UBUNTU-CVE-2024-35793

In the Linux kernel, the following vulnerability has been resolved: debugfs: fix wait/cancellation handling during remove Ben Greear further reports deadlocks during concurrent debugfs remove while files are being accessed, even though the code in question now uses debugfs cancellations. Turns ou...

CVE-2024-35793 debugfs: fix wait/cancellation handling during remove

In the Linux kernel, the following vulnerability has been resolved: debugfs: fix wait/cancellation handling during remove Ben Greear further reports deadlocks during concurrent debugfs remove while files are being accessed, even though the code in question now uses debugfs cancellations. Turns ou...

CVE-2024-35793

CVE-2024-35793 affects the Linux kernel debugfs remove path. The issue was a logic error in the removal cancelation flow: if a refcount is non-zero, cancellations must be triggered; otherwise, removal can finish without cancellations, but the existing loop could never run. The fix adjusts wait/ca...

PT-2024-26742 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the debugfs feature in the Linux kernel, where a logic error in the wait/cancellation handling during remove operations can cause deadlocks. Specifically, when...

PT-2024-14691

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue arises when an inode is compressed but not encrypted, and the system fails to call f2fs wait on block writeback to wait for GCed page writeback in the IPU write path. This can...

PT-2024-30694

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50 Description The issue is related to the function folio wait writeback which requires that no spinlocks are held and that a folio reference is held. After dropping the PTL, the folio could get freed...

SUSE CVE-2024-26962

In the Linux kernel, the following vulnerability has been resolved: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape For raid456, if reshape is still in progress, then IO across reshape position will wait for reshape to make progress. However, for dm-raid, in...

CVE-2024-27023

In the Linux kernel, the following vulnerability has been resolved: md: Fix missing release of 'activeio' for flush submitflushes atomicset&mddev-flushpending, 1; rdevforeachrcurdev, mddev atomicinc&mddev-flushpending; bi-biendio = mdendflush submitbiobi; / flush io is done first / mdendflush if...

AZL-54572 CVE-2024-26962 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape For raid456, if reshape is still in progress, then IO across reshape position will wait for reshape to make progress. However, for dm-raid, in...

UBUNTU-CVE-2024-26962

In the Linux kernel, the following vulnerability has been resolved: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape For raid456, if reshape is still in progress, then IO across reshape position will wait for reshape to make progress. However, for dm-raid, in...

kernel: md/raid5-cache: fix a deadlock in r5l_exit_log()

A deadlock vulnerability was found in the md RAID5 cache r5l subsystem in the Linux kernel. In r5lexitlog, flushwork is called while holding reconfigmutex, which waits for disablewritebackwork to complete. However, r5cdisablewritebackasync calls waitevent which requires conf-log to be NULL, but...

kernel: refscale: Fix uninitalized use of wait_queue_head_t

A use of uninitialized data was found in the refscale test module. The waitqueueheadt is used before being initialized, causing a race condition that can crash the kernel during testing...

kernel: drm/amdgpu: install stub fence into potential unused fence pointers

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: install stub fence into potential unused fence pointers When using cpu to update page tables, vm update fences are unused. Install stub fence into these fence pointers instead of NULL to avoid NULL dereference when...

kernel: scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Remove unused nvmelswaitq wait queue System crash when qla2x00startspsp returns error code EGAIN and wakeup gets called for uninitialized wait queue sp-nvmelswaitq. qla2xxx 0000:37:00.1-2121:5: Returning existing...

SUSE CVE-2022-48666

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a use-after-free There are two .exitcmdpriv implementations. Both implementations use resources associated with the SCSI host. Make sure that these resources are still available when .exitcmdpriv is called by...

UBUNTU-CVE-2022-48634

In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gmacrtcpageflip was holding the eventlock spinlock while calling crtcfuncs-modesetbase which takes wwmutex. The only reason to hold eventlock is to clear...

SUSE CVE-2024-26708

In the Linux kernel, the following vulnerability has been resolved: mptcp: really cope with fastopen race Fastopen and PM-trigger subflow shutdown can race, as reported by syzkaller. In my first attempt to close such race, I missed the fact that the subflow status can change again before the...

SUSE CVE-2024-26671

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blkmqmarktagwait, addwaitqueue may be re-ordered with the following blkmqgetdrivertag in case of getting driver tag failure. Then in sbitmapqueuewakeup, waitqueueactive may not...

SUSE CVE-2024-26657

In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpucswaitioctl to the AMDGPU DRM driver on any ASICs with valid context. The bug was reported by Joonkyo Jung . For example the following code...

DEBIAN-CVE-2024-26696

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix hang in nilfslookupdirtydatabuffers Syzbot reported a hang issue in migratepagesbatch called by mbind and nilfslookupdirtydatabuffers called in the log writer of nilfs2. While migratepagesbatch locks a folio and waits...