19f4ece5f5fc14173328f070c3803" }, { "url": "https://git.kernel.org/stable/c/49454f09936a9a96edfb047156889879cb4001eb" }, { "url": "https://git.kernel.org/stable/c/9167d1c274a336e4763eeb3f3f9cb763c55df5aa" }, { "url": "https://git.kernel.org/stable/c/ca9984c5f0ab3690d98b13937b2485a978c8dd73" } ], "title": "bpf: devmap: provide rxq after redirect", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50162", "datePublished": "2024-11-07T09:31:39.141Z", "dateReserved": "2024-10-21T19:36:19.961Z", "dateUpdated": "2024-12-19T09:34:25.474Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50171
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: systemport: fix potential memory leak in bcm_sysport_xmit()
The bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skb
in case of dma_map_single() fails, add dev_kfree_skb() to fix it.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 80105befdb4b8cea924711b40b2462b87df65b62 Version: 80105befdb4b8cea924711b40b2462b87df65b62 Version: 80105befdb4b8cea924711b40b2462b87df65b62 Version: 80105befdb4b8cea924711b40b2462b87df65b62 Version: 80105befdb4b8cea924711b40b2462b87df65b62 Version: 80105befdb4b8cea924711b40b2462b87df65b62 Version: 80105befdb4b8cea924711b40b2462b87df65b62 Version: 80105befdb4b8cea924711b40b2462b87df65b62 |
||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/broadcom/bcmsysport.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "8e81ce7d0166a2249deb6d5e42f28a8b8c9ea72f", "status": "affected", "version": "80105befdb4b8cea924711b40b2462b87df65b62", "versionType": "git" }, { "lessThan": "31701ef0c4547973991ff63596c927f841dfd133", "status": "affected", "version": "80105befdb4b8cea924711b40b2462b87df65b62", "versionType": "git" }, { "lessThan": "b6321146773dcbbc372a54dbada67e0b50e0a25c", "status": "affected", "version": "80105befdb4b8cea924711b40b2462b87df65b62", "versionType": "git" }, { "lessThan": "5febfc545389805ce83d37f9f4317055b26dd7d7", "status": "affected", "version": "80105befdb4b8cea924711b40b2462b87df65b62", "versionType": "git" }, { "lessThan": "533d2f30aef272dade17870a509521c3afc38a03", "status": "affected", "version": "80105befdb4b8cea924711b40b2462b87df65b62", "versionType": "git" }, { "lessThan": "4b70478b984af3c9d0279c121df5ff94e2533dbd", "status": "affected", "version": "80105befdb4b8cea924711b40b2462b87df65b62", "versionType": "git" }, { "lessThan": "7d5030a819c3589cf9948b1eee397b626ec590f5", "status": "affected", "version": "80105befdb4b8cea924711b40b2462b87df65b62", "versionType": "git" }, { "lessThan": "c401ed1c709948e57945485088413e1bb5e94bd1", "status": "affected", "version": "80105befdb4b8cea924711b40b2462b87df65b62", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/broadcom/bcmsysport.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.16" }, { "lessThan": "3.16", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.323", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.285", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.229", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.170", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: systemport: fix potential memory leak in bcm_sysport_xmit()\n\nThe bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skb\nin case of dma_map_single() fails, add dev_kfree_skb() to fix it." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:35.687Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/8e81ce7d0166a2249deb6d5e42f28a8b8c9ea72f" }, { "url": "https://git.kernel.org/stable/c/31701ef0c4547973991ff63596c927f841dfd133" }, { "url": "https://git.kernel.org/stable/c/b6321146773dcbbc372a54dbada67e0b50e0a25c" }, { "url": "https://git.kernel.org/stable/c/5febfc545389805ce83d37f9f4317055b26dd7d7" }, { "url": "https://git.kernel.org/stable/c/533d2f30aef272dade17870a509521c3afc38a03" }, { "url": "https://git.kernel.org/stable/c/4b70478b984af3c9d0279c121df5ff94e2533dbd" }, { "url": "https://git.kernel.org/stable/c/7d5030a819c3589cf9948b1eee397b626ec590f5" }, { "url": "https://git.kernel.org/stable/c/c401ed1c709948e57945485088413e1bb5e94bd1" } ], "title": "net: systemport: fix potential memory leak in bcm_sysport_xmit()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50171", "datePublished": "2024-11-07T09:31:47.585Z", "dateReserved": "2024-10-21T19:36:19.963Z", "dateUpdated": "2024-12-19T09:34:35.687Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50170
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: bcmasp: fix potential memory leak in bcmasp_xmit()
The bcmasp_xmit() returns NETDEV_TX_OK without freeing skb
in case of mapping fails, add dev_kfree_skb() to fix it.
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "7218de0778aefbbbcfe474a55f88bbf6f244627d", "status": "affected", "version": "490cb412007de593e07c1d3e2b1ec4233886707c", "versionType": "git" }, { "lessThan": "f689f20d3e09f2d4d0a2c575a9859115a33e68bd", "status": "affected", "version": "490cb412007de593e07c1d3e2b1ec4233886707c", "versionType": "git" }, { "lessThan": "fed07d3eb8a8d9fcc0e455175a89bc6445d6faed", "status": "affected", "version": "490cb412007de593e07c1d3e2b1ec4233886707c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/broadcom/asp2/bcmasp_intf.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.6" }, { "lessThan": "6.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bcmasp: fix potential memory leak in bcmasp_xmit()\n\nThe bcmasp_xmit() returns NETDEV_TX_OK without freeing skb\nin case of mapping fails, add dev_kfree_skb() to fix it." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:34.550Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/7218de0778aefbbbcfe474a55f88bbf6f244627d" }, { "url": "https://git.kernel.org/stable/c/f689f20d3e09f2d4d0a2c575a9859115a33e68bd" }, { "url": "https://git.kernel.org/stable/c/fed07d3eb8a8d9fcc0e455175a89bc6445d6faed" } ], "title": "net: bcmasp: fix potential memory leak in bcmasp_xmit()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50170", "datePublished": "2024-11-07T09:31:46.722Z", "dateReserved": "2024-10-21T19:36:19.963Z", "dateUpdated": "2024-12-19T09:34:34.550Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50160
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda/cs8409: Fix possible NULL dereference
If snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then
NULL pointer dereference will occur in the next line.
Since dolphin_fixups function is a hda_fixup function which is not supposed
to return any errors, add simple check before dereference, ignore the fail.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 20e507724113300794f16884e7e7507d9b4dec68 Version: 20e507724113300794f16884e7e7507d9b4dec68 Version: 20e507724113300794f16884e7e7507d9b4dec68 Version: 20e507724113300794f16884e7e7507d9b4dec68 Version: 20e507724113300794f16884e7e7507d9b4dec68 |
||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "sound/pci/hda/patch_cs8409.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "4e19aca8db696b6ba4dd8c73657405e15c695f14", "status": "affected", "version": "20e507724113300794f16884e7e7507d9b4dec68", "versionType": "git" }, { "lessThan": "21dc97d5086fdabbe278786bb0a03cbf2e26c793", "status": "affected", "version": "20e507724113300794f16884e7e7507d9b4dec68", "versionType": "git" }, { "lessThan": "8971fd61210d75fd2af225621cd2fcc87eb1847c", "status": "affected", "version": "20e507724113300794f16884e7e7507d9b4dec68", "versionType": "git" }, { "lessThan": "a5dd71a8b849626f42d08a5e73d382f2016fc7bc", "status": "affected", "version": "20e507724113300794f16884e7e7507d9b4dec68", "versionType": "git" }, { "lessThan": "c9bd4a82b4ed32c6d1c90500a52063e6e341517f", "status": "affected", "version": "20e507724113300794f16884e7e7507d9b4dec68", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "sound/pci/hda/patch_cs8409.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.15" }, { "lessThan": "5.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.170", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda/cs8409: Fix possible NULL dereference\n\nIf snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then\nNULL pointer dereference will occur in the next line.\n\nSince dolphin_fixups function is a hda_fixup function which is not supposed\nto return any errors, add simple check before dereference, ignore the fail.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:23.122Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/4e19aca8db696b6ba4dd8c73657405e15c695f14" }, { "url": "https://git.kernel.org/stable/c/21dc97d5086fdabbe278786bb0a03cbf2e26c793" }, { "url": "https://git.kernel.org/stable/c/8971fd61210d75fd2af225621cd2fcc87eb1847c" }, { "url": "https://git.kernel.org/stable/c/a5dd71a8b849626f42d08a5e73d382f2016fc7bc" }, { "url": "https://git.kernel.org/stable/c/c9bd4a82b4ed32c6d1c90500a52063e6e341517f" } ], "title": "ALSA: hda/cs8409: Fix possible NULL dereference", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50160", "datePublished": "2024-11-07T09:31:37.095Z", "dateReserved": "2024-10-21T19:36:19.961Z", "dateUpdated": "2024-12-19T09:34:23.122Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50143
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
udf: fix uninit-value use in udf_get_fileshortad
Check for overflow when computing alen in udf_current_aext to mitigate
later uninit-value use in udf_get_fileshortad KMSAN bug[1].
After applying the patch reproducer did not trigger any issue[2].
[1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df
[2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/udf/inode.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5eb76fb98b3335aa5cca6a7db2e659561c79c32b", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "417bd613bdbe791549f7687bb1b9b8012ff111c2", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "4fc0d8660e391dcd8dde23c44d702be1f6846c61", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "72e445df65a0aa9066c6fe2b8736ba2fcca6dac7", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "1ac49babc952f48d82676979b20885e480e69be8", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "e52e0b92ed31dc62afbda15c243dcee0bb5bb58d", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "264db9d666ad9a35075cc9ed9ec09d021580fbb1", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/udf/inode.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.323", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.285", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.170", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nudf: fix uninit-value use in udf_get_fileshortad\n\nCheck for overflow when computing alen in udf_current_aext to mitigate\nlater uninit-value use in udf_get_fileshortad KMSAN bug[1].\nAfter applying the patch reproducer did not trigger any issue[2].\n\n[1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df\n[2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000" } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:03.835Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b" }, { "url": "https://git.kernel.org/stable/c/417bd613bdbe791549f7687bb1b9b8012ff111c2" }, { "url": "https://git.kernel.org/stable/c/4fc0d8660e391dcd8dde23c44d702be1f6846c61" }, { "url": "https://git.kernel.org/stable/c/72e445df65a0aa9066c6fe2b8736ba2fcca6dac7" }, { "url": "https://git.kernel.org/stable/c/1ac49babc952f48d82676979b20885e480e69be8" }, { "url": "https://git.kernel.org/stable/c/e52e0b92ed31dc62afbda15c243dcee0bb5bb58d" }, { "url": "https://git.kernel.org/stable/c/264db9d666ad9a35075cc9ed9ec09d021580fbb1" } ], "title": "udf: fix uninit-value use in udf_get_fileshortad", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50143", "datePublished": "2024-11-07T09:31:20.340Z", "dateReserved": "2024-10-21T19:36:19.956Z", "dateUpdated": "2024-12-19T09:34:03.835Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50155
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
netdevsim: use cond_resched() in nsim_dev_trap_report_work()
I am still seeing many syzbot reports hinting that syzbot
might fool nsim_dev_trap_report_work() with hundreds of ports [1]
Lets use cond_resched(), and system_unbound_wq
instead of implicit system_wq.
[1]
INFO: task syz-executor:20633 blocked for more than 143 seconds.
Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:syz-executor state:D stack:25856 pid:20633 tgid:20633 ppid:1 flags:0x00004006
...
NMI backtrace for cpu 1
CPU: 1 UID: 0 PID: 16760 Comm: kworker/1:0 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Workqueue: events nsim_dev_trap_report_work
RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210
Code: 89 fb e8 23 00 00 00 48 8b 3d 04 fb 9c 0c 48 89 de 5b e9 c3 c7 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 60 f0
RSP: 0018:ffffc90000a187e8 EFLAGS: 00000246
RAX: 0000000000000100 RBX: ffffc90000a188e0 RCX: ffff888027d3bc00
RDX: ffff888027d3bc00 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffff88804a2e6000 R08: ffffffff8a4bc495 R09: ffffffff89da3577
R10: 0000000000000004 R11: ffffffff8a4bc2b0 R12: dffffc0000000000
R13: ffff88806573b503 R14: dffffc0000000000 R15: ffff8880663cca00
FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fc90a747f98 CR3: 000000000e734000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 000000000000002b DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
__local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382
spin_unlock_bh include/linux/spinlock.h:396 [inline]
nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]
nsim_dev_trap_report_work+0x75d/0xaa0 drivers/net/netdevsim/dev.c:850
process_one_work kernel/workqueue.c:3229 [inline]
process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310
worker_thread+0x870/0xd30 kernel/workqueue.c:3391
kthread+0x2f0/0x390 kernel/kthread.c:389
ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/netdevsim/dev.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "24973f4b64f93232a48fe78029385de762a2418d", "status": "affected", "version": "0193e0660cc6689c794794b471492923cfd7bfbc", "versionType": "git" }, { "lessThan": "681ce79ab6fba2f8d1c5ea60239f0086baebd0d3", "status": "affected", "version": "6eecddd9c3c8d6e3a097531cdc6d500335b35e46", "versionType": "git" }, { "lessThan": "32f054f93937b548c61b3bf57d8f4aefc50f3b16", "status": "affected", "version": "ba5e1272142d051dcc57ca1d3225ad8a089f9858", "versionType": "git" }, { "lessThan": "a1494d532e28598bde7a5544892ef9c7dbfafa93", "status": "affected", "version": "ba5e1272142d051dcc57ca1d3225ad8a089f9858", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/netdevsim/dev.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.8" }, { "lessThan": "6.8", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: use cond_resched() in nsim_dev_trap_report_work()\n\nI am still seeing many syzbot reports hinting that syzbot\nmight fool nsim_dev_trap_report_work() with hundreds of ports [1]\n\nLets use cond_resched(), and system_unbound_wq\ninstead of implicit system_wq.\n\n[1]\nINFO: task syz-executor:20633 blocked for more than 143 seconds.\n Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0\n\"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:syz-executor state:D stack:25856 pid:20633 tgid:20633 ppid:1 flags:0x00004006\n...\nNMI backtrace for cpu 1\nCPU: 1 UID: 0 PID: 16760 Comm: kworker/1:0 Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\nWorkqueue: events nsim_dev_trap_report_work\n RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:210\nCode: 89 fb e8 23 00 00 00 48 8b 3d 04 fb 9c 0c 48 89 de 5b e9 c3 c7 5d 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 \u003cf3\u003e 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 60 f0\nRSP: 0018:ffffc90000a187e8 EFLAGS: 00000246\nRAX: 0000000000000100 RBX: ffffc90000a188e0 RCX: ffff888027d3bc00\nRDX: ffff888027d3bc00 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: ffff88804a2e6000 R08: ffffffff8a4bc495 R09: ffffffff89da3577\nR10: 0000000000000004 R11: ffffffff8a4bc2b0 R12: dffffc0000000000\nR13: ffff88806573b503 R14: dffffc0000000000 R15: ffff8880663cca00\nFS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fc90a747f98 CR3: 000000000e734000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 000000000000002b DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x1bb/0x200 kernel/softirq.c:382\n spin_unlock_bh include/linux/spinlock.h:396 [inline]\n nsim_dev_trap_report drivers/net/netdevsim/dev.c:820 [inline]\n nsim_dev_trap_report_work+0x75d/0xaa0 drivers/net/netdevsim/dev.c:850\n process_one_work kernel/workqueue.c:3229 [inline]\n process_scheduled_works+0xa63/0x1850 kernel/workqueue.c:3310\n worker_thread+0x870/0xd30 kernel/workqueue.c:3391\n kthread+0x2f0/0x390 kernel/kthread.c:389\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e" } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:17.477Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/24973f4b64f93232a48fe78029385de762a2418d" }, { "url": "https://git.kernel.org/stable/c/681ce79ab6fba2f8d1c5ea60239f0086baebd0d3" }, { "url": "https://git.kernel.org/stable/c/32f054f93937b548c61b3bf57d8f4aefc50f3b16" }, { "url": "https://git.kernel.org/stable/c/a1494d532e28598bde7a5544892ef9c7dbfafa93" } ], "title": "netdevsim: use cond_resched() in nsim_dev_trap_report_work()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50155", "datePublished": "2024-11-07T09:31:31.848Z", "dateReserved": "2024-10-21T19:36:19.960Z", "dateUpdated": "2024-12-19T09:34:17.477Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50144
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: fix unbalanced rpm put() with fence_fini()
Currently we can call fence_fini() twice if something goes wrong when
sending the GuC CT for the tlb request, since we signal the fence and
return an error, leading to the caller also calling fini() on the error
path in the case of stack version of the flow, which leads to an extra
rpm put() which might later cause device to enter suspend when it
shouldn't. It looks like we can just drop the fini() call since the
fence signaller side will already call this for us.
There are known mysterious splats with device going to sleep even with
an rpm ref, and this could be one candidate.
v2 (Matt B):
- Prefer warning if we detect double fini()
(cherry picked from commit cfcbc0520d5055825f0647ab922b655688605183)
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c", "drivers/gpu/drm/xe/xe_gt_tlb_invalidation.h", "drivers/gpu/drm/xe/xe_vm.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "046bd018c0123b1a49c22abed5f9ea31d1454c78", "status": "affected", "version": "f002702290fccbd473f5bb94e52f25c96917fff2", "versionType": "git" }, { "lessThan": "03a86c24aea0920a1ca20a0d7771d5e176db538d", "status": "affected", "version": "f002702290fccbd473f5bb94e52f25c96917fff2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/xe/xe_gt_tlb_invalidation.c", "drivers/gpu/drm/xe/xe_gt_tlb_invalidation.h", "drivers/gpu/drm/xe/xe_vm.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.11" }, { "lessThan": "6.11", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe: fix unbalanced rpm put() with fence_fini()\n\nCurrently we can call fence_fini() twice if something goes wrong when\nsending the GuC CT for the tlb request, since we signal the fence and\nreturn an error, leading to the caller also calling fini() on the error\npath in the case of stack version of the flow, which leads to an extra\nrpm put() which might later cause device to enter suspend when it\nshouldn\u0027t. It looks like we can just drop the fini() call since the\nfence signaller side will already call this for us.\n\nThere are known mysterious splats with device going to sleep even with\nan rpm ref, and this could be one candidate.\n\nv2 (Matt B):\n - Prefer warning if we detect double fini()\n\n(cherry picked from commit cfcbc0520d5055825f0647ab922b655688605183)" } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:04.951Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/046bd018c0123b1a49c22abed5f9ea31d1454c78" }, { "url": "https://git.kernel.org/stable/c/03a86c24aea0920a1ca20a0d7771d5e176db538d" } ], "title": "drm/xe: fix unbalanced rpm put() with fence_fini()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50144", "datePublished": "2024-11-07T09:31:21.224Z", "dateReserved": "2024-10-21T19:36:19.956Z", "dateUpdated": "2024-12-19T09:34:04.951Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50172
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Fix a possible memory leak
In bnxt_re_setup_chip_ctx() when bnxt_qplib_map_db_bar() fails
driver is not freeing the memory allocated for "rdev->chip_ctx".
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/infiniband/hw/bnxt_re/main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "73e04a6114e08b5eb10e589e12b680955accb376", "status": "affected", "version": "0ac20faf5d837b59fb4c041ea320932ed47fd67f", "versionType": "git" }, { "lessThan": "595fa9b17201028d35f92d450fc0ecda873fe469", "status": "affected", "version": "0ac20faf5d837b59fb4c041ea320932ed47fd67f", "versionType": "git" }, { "lessThan": "3fc5410f225d1651580a4aeb7c72f55e28673b53", "status": "affected", "version": "0ac20faf5d837b59fb4c041ea320932ed47fd67f", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/infiniband/hw/bnxt_re/main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.5" }, { "lessThan": "6.5", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/bnxt_re: Fix a possible memory leak\n\nIn bnxt_re_setup_chip_ctx() when bnxt_qplib_map_db_bar() fails\ndriver is not freeing the memory allocated for \"rdev-\u003echip_ctx\"." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:36.818Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/73e04a6114e08b5eb10e589e12b680955accb376" }, { "url": "https://git.kernel.org/stable/c/595fa9b17201028d35f92d450fc0ecda873fe469" }, { "url": "https://git.kernel.org/stable/c/3fc5410f225d1651580a4aeb7c72f55e28673b53" } ], "title": "RDMA/bnxt_re: Fix a possible memory leak", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50172", "datePublished": "2024-11-07T09:31:48.430Z", "dateReserved": "2024-10-21T19:36:19.963Z", "dateUpdated": "2024-12-19T09:34:36.818Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50156
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
If the allocation in msm_disp_state_dump_regs() failed then
`block->state` can be NULL. The msm_disp_state_print_regs() function
_does_ have code to try to handle it with:
if (*reg)
dump_addr = *reg;
...but since "dump_addr" is initialized to NULL the above is actually
a noop. The code then goes on to dereference `dump_addr`.
Make the function print "Registers not stored" when it sees a NULL to
solve this. Since we're touching the code, fix
msm_disp_state_print_regs() not to pointlessly take a double-pointer
and properly mark the pointer as `const`.
Patchwork: https://patchwork.freedesktop.org/patch/619657/
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 98659487b845c05b6bed85d881713545db674c7c Version: 98659487b845c05b6bed85d881713545db674c7c Version: 98659487b845c05b6bed85d881713545db674c7c Version: 98659487b845c05b6bed85d881713545db674c7c Version: 98659487b845c05b6bed85d881713545db674c7c |
||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/msm/disp/msm_disp_snapshot_util.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "42cf045086feae77b212f0f66e742b91a5b566b7", "status": "affected", "version": "98659487b845c05b6bed85d881713545db674c7c", "versionType": "git" }, { "lessThan": "e8e9f2a12a6214080c8ea83220a596f6e1dedc6c", "status": "affected", "version": "98659487b845c05b6bed85d881713545db674c7c", "versionType": "git" }, { "lessThan": "f7ad916273483748582d97cfa31054ccb19224f3", "status": "affected", "version": "98659487b845c05b6bed85d881713545db674c7c", "versionType": "git" }, { "lessThan": "563aa81fd66a4e7e6e551a0e02bcc23957cafe2f", "status": "affected", "version": "98659487b845c05b6bed85d881713545db674c7c", "versionType": "git" }, { "lessThan": "293f53263266bc4340d777268ab4328a97f041fa", "status": "affected", "version": "98659487b845c05b6bed85d881713545db674c7c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/msm/disp/msm_disp_snapshot_util.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.14" }, { "lessThan": "5.14", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.170", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm: Avoid NULL dereference in msm_disp_state_print_regs()\n\nIf the allocation in msm_disp_state_dump_regs() failed then\n`block-\u003estate` can be NULL. The msm_disp_state_print_regs() function\n_does_ have code to try to handle it with:\n\n if (*reg)\n dump_addr = *reg;\n\n...but since \"dump_addr\" is initialized to NULL the above is actually\na noop. The code then goes on to dereference `dump_addr`.\n\nMake the function print \"Registers not stored\" when it sees a NULL to\nsolve this. Since we\u0027re touching the code, fix\nmsm_disp_state_print_regs() not to pointlessly take a double-pointer\nand properly mark the pointer as `const`.\n\nPatchwork: https://patchwork.freedesktop.org/patch/619657/" } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:18.651Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/42cf045086feae77b212f0f66e742b91a5b566b7" }, { "url": "https://git.kernel.org/stable/c/e8e9f2a12a6214080c8ea83220a596f6e1dedc6c" }, { "url": "https://git.kernel.org/stable/c/f7ad916273483748582d97cfa31054ccb19224f3" }, { "url": "https://git.kernel.org/stable/c/563aa81fd66a4e7e6e551a0e02bcc23957cafe2f" }, { "url": "https://git.kernel.org/stable/c/293f53263266bc4340d777268ab4328a97f041fa" } ], "title": "drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50156", "datePublished": "2024-11-07T09:31:33.018Z", "dateReserved": "2024-10-21T19:36:19.960Z", "dateUpdated": "2024-12-19T09:34:18.651Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50164
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix overloading of MEM_UNINIT's meaning
Lonial reported an issue in the BPF verifier where check_mem_size_reg()
has the following code:
if (!tnum_is_const(reg->var_off))
/* For unprivileged variable accesses, disable raw
* mode so that the program is required to
* initialize all the memory that the helper could
* just partially fill up.
*/
meta = NULL;
This means that writes are not checked when the register containing the
size of the passed buffer has not a fixed size. Through this bug, a BPF
program can write to a map which is marked as read-only, for example,
.rodata global maps.
The problem is that MEM_UNINIT's initial meaning that "the passed buffer
to the BPF helper does not need to be initialized" which was added back
in commit 435faee1aae9 ("bpf, verifier: add ARG_PTR_TO_RAW_STACK type")
got overloaded over time with "the passed buffer is being written to".
The problem however is that checks such as the above which were added later
via 06c1c049721a ("bpf: allow helpers access to variable memory") set meta
to NULL in order force the user to always initialize the passed buffer to
the helper. Due to the current double meaning of MEM_UNINIT, this bypasses
verifier write checks to the memory (not boundary checks though) and only
assumes the latter memory is read instead.
Fix this by reverting MEM_UNINIT back to its original meaning, and having
MEM_WRITE as an annotation to BPF helpers in order to then trigger the
BPF verifier checks for writing to memory.
Some notes: check_arg_pair_ok() ensures that for ARG_CONST_SIZE{,_OR_ZERO}
we can access fn->arg_type[arg - 1] since it must contain a preceding
ARG_PTR_TO_MEM. For check_mem_reg() the meta argument can be removed
altogether since we do check both BPF_READ and BPF_WRITE. Same for the
equivalent check_kfunc_mem_size_reg().
References
Impacted products
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "kernel/bpf/verifier.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "48068ccaea957469f1adf78dfd2c1c9a7e18f0fe", "status": "affected", "version": "7b3552d3f9f6897851fc453b5131a967167e43c2", "versionType": "git" }, { "lessThan": "54bc31682660810af1bed7ca7a19f182df8d3df8", "status": "affected", "version": "7b3552d3f9f6897851fc453b5131a967167e43c2", "versionType": "git" }, { "lessThan": "8ea607330a39184f51737c6ae706db7fdca7628e", "status": "affected", "version": "7b3552d3f9f6897851fc453b5131a967167e43c2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "kernel/bpf/verifier.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.19" }, { "lessThan": "5.19", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overloading of MEM_UNINIT\u0027s meaning\n\nLonial reported an issue in the BPF verifier where check_mem_size_reg()\nhas the following code:\n\n if (!tnum_is_const(reg-\u003evar_off))\n /* For unprivileged variable accesses, disable raw\n * mode so that the program is required to\n * initialize all the memory that the helper could\n * just partially fill up.\n */\n meta = NULL;\n\nThis means that writes are not checked when the register containing the\nsize of the passed buffer has not a fixed size. Through this bug, a BPF\nprogram can write to a map which is marked as read-only, for example,\n.rodata global maps.\n\nThe problem is that MEM_UNINIT\u0027s initial meaning that \"the passed buffer\nto the BPF helper does not need to be initialized\" which was added back\nin commit 435faee1aae9 (\"bpf, verifier: add ARG_PTR_TO_RAW_STACK type\")\ngot overloaded over time with \"the passed buffer is being written to\".\n\nThe problem however is that checks such as the above which were added later\nvia 06c1c049721a (\"bpf: allow helpers access to variable memory\") set meta\nto NULL in order force the user to always initialize the passed buffer to\nthe helper. Due to the current double meaning of MEM_UNINIT, this bypasses\nverifier write checks to the memory (not boundary checks though) and only\nassumes the latter memory is read instead.\n\nFix this by reverting MEM_UNINIT back to its original meaning, and having\nMEM_WRITE as an annotation to BPF helpers in order to then trigger the\nBPF verifier checks for writing to memory.\n\nSome notes: check_arg_pair_ok() ensures that for ARG_CONST_SIZE{,_OR_ZERO}\nwe can access fn-\u003earg_type[arg - 1] since it must contain a preceding\nARG_PTR_TO_MEM. For check_mem_reg() the meta argument can be removed\naltogether since we do check both BPF_READ and BPF_WRITE. Same for the\nequivalent check_kfunc_mem_size_reg()." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:27.759Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/48068ccaea957469f1adf78dfd2c1c9a7e18f0fe" }, { "url": "https://git.kernel.org/stable/c/54bc31682660810af1bed7ca7a19f182df8d3df8" }, { "url": "https://git.kernel.org/stable/c/8ea607330a39184f51737c6ae706db7fdca7628e" } ], "title": "bpf: Fix overloading of MEM_UNINIT\u0027s meaning", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50164", "datePublished": "2024-11-07T09:31:41.012Z", "dateReserved": "2024-10-21T19:36:19.962Z", "dateUpdated": "2024-12-19T09:34:27.759Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50167
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
be2net: fix potential memory leak in be_xmit()
The be_xmit() returns NETDEV_TX_OK without freeing skb
in case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 760c295e0e8d982917d004c9095cff61c0cbd803 Version: 760c295e0e8d982917d004c9095cff61c0cbd803 Version: 760c295e0e8d982917d004c9095cff61c0cbd803 Version: 760c295e0e8d982917d004c9095cff61c0cbd803 Version: 760c295e0e8d982917d004c9095cff61c0cbd803 Version: 760c295e0e8d982917d004c9095cff61c0cbd803 Version: 760c295e0e8d982917d004c9095cff61c0cbd803 Version: 760c295e0e8d982917d004c9095cff61c0cbd803 |
||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/emulex/benet/be_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "941026023c256939943a47d1c66671526befbb26", "status": "affected", "version": "760c295e0e8d982917d004c9095cff61c0cbd803", "versionType": "git" }, { "lessThan": "6b7ce8ee01c33c380aaa5077ff25215492e7eb0e", "status": "affected", "version": "760c295e0e8d982917d004c9095cff61c0cbd803", "versionType": "git" }, { "lessThan": "77bc881d370e850b7f3cd2b5eae67d596b40efbc", "status": "affected", "version": "760c295e0e8d982917d004c9095cff61c0cbd803", "versionType": "git" }, { "lessThan": "919ab6e2370289a2748780f44a43333cd3878aa7", "status": "affected", "version": "760c295e0e8d982917d004c9095cff61c0cbd803", "versionType": "git" }, { "lessThan": "4c5f170ef4f85731a4d43ad9a6ac51106c0946be", "status": "affected", "version": "760c295e0e8d982917d004c9095cff61c0cbd803", "versionType": "git" }, { "lessThan": "641c1beed52bf3c6deb0193fe4d38ec9ff75d2ae", "status": "affected", "version": "760c295e0e8d982917d004c9095cff61c0cbd803", "versionType": "git" }, { "lessThan": "e86a79b804e26e3b7f1e415b22a085c0bb7ea3d3", "status": "affected", "version": "760c295e0e8d982917d004c9095cff61c0cbd803", "versionType": "git" }, { "lessThan": "e4dd8bfe0f6a23acd305f9b892c00899089bd621", "status": "affected", "version": "760c295e0e8d982917d004c9095cff61c0cbd803", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/emulex/benet/be_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.2" }, { "lessThan": "4.2", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.323", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.285", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.229", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.170", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbe2net: fix potential memory leak in be_xmit()\n\nThe be_xmit() returns NETDEV_TX_OK without freeing skb\nin case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:31.176Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/941026023c256939943a47d1c66671526befbb26" }, { "url": "https://git.kernel.org/stable/c/6b7ce8ee01c33c380aaa5077ff25215492e7eb0e" }, { "url": "https://git.kernel.org/stable/c/77bc881d370e850b7f3cd2b5eae67d596b40efbc" }, { "url": "https://git.kernel.org/stable/c/919ab6e2370289a2748780f44a43333cd3878aa7" }, { "url": "https://git.kernel.org/stable/c/4c5f170ef4f85731a4d43ad9a6ac51106c0946be" }, { "url": "https://git.kernel.org/stable/c/641c1beed52bf3c6deb0193fe4d38ec9ff75d2ae" }, { "url": "https://git.kernel.org/stable/c/e86a79b804e26e3b7f1e415b22a085c0bb7ea3d3" }, { "url": "https://git.kernel.org/stable/c/e4dd8bfe0f6a23acd305f9b892c00899089bd621" } ], "title": "be2net: fix potential memory leak in be_xmit()", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50167", "datePublished": "2024-11-07T09:31:43.782Z", "dateReserved": "2024-10-21T19:36:19.962Z", "dateUpdated": "2024-12-19T09:34:31.176Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-50148
Vulnerability from cvelistv5
Published
2024-11-07 09:31
Modified
2024-12-19 09:34
Severity ?
EPSS score ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: bnep: fix wild-memory-access in proto_unregister
There's issue as follows:
KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f]
CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W
RIP: 0010:proto_unregister+0xee/0x400
Call Trace:
<TASK>
__do_sys_delete_module+0x318/0x580
do_syscall_64+0xc1/0x1d0
entry_SYSCALL_64_after_hwframe+0x77/0x7f
As bnep_init() ignore bnep_sock_init()'s return value, and bnep_sock_init()
will cleanup all resource. Then when remove bnep module will call
bnep_sock_cleanup() to cleanup sock's resource.
To solve above issue just return bnep_sock_init()'s return value in
bnep_exit().
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Linux | Linux |
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 |
||||
|
{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/bluetooth/bnep/core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "e232728242c4e98fb30e4c6bedb6ba8b482b6301", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "2c439470b23d78095a0d2f923342df58b155f669", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "6c151aeb6dc414db8f4daf51be072e802fae6667", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "fa58e23ea1359bd24b323916d191e2e9b4b19783", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "03015b6329e6de42f03ec917c25c4cf944f81f66", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "d10cd7bf574ead01fae140ce117a11bcdacbe6a8", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "20c424bc475b2b2a6e0e2225d2aae095c2ab2f41", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" }, { "lessThan": "64a90991ba8d4e32e3173ddd83d0b24167a5668c", "status": "affected", "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/bluetooth/bnep/core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "2.6.12" }, { "lessThan": "2.6.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.323", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.285", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.229", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.170", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.115", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.59", "versionType": "semver" }, { "lessThanOrEqual": "6.11.*", "status": "unaffected", "version": "6.11.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.12", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: bnep: fix wild-memory-access in proto_unregister\n\nThere\u0027s issue as follows:\n KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f]\n CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W\n RIP: 0010:proto_unregister+0xee/0x400\n Call Trace:\n \u003cTASK\u003e\n __do_sys_delete_module+0x318/0x580\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nAs bnep_init() ignore bnep_sock_init()\u0027s return value, and bnep_sock_init()\nwill cleanup all resource. Then when remove bnep module will call\nbnep_sock_cleanup() to cleanup sock\u0027s resource.\nTo solve above issue just return bnep_sock_init()\u0027s return value in\nbnep_exit()." } ], "providerMetadata": { "dateUpdated": "2024-12-19T09:34:09.474Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/e232728242c4e98fb30e4c6bedb6ba8b482b6301" }, { "url": "https://git.kernel.org/stable/c/2c439470b23d78095a0d2f923342df58b155f669" }, { "url": "https://git.kernel.org/stable/c/6c151aeb6dc414db8f4daf51be072e802fae6667" }, { "url": "https://git.kernel.org/stable/c/fa58e23ea1359bd24b323916d191e2e9b4b19783" }, { "url": "https://git.kernel.org/stable/c/03015b6329e6de42f03ec917c25c4cf944f81f66" }, { "url": "https://git.kernel.org/stable/c/d10cd7bf574ead01fae140ce117a11bcdacbe6a8" }, { "url": "https://git.kernel.org/stable/c/20c424bc475b2b2a6e0e2225d2aae095c2ab2f41" }, { "url": "https://git.kernel.org/stable/c/64a90991ba8d4e32e3173ddd83d0b24167a5668c" } ], "title": "Bluetooth: bnep: fix wild-memory-access in proto_unregister", "x_generator": { "engine": "bippy-5f407fcff5a0" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-50148", "datePublished": "2024-11-07T09:31:24.987Z", "dateReserved": "2024-10-21T19:36:19.959Z", "dateUpdated": "2024-12-19T09:34:09.474Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.