RHSA-2011:0883 Red Hat Security Advisory: kernel security and bug fix update

Bulletin has no description...

DEBIAN-CVE-2024-46684

In the Linux kernel, the following vulnerability has been resolved: binfmtelffdpic: fix AUXV size calculation when ELFHWCAP2 is defined createelffdpictables does not correctly account the space for the AUX vector when an architecture has ELFHWCAP2 defined. Prior to the commit 10e29251be0e...

UBUNTU-CVE-2024-46684

In the Linux kernel, the following vulnerability has been resolved: binfmtelffdpic: fix AUXV size calculation when ELFHWCAP2 is defined createelffdpictables does not correctly account the space for the AUX vector when an architecture has ELFHWCAP2 defined. Prior to the commit 10e29251be0e...

CVE-2024-46684

CVE-2024-46684 : In the Linux kernel, the binfmt_elf_fdpic path is affected. The vulnerability stems from an incorrect AUXV size calculation in create_elf_fdpic_tables() when ELF_HWCAP2 is defined, which could result in the last AUXV entry being zero and trigger a kernel BUG. The fix adds one to ...

DEBIAN-CVE-2024-45012

In the Linux kernel, the following vulnerability has been resolved: nouveau/firmware: use dma non-coherent allocator Currently, enabling SGDEBUG in the kernel will cause nouveau to hit a BUG on startup, when the iommu is enabled: kernel BUG at include/linux/scatterlist.h:187! invalid opcode: 0000...

UBUNTU-CVE-2024-45012

In the Linux kernel, the following vulnerability has been resolved: nouveau/firmware: use dma non-coherent allocator Currently, enabling SGDEBUG in the kernel will cause nouveau to hit a BUG on startup, when the iommu is enabled: kernel BUG at include/linux/scatterlist.h:187! invalid opcode: 0000...

DEBIAN-CVE-2024-44989

In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm realdev null pointer dereference We shouldn't set realdev to NULL because packets can be in transit and xfrm might call xdodevoffloadok in parallel. All callbacks assume realdev is set. Example trace: kernel: BU...

UBUNTU-CVE-2024-44976

In the Linux kernel, the following vulnerability has been resolved: ata: patamacio: Fix DMA table overflow Kolbjørn and Jonáš reported that their 32-bit PowerMacs were crashing in pata-macio since commit 09fe2bfa6b83 "ata: patamacio: Fix maxsegmentsize with PAGESIZE == 64K". For example: kernel B...

CVE-2024-44959

The CVE-2024-44959 entry concerns the Linux kernel tracefs component. It describes a root cause in the in-kernel memory reclaim path where structure layout randomization of struct inode can cause overlapping or misused RCU fields during freeing, potentially triggering list corruption (list_del) a...

CVE-2024-44959 tracefs: Use generic inode RCU for synchronizing freeing

In the Linux kernel, the following vulnerability has been resolved: tracefs: Use generic inode RCU for synchronizing freeing With structure layout randomization enabled for 'struct inode' we need to avoid overlapping any of the RCU-used / initialized-only-once members, e.g. ilru or isblist to not...

kernel: mm/slub: fix to return errno if kmalloc() fails

In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc fails In createuniqueid, kmalloc, GFPKERNEL can fail due to out-of-memory, if it fails, return errno correctly rather than triggering panic via BUGON; kernel BUG at mm/slub.c:5893! Internal...

CVE-2024-44942 f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on F2FSINLINEDATA flag in inode during GC syzbot reports a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/inline.c:258! CPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted...

CVE-2024-43887 net/tcp: Disable TCP-AO static key after RCU grace period

In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO statickey is the same as the last tcpaoinfo. On the socket destruction tcpaoinfo ceases to be with RCU grace period, while tcp-ao static branch is...

SUSE CVE-2023-52912

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed bug on error when unloading amdgpu Fixed bug on error when unloading amdgpu. The error message is as follows: 377.706202 kernel BUG at drivers/gpu/drm/drmbuddy.c:278! 377.706215 invalid opcode: 0000 1 PREEMPT SM...

CVE-2022-48923 btrfs: prevent copying too big compressed lzo segment

In the Linux kernel, the following vulnerability has been resolved: btrfs: prevent copying too big compressed lzo segment Compressed length can be corrupted to be a lot larger than memory we have allocated for buffer. This will cause memcpy in copycompressedsegment to write outside of allocated...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect WARNON condition in the writebackinodessbnr function...

CVE-2023-52912

CVE-2023-52912 relates to the Linux kernel’s DRM amdgpu subsystem. The issue arises during unloading of amdgpu where a bug in drm_buddy_free_block can trigger a kernel BUG and invalid opcode, as shown in the stack trace and kernel log snippet. The impact is a potentially local disruption of a sys...

CVE-2022-48884 net/mlx5: Fix command stats access after free

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command stats access after free Command may fail while driver is reloading and can't accept FW commands till command interface is reinitialized. Such command failure is being logged to command stats. This results in...

CVE-2024-42273

A flaw was found in the F2FS file system in the Linux Kernel due to incorrect handling of compression and garbage collection. The CURSEGALLDATAATGC flag was mistakenly assigned to COMPRADDR for pages marked with the garbage collection flag gcing. This led to an assertion failure BUGON at...

SUSE CVE-2024-42273

In the Linux kernel, the following vulnerability has been resolved: f2fs: assign CURSEGALLDATAATGC if blkaddr is valid mkdir /mnt/test/comp f2fsio setflags compression /mnt/test/comp dd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1 truncate --size 13 /mnt/test/comp/testfile In the above...