diff --git a/advisories/unreviewed/2024/12/GHSA-2c9f-4h7m-wqr9/GHSA-2c9f-4h7m-wqr9.json b/advisories/unreviewed/2024/12/GHSA-2c9f-4h7m-wqr9/GHSA-2c9f-4h7m-wqr9.json new file mode 100644 index 0000000000000..e22ae8c179561 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-2c9f-4h7m-wqr9/GHSA-2c9f-4h7m-wqr9.json @@ -0,0 +1,49 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2c9f-4h7m-wqr9", + "modified": "2024-12-28T12:30:48Z", + "published": "2024-12-28T12:30:48Z", + "aliases": [ + "CVE-2024-56708" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nEDAC/igen6: Avoid segmentation fault on module unload\n\nThe segmentation fault happens because:\n\nDuring modprobe:\n1. In igen6_probe(), igen6_pvt will be allocated with kzalloc()\n2. In igen6_register_mci(), mci->pvt_info will point to\n &igen6_pvt->imc[mc]\n\nDuring rmmod:\n1. In mci_release() in edac_mc.c, it will kfree(mci->pvt_info)\n2. In igen6_remove(), it will kfree(igen6_pvt);\n\nFix this issue by setting mci->pvt_info to NULL to avoid the double\nkfree.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56708" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/029ac07bb92d2f7502d47a4916f197a8445d83bf" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2a80e710bbc088a2511c159ee4d910456c5f0832" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/830cabb61113d92a425dd3038ccedbdfb3c8d079" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/db60326f2c47b079e36785ace621eb3002db2088" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e5c7052664b61f9e2f896702d20552707d0ef60a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/fefaae90398d38a1100ccd73b46ab55ff4610fba" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:20Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-2hfg-4m2j-678g/GHSA-2hfg-4m2j-678g.json b/advisories/unreviewed/2024/12/GHSA-2hfg-4m2j-678g/GHSA-2hfg-4m2j-678g.json new file mode 100644 index 0000000000000..38f17fb5ba214 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-2hfg-4m2j-678g/GHSA-2hfg-4m2j-678g.json @@ -0,0 +1,61 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-2hfg-4m2j-678g", + "modified": "2024-12-28T12:30:48Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56700" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: wl128x: Fix atomicity violation in fmc_send_cmd()\n\nAtomicity violation occurs when the fmc_send_cmd() function is executed\nsimultaneously with the modification of the fmdev->resp_skb value.\nConsider a scenario where, after passing the validity check within the\nfunction, a non-null fmdev->resp_skb variable is assigned a null value.\nThis results in an invalid fmdev->resp_skb variable passing the validity\ncheck. As seen in the later part of the function, skb = fmdev->resp_skb;\nwhen the invalid fmdev->resp_skb passes the check, a null pointer\ndereference error may occur at line 478, evt_hdr = (void *)skb->data;\n\nTo address this issue, it is recommended to include the validity check of\nfmdev->resp_skb within the locked section of the function. This\nmodification ensures that the value of fmdev->resp_skb does not change\nduring the validation process, thereby maintaining its validity.\n\nThis possible bug is found by an experimental static analysis tool\ndeveloped by our team. This tool analyzes the locking APIs\nto extract function pairs that can be concurrently executed, and then\nanalyzes the instructions in the paired functions to identify possible\nconcurrency bugs including data races and atomicity violations.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56700" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2e63c908de357048180516b84740ed62dac0b269" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/372dc9509122e5d45d4c12978e31c3c7d00aaca4" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/378ce4e08ca2b1ac7bbf1d57b68643ca4226c5f8" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3c818ad07e964bca3d27adac1e1f50e1e3c9180e" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/80a3b2ee01eecf22dfa06968b3cde92c691dea10" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ca59f9956d4519ab18ab2270be47c6b8c6ced091" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d16109c9fdc1b8cea4fe63b42e06e926c3f68990" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d7408a052aa1b4f6fb6f1c7a8877b84017a07ac9" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ed228b74d8a500380150965d5becabf9a1e33141" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-3gw3-c8c8-m6m2/GHSA-3gw3-c8c8-m6m2.json b/advisories/unreviewed/2024/12/GHSA-3gw3-c8c8-m6m2/GHSA-3gw3-c8c8-m6m2.json new file mode 100644 index 0000000000000..3be68a6d86d2b --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-3gw3-c8c8-m6m2/GHSA-3gw3-c8c8-m6m2.json @@ -0,0 +1,49 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-3gw3-c8c8-m6m2", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56679" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c\n\nAdd error pointer check after calling otx2_mbox_get_rsp().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56679" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0fbc7a5027c6f7f2c785adae3dcec22b2f2b69b3" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4b88b202cf1ae79159a94fff9500f9be31559235" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/52c63a6a27d3178fab533fcfb4baa2ed5b8608a3" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/785c6758ea32aca73ba9331f7d902f7ce9a25757" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/9265b6ee754226f61bd122ec57141a781d4e0dcb" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d4d5139d280f5837f16d116614c05c2b4eeaf28f" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-4pr7-h3p8-c732/GHSA-4pr7-h3p8-c732.json b/advisories/unreviewed/2024/12/GHSA-4pr7-h3p8-c732/GHSA-4pr7-h3p8-c732.json new file mode 100644 index 0000000000000..23e2572d906db --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-4pr7-h3p8-c732/GHSA-4pr7-h3p8-c732.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4pr7-h3p8-c732", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56699" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pci: Fix potential double remove of hotplug slot\n\nIn commit 6ee600bfbe0f (\"s390/pci: remove hotplug slot when releasing the\ndevice\") the zpci_exit_slot() was moved from zpci_device_reserved() to\nzpci_release_device() with the intention of keeping the hotplug slot\naround until the device is actually removed.\n\nNow zpci_release_device() is only called once all references are\ndropped. Since the zPCI subsystem only drops its reference once the\ndevice is in the reserved state it follows that zpci_release_device()\nmust only deal with devices in the reserved state. Despite that it\ncontains code to tear down from both configured and standby state. For\nthe standby case this already includes the removal of the hotplug slot\nso would cause a double removal if a device was ever removed in\neither configured or standby state.\n\nInstead of causing a potential double removal in a case that should\nnever happen explicitly WARN_ON() if a device in non-reserved state is\nreleased and get rid of the dead code cases.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56699" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/371bd905599d18da62d75e3974acbf6a41e315c7" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c1489651071ab1be46d2af1da8adb15c9fc3c069" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c4a585e952ca403a370586d3f16e8331a7564901" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-4rq6-qv3v-654p/GHSA-4rq6-qv3v-654p.json b/advisories/unreviewed/2024/12/GHSA-4rq6-qv3v-654p/GHSA-4rq6-qv3v-654p.json new file mode 100644 index 0000000000000..4725b703c5821 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-4rq6-qv3v-654p/GHSA-4rq6-qv3v-654p.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4rq6-qv3v-654p", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56686" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix race in buffer_head read fault injection\n\nWhen I enabled ext4 debug for fault injection testing, I encountered the\nfollowing warning:\n\n EXT4-fs error (device sda): ext4_read_inode_bitmap:201: comm fsstress:\n Cannot read inode bitmap - block_group = 8, inode_bitmap = 1051\n WARNING: CPU: 0 PID: 511 at fs/buffer.c:1181 mark_buffer_dirty+0x1b3/0x1d0\n\nThe root cause of the issue lies in the improper implementation of ext4's\nbuffer_head read fault injection. The actual completion of buffer_head\nread and the buffer_head fault injection are not atomic, which can lead\nto the uptodate flag being cleared on normally used buffer_heads in race\nconditions.\n\n[CPU0] [CPU1] [CPU2]\next4_read_inode_bitmap\n ext4_read_bh()\n \n ext4_read_inode_bitmap\n if (buffer_uptodate(bh))\n return bh\n jbd2_journal_commit_transaction\n __jbd2_journal_refile_buffer\n __jbd2_journal_unfile_buffer\n __jbd2_journal_temp_unlink_buffer\n ext4_simulate_fail_bh()\n clear_buffer_uptodate\n mark_buffer_dirty\n \n WARN_ON_ONCE(!buffer_uptodate(bh))\n\nThe best approach would be to perform fault injection in the IO completion\ncallback function, rather than after IO completion. However, the IO\ncompletion callback function cannot get the fault injection code in sb.\n\nFix it by passing the result of fault injection into the bh read function,\nwe simulate faults within the bh read function itself. This requires adding\nan extra parameter to the bh read functions that need fault injection.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56686" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/25a5acf88fed59e060405bbb48098f4a3a2c2adc" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2f3d93e210b9c2866c8b3662adae427d5bf511ec" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/61832ee7fa2fbd569d129379e795038abfb0d128" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/77035e4d27e15f87ea55929c8bb8fb1970129e2f" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-4w8p-fpvp-22x8/GHSA-4w8p-fpvp-22x8.json b/advisories/unreviewed/2024/12/GHSA-4w8p-fpvp-22x8/GHSA-4w8p-fpvp-22x8.json new file mode 100644 index 0000000000000..f2cdd40521b75 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-4w8p-fpvp-22x8/GHSA-4w8p-fpvp-22x8.json @@ -0,0 +1,61 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-4w8p-fpvp-22x8", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56690" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY\n\nSince commit 8f4f68e788c3 (\"crypto: pcrypt - Fix hungtask for\nPADATA_RESET\"), the pcrypt encryption and decryption operations return\n-EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is\ngenerated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns\n-EAGAIN, the unnecessary panic will occur when panic_on_warn set 1.\nFix this issue by calling crypto layer directly without parallelization\nin that case.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56690" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/5edae7a9a35606017ee6e05911c290acee9fee5a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/662f2f13e66d3883b9238b0b96b17886179e60e2" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7ddab756f2de5b7b43c122ebebdf37f400fb2b6f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/92834692a539b5b7f409e467a14667d64713b732" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/96001f52ae8c70e2c736d3e1e5dc53d5b521e5ca" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a8e0074ffb38c9a5964a221bb998034d016c93a2" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a92ccd3618e42333ac6f150ecdac14dca298bc7a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/dd8bf8eb5beba1e7c3b11a9a5a58ccbf345a69e6" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/fca8aed12218f96b38e374ff264d78ea1fbd23cc" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-54qc-m2ph-jw4r/GHSA-54qc-m2ph-jw4r.json b/advisories/unreviewed/2024/12/GHSA-54qc-m2ph-jw4r/GHSA-54qc-m2ph-jw4r.json new file mode 100644 index 0000000000000..ea4a047dc4c35 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-54qc-m2ph-jw4r/GHSA-54qc-m2ph-jw4r.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-54qc-m2ph-jw4r", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56685" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: mediatek: Check num_codecs is not zero to avoid panic during probe\n\nFollowing commit 13f58267cda3 (\"ASoC: soc.h: don't create dummy\nComponent via COMP_DUMMY()\"), COMP_DUMMY() became an array with zero\nlength, and only gets populated with the dummy struct after the card is\nregistered. Since the sound card driver's probe happens before the card\nregistration, accessing any of the members of a dummy component during\nprobe will result in undefined behavior.\n\nThis can be observed in the mt8188 and mt8195 machine sound drivers. By\nomitting a dai link subnode in the sound card's node in the Devicetree,\nthe default uninitialized dummy codec is used, and when its dai_name\npointer gets passed to strcmp() it results in a null pointer dereference\nand a kernel panic.\n\nIn addition to that, set_card_codec_info() in the generic helpers file,\nmtk-soundcard-driver.c, will populate a dai link with a dummy codec when\na dai link node is present in DT but with no codec property.\n\nThe result is that at probe time, a dummy codec can either be\nuninitialized with num_codecs = 0, or be an initialized dummy codec,\nwith num_codecs = 1 and dai_name = \"snd-soc-dummy-dai\". In order to\naccommodate for both situations, check that num_codecs is not zero\nbefore accessing the codecs' fields but still check for the codec's dai\nname against \"snd-soc-dummy-dai\" as needed.\n\nWhile at it, also drop the check that dai_name is not null in the mt8192\ndriver, introduced in commit 4d4e1b6319e5 (\"ASoC: mediatek: mt8192:\nCheck existence of dai_name before dereferencing\"), as it is actually\nredundant given the preceding num_codecs != 0 check.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56685" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2f2020327cc8561d7c520d2f2d9acea84fa7b3a3" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/376f4800f34a28def026ff5c5d4fc5e54e1744ff" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/550279449ff54c5aa28cfca5c567308cbfb145f0" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-5qg8-89vj-3364/GHSA-5qg8-89vj-3364.json b/advisories/unreviewed/2024/12/GHSA-5qg8-89vj-3364/GHSA-5qg8-89vj-3364.json new file mode 100644 index 0000000000000..0e32717e39721 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-5qg8-89vj-3364/GHSA-5qg8-89vj-3364.json @@ -0,0 +1,53 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5qg8-89vj-3364", + "modified": "2024-12-28T12:30:48Z", + "published": "2024-12-28T12:30:48Z", + "aliases": [ + "CVE-2024-56705" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: atomisp: Add check for rgby_data memory allocation failure\n\nIn ia_css_3a_statistics_allocate(), there is no check on the allocation\nresult of the rgby_data memory. If rgby_data is not successfully\nallocated, it may trigger the assert(host_stats->rgby_data) assertion in\nia_css_s3a_hmem_decode(). Adding a check to fix this potential issue.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56705" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/02a97d9d7ff605fa4a1f908d1bd3ad8573234b61" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0c24b82bc4d12c6a58ceacbf2598cd4df63abf9a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0c25ab93f2878cab07d37ca5afd302283201e5af" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4676e50444046b498555b849e6080a5c78cdda9b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/74aa783682c4d78c69d87898e40c78df1fec204e" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8066badaf7463194473fb4be19dbe50b11969aa0" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ed61c59139509f76d3592683c90dc3fdc6e23cd6" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-5w9h-9qj2-g754/GHSA-5w9h-9qj2-g754.json b/advisories/unreviewed/2024/12/GHSA-5w9h-9qj2-g754/GHSA-5w9h-9qj2-g754.json new file mode 100644 index 0000000000000..58f4b55a35eb1 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-5w9h-9qj2-g754/GHSA-5w9h-9qj2-g754.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-5w9h-9qj2-g754", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56683" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vc4: hdmi: Avoid hang with debug registers when suspended\n\nTrying to read /sys/kernel/debug/dri/1/hdmi1_regs\nwhen the hdmi is disconnected results in a fatal system hang.\n\nThis is due to the pm suspend code disabling the dvp clock.\nThat is just a gate of the 108MHz clock in DVP_HT_RPI_MISC_CONFIG,\nwhich results in accesses hanging AXI bus.\n\nProtect against this.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56683" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0ea29bd7d9400d3629683244d609358ed1b12075" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/16f351adf733a182224ad24916d7673aa6df02df" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/223ee2567a55e4f80315c768d2969e6a3b9fb23d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/74f21be9990a42dc2357bcf87a13e16c6998b90e" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c7d474974954d9af7e0092021223d58f2de128df" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-6779-v6gp-jmxv/GHSA-6779-v6gp-jmxv.json b/advisories/unreviewed/2024/12/GHSA-6779-v6gp-jmxv/GHSA-6779-v6gp-jmxv.json new file mode 100644 index 0000000000000..209e2c991b855 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-6779-v6gp-jmxv/GHSA-6779-v6gp-jmxv.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-6779-v6gp-jmxv", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56697" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info()\n\nFix two issues with memory allocation in amdgpu_discovery_get_nps_info()\nfor mem_ranges:\n\n - Add a check for allocation failure to avoid dereferencing a null\n pointer.\n\n - As suggested by Christophe, use kvcalloc() for memory allocation,\n which checks for multiplication overflow.\n\nAdditionally, assign the output parameters nps_type and range_cnt after\nthe kvcalloc() call to prevent modifying the output parameters in case\nof an error return.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56697" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a1144da794adedb9447437c57d69add56494309d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d14bea4e094871226ea69772d69dab8b7b5f4915" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e8f1dbaa0437eba4e8c1d6a6d81eca2e2ce3d197" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-679v-8hv6-2jm9/GHSA-679v-8hv6-2jm9.json b/advisories/unreviewed/2024/12/GHSA-679v-8hv6-2jm9/GHSA-679v-8hv6-2jm9.json new file mode 100644 index 0000000000000..ed3f7f0b51e0d --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-679v-8hv6-2jm9/GHSA-679v-8hv6-2jm9.json @@ -0,0 +1,61 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-679v-8hv6-2jm9", + "modified": "2024-12-28T12:30:48Z", + "published": "2024-12-28T12:30:48Z", + "aliases": [ + "CVE-2024-56704" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p/xen: fix release of IRQ\n\nKernel logs indicate an IRQ was double-freed.\n\nPass correct device ID during IRQ release.\n\n[Dominique: remove confusing variable reset to 0]", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56704" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/2bb3ee1bf237557daea1d58007d2e1d4a6502ccf" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4950408793b118cb8075bcee1f033b543fb719fa" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/530bc9f03a102fac95b07cda513bfc16ff69e0ee" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/692eb06703afc3e24d889d77e94a0e20229f6a4a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7f5a2ed5c1810661e6b03f5a4ebf17682cdea850" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b9e26059664bd9ebc64a0e8f5216266fc9f84265" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d74b4b297097bd361b8a9abfde9b521ff464ea9c" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d888f5f5d76b2722c267e6bdf51d445d60647b7b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e43c608f40c065b30964f0a806348062991b802d" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-c5v3-r759-x9gj/GHSA-c5v3-r759-x9gj.json b/advisories/unreviewed/2024/12/GHSA-c5v3-r759-x9gj/GHSA-c5v3-r759-x9gj.json new file mode 100644 index 0000000000000..faded87b8e15d --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-c5v3-r759-x9gj/GHSA-c5v3-r759-x9gj.json @@ -0,0 +1,61 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-c5v3-r759-x9gj", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56681" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: bcm - add error check in the ahash_hmac_init function\n\nThe ahash_init functions may return fails. The ahash_hmac_init should\nnot return ok when ahash_init returns error. For an example, ahash_init\nwill return -ENOMEM when allocation memory is error.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56681" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/05f0a3f5477ecaa1cf46448504afe9e7c2e96fcc" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/19630cf57233e845b6ac57c9c969a4888925467b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/28f8ffa945f7d7150463e15097ea73b19529d6f5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4ea3e3b761e371102bb1486778e2f8dbc9e37413" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/75e1e38e5d80d6d9011b7322698ffba3dd3db30a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8f1a9a960b1107bd0e0ec3736055f5ed0e717edf" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ae5253313e0ea5f00c06176074592b7f493c8546" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/bba9e38c5ad41d0a88b22a59e5b6dd3e31825118" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ee36db8e8203420e6d5c42eb9428920c2fc36532" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-cvxq-qv5g-cqw6/GHSA-cvxq-qv5g-cqw6.json b/advisories/unreviewed/2024/12/GHSA-cvxq-qv5g-cqw6/GHSA-cvxq-qv5g-cqw6.json new file mode 100644 index 0000000000000..bdc3389cd04ed --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-cvxq-qv5g-cqw6/GHSA-cvxq-qv5g-cqw6.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-cvxq-qv5g-cqw6", + "modified": "2024-12-28T12:30:48Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56702" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Mark raw_tp arguments with PTR_MAYBE_NULL\n\nArguments to a raw tracepoint are tagged as trusted, which carries the\nsemantics that the pointer will be non-NULL. However, in certain cases,\na raw tracepoint argument may end up being NULL. More context about this\nissue is available in [0].\n\nThus, there is a discrepancy between the reality, that raw_tp arguments\ncan actually be NULL, and the verifier's knowledge, that they are never\nNULL, causing explicit NULL checks to be deleted, and accesses to such\npointers potentially crashing the kernel.\n\nTo fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special\ncase the dereference and pointer arithmetic to permit it, and allow\npassing them into helpers/kfuncs; these exceptions are made for raw_tp\nprograms only. Ensure that we don't do this when ref_obj_id > 0, as in\nthat case this is an acquired object and doesn't need such adjustment.\n\nThe reason we do mask_raw_tp_trusted_reg logic is because other will\nrecheck in places whether the register is a trusted_reg, and then\nconsider our register as untrusted when detecting the presence of the\nPTR_MAYBE_NULL flag.\n\nTo allow safe dereference, we enable PROBE_MEM marking when we see loads\ninto trusted pointers with PTR_MAYBE_NULL.\n\nWhile trusted raw_tp arguments can also be passed into helpers or kfuncs\nwhere such broken assumption may cause issues, a future patch set will\ntackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can\nalready be passed into helpers and causes similar problems. Thus, they\nare left alone for now.\n\nIt is possible that these checks also permit passing non-raw_tp args\nthat are trusted PTR_TO_BTF_ID with null marking. In such a case,\nallowing dereference when pointer is NULL expands allowed behavior, so\nwon't regress existing programs, and the case of passing these into\nhelpers is the same as above and will be dealt with later.\n\nAlso update the failure case in tp_btf_nullable selftest to capture the\nnew behavior, as the verifier will no longer cause an error when\ndirectly dereference a raw tracepoint argument marked as __nullable.\n\n [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56702" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3634d4a310820567fc634bf8f1ee2b91378773e8" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c9b91d2d54175f781ad2c361cb2ac2c0e29b14b6" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/cb4158ce8ec8a5bb528cc1693356a5eb8058094d" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-f225-f9rp-hg69/GHSA-f225-f9rp-hg69.json b/advisories/unreviewed/2024/12/GHSA-f225-f9rp-hg69/GHSA-f225-f9rp-hg69.json new file mode 100644 index 0000000000000..500d1b1be33f5 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-f225-f9rp-hg69/GHSA-f225-f9rp-hg69.json @@ -0,0 +1,49 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f225-f9rp-hg69", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56694" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: fix recursive lock when verdict program return SK_PASS\n\nWhen the stream_verdict program returns SK_PASS, it places the received skb\ninto its own receive queue, but a recursive lock eventually occurs, leading\nto an operating system deadlock. This issue has been present since v6.9.\n\n'''\nsk_psock_strp_data_ready\n write_lock_bh(&sk->sk_callback_lock)\n strp_data_ready\n strp_read_sock\n read_sock -> tcp_read_sock\n strp_recv\n cb.rcv_msg -> sk_psock_strp_read\n # now stream_verdict return SK_PASS without peer sock assign\n __SK_PASS = sk_psock_map_verd(SK_PASS, NULL)\n sk_psock_verdict_apply\n sk_psock_skb_ingress_self\n sk_psock_skb_ingress_enqueue\n sk_psock_data_ready\n read_lock_bh(&sk->sk_callback_lock) <= dead lock\n\n'''\n\nThis topic has been discussed before, but it has not been fixed.\nPrevious discussion:\nhttps://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56694" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/01f1b88acfd79103da0610b45471f6c88ea98d72" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/386efa339e08563dd33e83bc951aea5d407fe578" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/6694f7acd625ed854bf6342926e771d65dad7f69" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8ca2a1eeadf09862190b2810697702d803ceef2d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/da2bc8a0c8f3ac66fdf980fc59936f851a083561" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f84c5ef6ca23cc2f72f3b830d74f67944684bb05" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-f25m-f79x-gq3f/GHSA-f25m-f79x-gq3f.json b/advisories/unreviewed/2024/12/GHSA-f25m-f79x-gq3f/GHSA-f25m-f79x-gq3f.json new file mode 100644 index 0000000000000..36266971d13a6 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-f25m-f79x-gq3f/GHSA-f25m-f79x-gq3f.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f25m-f79x-gq3f", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56682" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/riscv-aplic: Prevent crash when MSI domain is missing\n\nIf the APLIC driver is probed before the IMSIC driver, the parent MSI\ndomain will be missing, which causes a NULL pointer dereference in\nmsi_create_device_irq_domain().\n\nAvoid this by deferring probe until the parent MSI domain is available. Use\ndev_err_probe() to avoid printing an error message when returning\n-EPROBE_DEFER.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56682" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1f181d1cda56c2fbe379c5ace1aa1fac6306669e" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/285a07810ab3bcedc2bd380ebacbf6b4942a889a" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:10Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-f9vc-545w-6j2m/GHSA-f9vc-545w-6j2m.json b/advisories/unreviewed/2024/12/GHSA-f9vc-545w-6j2m/GHSA-f9vc-545w-6j2m.json new file mode 100644 index 0000000000000..ae5c3aa82cb02 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-f9vc-545w-6j2m/GHSA-f9vc-545w-6j2m.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-f9vc-545w-6j2m", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56684" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks()\n\nIt should be size of the struct clk_bulk_data, not data pointer pass to\ndevm_kcalloc().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56684" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/271ee263cc8771982809185007181ca10346fe73" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/31986fad0cfdda8d8893230da04f5eb0774854d9" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a9c7cb960fc6e056ebecebd136a127612b15630d" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:11Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-gw7x-jcrq-44c3/GHSA-gw7x-jcrq-44c3.json b/advisories/unreviewed/2024/12/GHSA-gw7x-jcrq-44c3/GHSA-gw7x-jcrq-44c3.json new file mode 100644 index 0000000000000..c59a946309867 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-gw7x-jcrq-44c3/GHSA-gw7x-jcrq-44c3.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gw7x-jcrq-44c3", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56696" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: core: Fix possible NULL dereference caused by kunit_kzalloc()\n\nkunit_kzalloc() may return a NULL pointer, dereferencing it without\nNULL check may lead to NULL dereference.\nAdd NULL checks for all the kunit_kzalloc() in sound_kunit.c", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56696" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8bfff486ecc79a72e9380e2d5e0ff234d5542d2f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/9ad467a2b2716d4ed12f003b041aa6c776a13ff5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f5486bf8abfe778b368d8fd1aa655dc01d0013ca" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-gwjv-8q72-w8xf/GHSA-gwjv-8q72-w8xf.json b/advisories/unreviewed/2024/12/GHSA-gwjv-8q72-w8xf/GHSA-gwjv-8q72-w8xf.json new file mode 100644 index 0000000000000..83b9509a2252f --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-gwjv-8q72-w8xf/GHSA-gwjv-8q72-w8xf.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-gwjv-8q72-w8xf", + "modified": "2024-12-28T12:30:46Z", + "published": "2024-12-28T12:30:46Z", + "aliases": [ + "CVE-2024-56677" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init()\n\nDuring early init CMA_MIN_ALIGNMENT_BYTES can be PAGE_SIZE,\nsince pageblock_order is still zero and it gets initialized\nlater during initmem_init() e.g.\nsetup_arch() -> initmem_init() -> sparse_init() -> set_pageblock_order()\n\nOne such use case where this causes issue is -\nearly_setup() -> early_init_devtree() -> fadump_reserve_mem() -> fadump_cma_init()\n\nThis causes CMA memory alignment check to be bypassed in\ncma_init_reserved_mem(). Then later cma_activate_area() can hit\na VM_BUG_ON_PAGE(pfn & ((1 << order) - 1)) if the reserved memory\narea was not pageblock_order aligned.\n\nFix it by moving the fadump_cma_init() after initmem_init(),\nwhere other such cma reservations also gets called.\n\n\n==============\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10010\nflags: 0x13ffff800000000(node=1|zone=0|lastcpupid=0x7ffff) CMA\nraw: 013ffff800000000 5deadbeef0000100 5deadbeef0000122 0000000000000000\nraw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000\npage dumped because: VM_BUG_ON_PAGE(pfn & ((1 << order) - 1))\n------------[ cut here ]------------\nkernel BUG at mm/page_alloc.c:778!\n\nCall Trace:\n__free_one_page+0x57c/0x7b0 (unreliable)\nfree_pcppages_bulk+0x1a8/0x2c8\nfree_unref_page_commit+0x3d4/0x4e4\nfree_unref_page+0x458/0x6d0\ninit_cma_reserved_pageblock+0x114/0x198\ncma_init_reserved_areas+0x270/0x3e0\ndo_one_initcall+0x80/0x2f8\nkernel_init_freeable+0x33c/0x530\nkernel_init+0x34/0x26c\nret_from_kernel_user_thread+0x14/0x1c", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56677" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/05b94cae1c47f94588c3e7096963c1007c4d9c1d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7351c5a6507b4401aeecadb5959131410a339520" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/aabef6301dcf410dfd2b8759cd413b2a003c7e3f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c5c1d1ef70834013fc3bd12b6a0f4664c6d75a74" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f551637fe9bf863386309e03f9d148d97f535ad1" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-hc7h-3x34-frvv/GHSA-hc7h-3x34-frvv.json b/advisories/unreviewed/2024/12/GHSA-hc7h-3x34-frvv/GHSA-hc7h-3x34-frvv.json new file mode 100644 index 0000000000000..578bc21fe3e1d --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-hc7h-3x34-frvv/GHSA-hc7h-3x34-frvv.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-hc7h-3x34-frvv", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56692" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on node blkaddr in truncate_node()\n\nsyzbot reports a f2fs bug as below:\n\n------------[ cut here ]------------\nkernel BUG at fs/f2fs/segment.c:2534!\nRIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534\nCall Trace:\n truncate_node+0x1ae/0x8c0 fs/f2fs/node.c:909\n f2fs_remove_inode_page+0x5c2/0x870 fs/f2fs/node.c:1288\n f2fs_evict_inode+0x879/0x15c0 fs/f2fs/inode.c:856\n evict+0x4e8/0x9b0 fs/inode.c:723\n f2fs_handle_failed_inode+0x271/0x2e0 fs/f2fs/inode.c:986\n f2fs_create+0x357/0x530 fs/f2fs/namei.c:394\n lookup_open fs/namei.c:3595 [inline]\n open_last_lookups fs/namei.c:3694 [inline]\n path_openat+0x1c03/0x3590 fs/namei.c:3930\n do_filp_open+0x235/0x490 fs/namei.c:3960\n do_sys_openat2+0x13e/0x1d0 fs/open.c:1415\n do_sys_open fs/open.c:1430 [inline]\n __do_sys_openat fs/open.c:1446 [inline]\n __se_sys_openat fs/open.c:1441 [inline]\n __x64_sys_openat+0x247/0x2a0 fs/open.c:1441\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534\n\nThe root cause is: on a fuzzed image, blkaddr in nat entry may be\ncorrupted, then it will cause system panic when using it in\nf2fs_invalidate_blocks(), to avoid this, let's add sanity check on\nnat blkaddr in truncate_node().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56692" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0a5c8b3fbf6200f1c66062d307c9a52084917788" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/27d6e7eff07f8cce8e83b162d8f21a07458c860d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/6babe00ccd34fc65b78ef8b99754e32b4385f23d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c1077078ce4589b5e5387f6b0aaa0d4534b9eb57" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-jqcp-w97c-4jjv/GHSA-jqcp-w97c-4jjv.json b/advisories/unreviewed/2024/12/GHSA-jqcp-w97c-4jjv/GHSA-jqcp-w97c-4jjv.json new file mode 100644 index 0000000000000..c44fd5d7f3fde --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-jqcp-w97c-4jjv/GHSA-jqcp-w97c-4jjv.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-jqcp-w97c-4jjv", + "modified": "2024-12-28T12:30:46Z", + "published": "2024-12-28T12:30:46Z", + "aliases": [ + "CVE-2024-56676" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: testing: Initialize some variables annoteded with _free()\n\nVariables annotated with __free() need to be initialized if the function\ncan return before they get updated for the first time or the attempt to\nfree the memory pointed to by them upon function return may crash the\nkernel.\n\nFix this issue in some places in the thermal testing code.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56676" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0104dcdaad3a7afd141e79a5fb817a92ada910ac" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/526c132124a62be486bad1701f7e8e92212ccec6" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:06Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-m2p9-vjrp-wj7v/GHSA-m2p9-vjrp-wj7v.json b/advisories/unreviewed/2024/12/GHSA-m2p9-vjrp-wj7v/GHSA-m2p9-vjrp-wj7v.json new file mode 100644 index 0000000000000..43e543e0ff9f8 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-m2p9-vjrp-wj7v/GHSA-m2p9-vjrp-wj7v.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m2p9-vjrp-wj7v", + "modified": "2024-12-28T12:30:48Z", + "published": "2024-12-28T12:30:48Z", + "aliases": [ + "CVE-2024-56706" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cpum_sf: Fix and protect memory allocation of SDBs with mutex\n\nReservation of the PMU hardware is done at first event creation\nand is protected by a pair of mutex_lock() and mutex_unlock().\nAfter reservation of the PMU hardware the memory\nrequired for the PMUs the event is to be installed on is\nallocated by allocate_buffers() and alloc_sampling_buffer().\nThis done outside of the mutex protection.\nWithout mutex protection two or more concurrent invocations of\nperf_event_init() may run in parallel.\nThis can lead to allocation of Sample Data Blocks (SDBs)\nmultiple times for the same PMU.\nPrevent this and protect memory allocation of SDBs by\nmutex.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56706" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4b3bdfa89635db6a53e02955548bd07bebcae233" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f55bd479d8663a4a4e403b3d308d3d1aa33d92df" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-m7fm-h8xx-vpxm/GHSA-m7fm-h8xx-vpxm.json b/advisories/unreviewed/2024/12/GHSA-m7fm-h8xx-vpxm/GHSA-m7fm-h8xx-vpxm.json new file mode 100644 index 0000000000000..786a2b6fef998 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-m7fm-h8xx-vpxm/GHSA-m7fm-h8xx-vpxm.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-m7fm-h8xx-vpxm", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56680" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: intel/ipu6: do not handle interrupts when device is disabled\n\nSome IPU6 devices have shared interrupts. We need to handle properly\ncase when interrupt is triggered from other device on shared irq line\nand IPU6 itself disabled. In such case we get 0xffffffff from\nISR_STATUS register and handle all irq's cases, for what we are not\nnot prepared and usually hang the whole system.\n\nTo avoid the issue use pm_runtime_get_if_active() to check if\nthe device is enabled and prevent suspending it when we handle irq\nuntil the end of irq. Additionally use synchronize_irq() in suspend", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56680" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1429826883bb18847092b2e04c6598ef34bae1d4" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/57241487a3648515c9aa6fa89e31f2414eccfdbc" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/ed4524c87249edc3104f6bb28ab11325bed3d536" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:09Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-mh6m-gjcw-57ph/GHSA-mh6m-gjcw-57ph.json b/advisories/unreviewed/2024/12/GHSA-mh6m-gjcw-57ph/GHSA-mh6m-gjcw-57ph.json new file mode 100644 index 0000000000000..1ad40b98e6051 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-mh6m-gjcw-57ph/GHSA-mh6m-gjcw-57ph.json @@ -0,0 +1,49 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mh6m-gjcw-57ph", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56693" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbrd: defer automatic disk creation until module initialization succeeds\n\nMy colleague Wupeng found the following problems during fault injection:\n\nBUG: unable to handle page fault for address: fffffbfff809d073\nPGD 6e648067 P4D 123ec8067 PUD 123ec4067 PMD 100e38067 PTE 0\nOops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 5 UID: 0 PID: 755 Comm: modprobe Not tainted 6.12.0-rc3+ #17\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.1-2.fc37 04/01/2014\nRIP: 0010:__asan_load8+0x4c/0xa0\n...\nCall Trace:\n \n blkdev_put_whole+0x41/0x70\n bdev_release+0x1a3/0x250\n blkdev_release+0x11/0x20\n __fput+0x1d7/0x4a0\n task_work_run+0xfc/0x180\n syscall_exit_to_user_mode+0x1de/0x1f0\n do_syscall_64+0x6b/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nloop_init() is calling loop_add() after __register_blkdev() succeeds and\nis ignoring disk_add() failure from loop_add(), for loop_add() failure\nis not fatal and successfully created disks are already visible to\nbdev_open().\n\nbrd_init() is currently calling brd_alloc() before __register_blkdev()\nsucceeds and is releasing successfully created disks when brd_init()\nreturns an error. This can cause UAF for the latter two case:\n\ncase 1:\n T1:\nmodprobe brd\n brd_init\n brd_alloc(0) // success\n add_disk\n disk_scan_partitions\n bdev_file_open_by_dev // alloc file\n fput // won't free until back to userspace\n brd_alloc(1) // failed since mem alloc error inject\n // error path for modprobe will release code segment\n // back to userspace\n __fput\n blkdev_release\n bdev_release\n blkdev_put_whole\n bdev->bd_disk->fops->release // fops is freed now, UAF!\n\ncase 2:\n T1: T2:\nmodprobe brd\n brd_init\n brd_alloc(0) // success\n open(/dev/ram0)\n brd_alloc(1) // fail\n // error path for modprobe\n\n close(/dev/ram0)\n ...\n /* UAF! */\n bdev->bd_disk->fops->release\n\nFix this problem by following what loop_init() does. Besides,\nreintroduce brd_devices_mutex to help serialize modifications to\nbrd_list.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56693" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/259bf925583ec9e3781df778cadf00594095090d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/410896624db639500f24f46478b4bfa05c76bf56" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/41219c147df8bbd6591f59af5d695fb6c9a1cbff" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/63dfd728b30f79495dacc886127695a379805152" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/826cc42adf44930a633d11a5993676d85ddb0842" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c0c2744cd2939ec5999c51dbaf2af16886548b7b" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-mq25-pcc6-7q99/GHSA-mq25-pcc6-7q99.json b/advisories/unreviewed/2024/12/GHSA-mq25-pcc6-7q99/GHSA-mq25-pcc6-7q99.json new file mode 100644 index 0000000000000..15b018e313230 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-mq25-pcc6-7q99/GHSA-mq25-pcc6-7q99.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mq25-pcc6-7q99", + "modified": "2024-12-28T12:30:48Z", + "published": "2024-12-28T12:30:48Z", + "aliases": [ + "CVE-2024-56707" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c\n\nAdd error pointer checks after calling otx2_mbox_get_rsp().", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56707" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1611b1ea7cf8d07dff091a45389b10401bb6d5b3" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/20e06a5137a1174214bae3a29ce623e69455ee0f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3ccbc7a518868eff1d5a198b9e454e182b651e00" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f5b942e6c54b13246ee49d42dcfb71b7f29e3c64" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/fc595472fbad96533ccbb7b9ebb82b743ec26829" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:19Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-mxg2-8rwh-rmf4/GHSA-mxg2-8rwh-rmf4.json b/advisories/unreviewed/2024/12/GHSA-mxg2-8rwh-rmf4/GHSA-mxg2-8rwh-rmf4.json new file mode 100644 index 0000000000000..2db59cf2ffaab --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-mxg2-8rwh-rmf4/GHSA-mxg2-8rwh-rmf4.json @@ -0,0 +1,57 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-mxg2-8rwh-rmf4", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56691" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device\n\nWhile design wise the idea of converting the driver to use\nthe hierarchy of the IRQ chips is correct, the implementation\nhas (inherited) flaws. This was unveiled when platform_get_irq()\nhad started WARN() on IRQ 0 that is supposed to be a Linux\nIRQ number (also known as vIRQ).\n\nRework the driver to respect IRQ domain when creating each MFD\ndevice separately, as the domain is not the same for all of them.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56691" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0997e77c51330c2866a4f39480e762cca92ad953" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0b648968bfa4f5c9c4983bca9f2de17626ed6fb6" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/23230ac3c5ca3f154b64849d1cf50583b4e6b98c" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/518e414d24e7037d6cc7198e942bf47fe6f5e8e1" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/686fb77712a4bc94b76a0c5ae74c60118b7a0d79" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/87a07a5b0b296e489c606ca95ffc16c18821975b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c310e6916c0b297011d0fec03f168a6b24e9e984" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e1ef62e8d262e3f27446d26742208c1c81e9ee18" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:14Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-q94m-6jg9-pcmh/GHSA-q94m-6jg9-pcmh.json b/advisories/unreviewed/2024/12/GHSA-q94m-6jg9-pcmh/GHSA-q94m-6jg9-pcmh.json new file mode 100644 index 0000000000000..2f6d95fac477f --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-q94m-6jg9-pcmh/GHSA-q94m-6jg9-pcmh.json @@ -0,0 +1,41 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-q94m-6jg9-pcmh", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56689" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio'\n\nIf platform_get_resource_byname() fails and returns NULL because DT lacks\nan 'mmio' property for the MHI endpoint, dereferencing res->start will\ncause a NULL pointer access. Add a check to prevent it.\n\n[kwilczynski: error message update per the review feedback]\n[bhelgaas: commit log]", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56689" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0e6d92e3b973de78eb7015154cf1197af9fac5c9" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/242ee2b0ad9b23f47084904fce3f9f228068a1f9" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/5089b3d874e9933d9842e90410d3af1520494757" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c8b9d6b7d62a444e0bca5b9ae28f9f2b0f52feef" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:13Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-qf2f-rv74-7c9g/GHSA-qf2f-rv74-7c9g.json b/advisories/unreviewed/2024/12/GHSA-qf2f-rv74-7c9g/GHSA-qf2f-rv74-7c9g.json new file mode 100644 index 0000000000000..6c8c234ed947c --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-qf2f-rv74-7c9g/GHSA-qf2f-rv74-7c9g.json @@ -0,0 +1,53 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qf2f-rv74-7c9g", + "modified": "2024-12-28T12:30:48Z", + "published": "2024-12-28T12:30:48Z", + "aliases": [ + "CVE-2024-56701" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Fix dtl_access_lock to be a rw_semaphore\n\nThe dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because\nthe code calls kmalloc() while holding it, which can sleep:\n\n # echo 1 > /proc/powerpc/vcpudispatch_stats\n BUG: sleeping function called from invalid context at include/linux/sched/mm.h:337\n in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 199, name: sh\n preempt_count: 1, expected: 0\n 3 locks held by sh/199:\n #0: c00000000a0743f8 (sb_writers#3){.+.+}-{0:0}, at: vfs_write+0x324/0x438\n #1: c0000000028c7058 (dtl_enable_mutex){+.+.}-{3:3}, at: vcpudispatch_stats_write+0xd4/0x5f4\n #2: c0000000028c70b8 (dtl_access_lock){+.+.}-{2:2}, at: vcpudispatch_stats_write+0x220/0x5f4\n CPU: 0 PID: 199 Comm: sh Not tainted 6.10.0-rc4 #152\n Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries\n Call Trace:\n dump_stack_lvl+0x130/0x148 (unreliable)\n __might_resched+0x174/0x410\n kmem_cache_alloc_noprof+0x340/0x3d0\n alloc_dtl_buffers+0x124/0x1ac\n vcpudispatch_stats_write+0x2a8/0x5f4\n proc_reg_write+0xf4/0x150\n vfs_write+0xfc/0x438\n ksys_write+0x88/0x148\n system_call_exception+0x1c4/0x5a0\n system_call_common+0xf4/0x258", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56701" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/525e18f1ba7c2b098c8ba587fb397efb34a6574c" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/6956c0e7346ce1bbfc726755aa8da10d26e84276" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/a246daa26b717e755ccc9061f47f7cd1c0b358dd" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b125d0cf1adde7b2b47d7337fed7e9133eea3463" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/cadae3a45d23aa4f6485938a67cbc47aaaa25e38" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f6ec133668757f84e5143f1eb141fd0b83778b9e" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/fa5b5ea257135e771b489c83a2e93b5935d0108e" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:17Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-qq5f-qp66-6v4x/GHSA-qq5f-qp66-6v4x.json b/advisories/unreviewed/2024/12/GHSA-qq5f-qp66-6v4x/GHSA-qq5f-qp66-6v4x.json new file mode 100644 index 0000000000000..213f8c74a40ad --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-qq5f-qp66-6v4x/GHSA-qq5f-qp66-6v4x.json @@ -0,0 +1,33 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-qq5f-qp66-6v4x", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56695" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()'\n\nThe `kfd_get_cu_occupancy` function previously declared a large\n`cu_occupancy` array as a local variable, which could lead to stack\noverflows due to excessive stack usage. This commit replaces the static\narray allocation with dynamic memory allocation using `kcalloc`,\nthereby reducing the stack size.\n\nThis change avoids the risk of stack overflows in kernel space, in\nscenarios where `AMDGPU_MAX_QUEUES` is large. The allocated memory is\nfreed using `kfree` before the function returns to prevent memory\nleaks.\n\nFixes the below with gcc W=1:\ndrivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_process.c: In function ‘kfd_get_cu_occupancy’:\ndrivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_process.c:322:1: warning: the frame size of 1056 bytes is larger than 1024 bytes [-Wframe-larger-than=]\n 322 | }\n | ^", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56695" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/6d9f07196389f35a3afebcf1a12c1425725caddd" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/922f0e00017b09d9d47e3efac008c8b20ed546a0" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:15Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-r654-x82p-f2p7/GHSA-r654-x82p-f2p7.json b/advisories/unreviewed/2024/12/GHSA-r654-x82p-f2p7/GHSA-r654-x82p-f2p7.json new file mode 100644 index 0000000000000..f0ac29a19f5af --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-r654-x82p-f2p7/GHSA-r654-x82p-f2p7.json @@ -0,0 +1,37 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-r654-x82p-f2p7", + "modified": "2024-12-28T12:30:48Z", + "published": "2024-12-28T12:30:48Z", + "aliases": [ + "CVE-2024-56703" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix soft lockups in fib6_select_path under high next hop churn\n\nSoft lockups have been observed on a cluster of Linux-based edge routers\nlocated in a highly dynamic environment. Using the `bird` service, these\nrouters continuously update BGP-advertised routes due to frequently\nchanging nexthop destinations, while also managing significant IPv6\ntraffic. The lockups occur during the traversal of the multipath\ncircular linked-list in the `fib6_select_path` function, particularly\nwhile iterating through the siblings in the list. The issue typically\narises when the nodes of the linked list are unexpectedly deleted\nconcurrently on a different core—indicated by their 'next' and\n'previous' elements pointing back to the node itself and their reference\ncount dropping to zero. This results in an infinite loop, leading to a\nsoft lockup that triggers a system panic via the watchdog timer.\n\nApply RCU primitives in the problematic code sections to resolve the\nissue. Where necessary, update the references to fib6_siblings to\nannotate or use the RCU APIs.\n\nInclude a test script that reproduces the issue. The script\nperiodically updates the routing table while generating a heavy load\nof outgoing IPv6 traffic through multiple iperf3 clients. It\nconsistently induces infinite soft lockups within a couple of minutes.\n\nKernel log:\n\n 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb\n 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3\n 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4\n 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03\n 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f\n 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756\n 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af\n 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d\n-- --\n 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb\n [exception RIP: fib6_select_path+299]\n RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287\n RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000\n RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618\n RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200\n R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830\n R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007\n ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018\n 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c\n10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c\n11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5\n12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47\n13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0\n14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274\n15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474\n16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615\n17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec\n18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3\n19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9\n20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice]\n21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice]\n22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice]\n23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000\n24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581\n25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9\n26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47\n27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30\n28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f\n29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64\n30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56703" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/11edcd026012ac18acee0f1514db3ed1b160fc6f" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/34a949e7a0869dfa31a40416d2a56973fae1807b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/d9ccb18f83ea2bb654289b6ecf014fd267cc988b" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:18Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-v5r3-wf29-qq37/GHSA-v5r3-wf29-qq37.json b/advisories/unreviewed/2024/12/GHSA-v5r3-wf29-qq37/GHSA-v5r3-wf29-qq37.json new file mode 100644 index 0000000000000..8be4d4bdda0bd --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-v5r3-wf29-qq37/GHSA-v5r3-wf29-qq37.json @@ -0,0 +1,49 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v5r3-wf29-qq37", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:46Z", + "aliases": [ + "CVE-2024-56678" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/mm/fault: Fix kfence page fault reporting\n\ncopy_from_kernel_nofault() can be called when doing read of /proc/kcore.\n/proc/kcore can have some unmapped kfence objects which when read via\ncopy_from_kernel_nofault() can cause page faults. Since *_nofault()\nfunctions define their own fixup table for handling fault, use that\ninstead of asking kfence to handle such faults.\n\nHence we search the exception tables for the nip which generated the\nfault. If there is an entry then we let the fixup table handler handle the\npage fault by returning an error from within ___do_page_fault().\n\nThis can be easily triggered if someone tries to do dd from /proc/kcore.\neg. dd if=/proc/kcore of=/dev/null bs=1M\n\nSome example false negatives:\n\n ===============================\n BUG: KFENCE: invalid read in copy_from_kernel_nofault+0x9c/0x1a0\n Invalid read at 0xc0000000fdff0000:\n copy_from_kernel_nofault+0x9c/0x1a0\n 0xc00000000665f950\n read_kcore_iter+0x57c/0xa04\n proc_reg_read_iter+0xe4/0x16c\n vfs_read+0x320/0x3ec\n ksys_read+0x90/0x154\n system_call_exception+0x120/0x310\n system_call_vectored_common+0x15c/0x2ec\n\n BUG: KFENCE: use-after-free read in copy_from_kernel_nofault+0x9c/0x1a0\n Use-after-free read at 0xc0000000fe050000 (in kfence-#2):\n copy_from_kernel_nofault+0x9c/0x1a0\n 0xc00000000665f950\n read_kcore_iter+0x57c/0xa04\n proc_reg_read_iter+0xe4/0x16c\n vfs_read+0x320/0x3ec\n ksys_read+0x90/0x154\n system_call_exception+0x120/0x310\n system_call_vectored_common+0x15c/0x2ec", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56678" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/06dbbb4d5f7126b6307ab807cbf04ecfc459b933" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/15f78d2c3d1452645bd8b9da909b0ca266f83c43" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4d2655754e94741b159aa807b72ea85518a65fd5" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/7eaeb7a49b6d16640f9f3c9074c05175d74c710b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/9ea8d8bf9b625e8ad3be6b0432aecdc549914121" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/e0a470b5733c1fe068d5c58b0bb91ad539604bc6" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:08Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-v859-83xr-7x5w/GHSA-v859-83xr-7x5w.json b/advisories/unreviewed/2024/12/GHSA-v859-83xr-7x5w/GHSA-v859-83xr-7x5w.json new file mode 100644 index 0000000000000..022a54301b28f --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-v859-83xr-7x5w/GHSA-v859-83xr-7x5w.json @@ -0,0 +1,57 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-v859-83xr-7x5w", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56688" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nsunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport\n\nSince transport->sock has been set to NULL during reset transport,\nXPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the\nxs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request()\nto dereference the transport->sock that has been set to NULL.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56688" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3811172e8c98ceebd12fe526ca6cb37a1263c964" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/4db9ad82a6c823094da27de4825af693a3475d51" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/638a8fa5a7e641f9401346c57e236f02379a0c40" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/66d11ca91bf5100ae2e6b5efad97e58d8448843a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/86a1f9fa24804cd7f9d7dd3f24af84fc7f8ec02e" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/87a95ee34a48dfad198a2002e4966e1d63d53f2b" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/cc91d59d34ff6a6fee1c0b48612081a451e05e9a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/fe6cbf0b2ac3cf4e21824a44eaa336564ed5e960" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:12Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-wh76-6j96-82w8/GHSA-wh76-6j96-82w8.json b/advisories/unreviewed/2024/12/GHSA-wh76-6j96-82w8/GHSA-wh76-6j96-82w8.json new file mode 100644 index 0000000000000..af1db3bd0a53e --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-wh76-6j96-82w8/GHSA-wh76-6j96-82w8.json @@ -0,0 +1,53 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-wh76-6j96-82w8", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56698" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: gadget: Fix looping of queued SG entries\n\nThe dwc3_request->num_queued_sgs is decremented on completion. If a\npartially completed request is handled, then the\ndwc3_request->num_queued_sgs no longer reflects the total number of\nnum_queued_sgs (it would be cleared).\n\nCorrectly check the number of request SG entries remained to be prepare\nand queued. Failure to do this may cause null pointer dereference when\naccessing non-existent SG entry.", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56698" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0247da93bf62d33304b7bf97850ebf2a86e06d28" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/1534f6f69393aac773465d80d31801b554352627" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/70777a23a54e359cfdfafc625a57cd56434f3859" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/8ceb21d76426bbe7072cc3e43281e70c0d664cc7" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b7c3d0b59213ebeedff63d128728ce0b3d7a51ec" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/b7fc65f5141c24785dc8c19249ca4efcf71b3524" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c9e72352a10ae89a430449f7bfeb043e75c255d9" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:16Z" + } +} \ No newline at end of file diff --git a/advisories/unreviewed/2024/12/GHSA-x3r6-6fxj-5f4r/GHSA-x3r6-6fxj-5f4r.json b/advisories/unreviewed/2024/12/GHSA-x3r6-6fxj-5f4r/GHSA-x3r6-6fxj-5f4r.json new file mode 100644 index 0000000000000..74a66a6a86d40 --- /dev/null +++ b/advisories/unreviewed/2024/12/GHSA-x3r6-6fxj-5f4r/GHSA-x3r6-6fxj-5f4r.json @@ -0,0 +1,45 @@ +{ + "schema_version": "1.4.0", + "id": "GHSA-x3r6-6fxj-5f4r", + "modified": "2024-12-28T12:30:47Z", + "published": "2024-12-28T12:30:47Z", + "aliases": [ + "CVE-2024-56687" + ], + "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: Fix hardware lockup on first Rx endpoint request\n\nThere is a possibility that a request's callback could be invoked from\nusb_ep_queue() (call trace below, supplemented with missing calls):\n\nreq->complete from usb_gadget_giveback_request\n\t(drivers/usb/gadget/udc/core.c:999)\nusb_gadget_giveback_request from musb_g_giveback\n\t(drivers/usb/musb/musb_gadget.c:147)\nmusb_g_giveback from rxstate\n\t(drivers/usb/musb/musb_gadget.c:784)\nrxstate from musb_ep_restart\n\t(drivers/usb/musb/musb_gadget.c:1169)\nmusb_ep_restart from musb_ep_restart_resume_work\n\t(drivers/usb/musb/musb_gadget.c:1176)\nmusb_ep_restart_resume_work from musb_queue_resume_work\n\t(drivers/usb/musb/musb_core.c:2279)\nmusb_queue_resume_work from musb_gadget_queue\n\t(drivers/usb/musb/musb_gadget.c:1241)\nmusb_gadget_queue from usb_ep_queue\n\t(drivers/usb/gadget/udc/core.c:300)\n\nAccording to the docstring of usb_ep_queue(), this should not happen:\n\n\"Note that @req's ->complete() callback must never be called from within\nusb_ep_queue() as that can create deadlock situations.\"\n\nIn fact, a hardware lockup might occur in the following sequence:\n\n1. The gadget is initialized using musb_gadget_enable().\n2. Meanwhile, a packet arrives, and the RXPKTRDY flag is set, raising an\n interrupt.\n3. If IRQs are enabled, the interrupt is handled, but musb_g_rx() finds an\n empty queue (next_request() returns NULL). The interrupt flag has\n already been cleared by the glue layer handler, but the RXPKTRDY flag\n remains set.\n4. The first request is enqueued using usb_ep_queue(), leading to the call\n of req->complete(), as shown in the call trace above.\n5. If the callback enables IRQs and another packet is waiting, step (3)\n repeats. The request queue is empty because usb_g_giveback() removes the\n request before invoking the callback.\n6. The endpoint remains locked up, as the interrupt triggered by hardware\n setting the RXPKTRDY flag has been handled, but the flag itself remains\n set.\n\nFor this scenario to occur, it is only necessary for IRQs to be enabled at\nsome point during the complete callback. This happens with the USB Ethernet\ngadget, whose rx_complete() callback calls netif_rx(). If called in the\ntask context, netif_rx() disables the bottom halves (BHs). When the BHs are\nre-enabled, IRQs are also enabled to allow soft IRQs to be processed. The\ngadget itself is initialized at module load (or at boot if built-in), but\nthe first request is enqueued when the network interface is brought up,\ntriggering rx_complete() in the task context via ioctl(). If a packet\narrives while the interface is down, it can prevent the interface from\nreceiving any further packets from the USB host.\n\nThe situation is quite complicated with many parties involved. This\nparticular issue can be resolved in several possible ways:\n\n1. Ensure that callbacks never enable IRQs. This would be difficult to\n enforce, as discovering how netif_rx() interacts with interrupts was\n already quite challenging and u_ether is not the only function driver.\n Similar \"bugs\" could be hidden in other drivers as well.\n2. Disable MUSB interrupts in musb_g_giveback() before calling the callback\n and re-enable them afterwars (by calling musb_{dis,en}able_interrupts(),\n for example). This would ensure that MUSB interrupts are not handled\n during the callback, even if IRQs are enabled. In fact, it would allow\n IRQs to be enabled when releasing the lock. However, this feels like an\n inelegant hack.\n3. Modify the interrupt handler to clear the RXPKTRDY flag if the request\n queue is empty. While this approach also feels like a hack, it wastes\n CPU time by attempting to handle incoming packets when the software is\n not ready to process them.\n4. Flush the Rx FIFO instead of calling rxstate() in musb_ep_restart().\n This ensures that the hardware can receive packets when there is at\n least one request in the queue. Once I\n---truncated---", + "severity": [], + "affected": [], + "references": [ + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56687" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/0c89445e6d475b78d37b64ae520831cd43af7db4" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/3fc137386c4620305bbc2a216868c53f9245670a" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/5906ee3693674d734177df13a519a21bb03f730d" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/c749500b28cae67410792096133ee7f282439c51" + }, + { + "type": "WEB", + "url": "https://git.kernel.org/stable/c/f05ad9755bb294328c3d0f429164ac6d4d08c548" + } + ], + "database_specific": { + "cwe_ids": [], + "severity": null, + "github_reviewed": false, + "github_reviewed_at": null, + "nvd_published_at": "2024-12-28T10:15:12Z" + } +} \ No newline at end of file