Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang &gt; 15.0.6<br /> <br /> A bad bug in clang&amp;#39;s implementation of -fzero-call-used-regs can result<br /> in NULL pointer dereferences (see the links above the check for more<br /> information). Restrict CONFIG_CC_HAS_ZERO_CALL_USED_REGS to either a<br /> supported GCC version or a clang newer than 15.0.6, which will catch<br /> both a theoretical 15.0.7 and the upcoming 16.0.0, which will both have<br /> the bug fixed.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drivers: mcb: fix resource leak in mcb_probe()<br /> <br /> When probe hook function failed in mcb_probe(), it doesn&amp;#39;t put the device.<br /> Compiled test only.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr<br /> <br /> KASAN reported this Bug:<br /> <br /> [17619.659757] BUG: KASAN: global-out-of-bounds in param_get_int+0x34/0x60<br /> [17619.673193] Read of size 4 at addr fffff01332d7ed00 by task read_all/1507958<br /> ...<br /> [17619.698934] The buggy address belongs to the variable:<br /> [17619.708371] sgl_sge_nr+0x0/0xffffffffffffa300 [hisi_zip]<br /> <br /> There is a mismatch in hisi_zip when get/set the variable sgl_sge_nr.<br /> The type of sgl_sge_nr is u16, and get/set sgl_sge_nr by<br /> param_get/set_int.<br /> <br /> Replacing param_get/set_int to param_get/set_ushort can fix this bug.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext2: Add sanity checks for group and filesystem size<br /> <br /> Add sanity check that filesystem size does not exceed the underlying<br /> device size and that group size is big enough so that metadata can fit<br /> into it. This avoid trying to mount some crafted filesystems with<br /> extremely large group counts.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ipv6: ensure sane device mtu in tunnels<br /> <br /> Another syzbot report [1] with no reproducer hints<br /> at a bug in ip6_gre tunnel (dev:ip6gretap0)<br /> <br /> Since ipv6 mcast code makes sure to read dev-&gt;mtu once<br /> and applies a sanity check on it (see commit b9b312a7a451<br /> "ipv6: mcast: better catch silly mtu values"), a remaining<br /> possibility is that a layer is able to set dev-&gt;mtu to<br /> an underflowed value (high order bit set).<br /> <br /> This could happen indeed in ip6gre_tnl_link_config_route(),<br /> ip6_tnl_link_config() and ipip6_tunnel_bind_dev()<br /> <br /> Make sure to sanitize mtu value in a local variable before<br /> it is written once on dev-&gt;mtu, as lockless readers could<br /> catch wrong temporary value.<br /> <br /> [1]<br /> skbuff: skb_over_panic: text:ffff80000b7a2f38 len:40 put:40 head:ffff000149dcf200 data:ffff000149dcf2b0 tail:0xd8 end:0xc0 dev:ip6gretap0<br /> ------------[ cut here ]------------<br /> kernel BUG at net/core/skbuff.c:120<br /> Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP<br /> Modules linked in:<br /> CPU: 1 PID: 10241 Comm: kworker/1:1 Not tainted 6.0.0-rc7-syzkaller-18095-gbbed346d5a96 #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/30/2022<br /> Workqueue: mld mld_ifc_work<br /> pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : skb_panic+0x4c/0x50 net/core/skbuff.c:116<br /> lr : skb_panic+0x4c/0x50 net/core/skbuff.c:116<br /> sp : ffff800020dd3b60<br /> x29: ffff800020dd3b70 x28: 0000000000000000 x27: ffff00010df2a800<br /> x26: 00000000000000c0 x25: 00000000000000b0 x24: ffff000149dcf200<br /> x23: 00000000000000c0 x22: 00000000000000d8 x21: ffff80000b7a2f38<br /> x20: ffff00014c2f7800 x19: 0000000000000028 x18: 00000000000001a9<br /> x17: 0000000000000000 x16: ffff80000db49158 x15: ffff000113bf1a80<br /> x14: 0000000000000000 x13: 00000000ffffffff x12: ffff000113bf1a80<br /> x11: ff808000081c0d5c x10: 0000000000000000 x9 : 73f125dc5c63ba00<br /> x8 : 73f125dc5c63ba00 x7 : ffff800008161d1c x6 : 0000000000000000<br /> x5 : 0000000000000080 x4 : 0000000000000001 x3 : 0000000000000000<br /> x2 : ffff0001fefddcd0 x1 : 0000000100000000 x0 : 0000000000000089<br /> Call trace:<br /> skb_panic+0x4c/0x50 net/core/skbuff.c:116<br /> skb_over_panic net/core/skbuff.c:125 [inline]<br /> skb_put+0xd4/0xdc net/core/skbuff.c:2049<br /> ip6_mc_hdr net/ipv6/mcast.c:1714 [inline]<br /> mld_newpack+0x14c/0x270 net/ipv6/mcast.c:1765<br /> add_grhead net/ipv6/mcast.c:1851 [inline]<br /> add_grec+0xa20/0xae0 net/ipv6/mcast.c:1989<br /> mld_send_cr+0x438/0x5a8 net/ipv6/mcast.c:2115<br /> mld_ifc_work+0x38/0x290 net/ipv6/mcast.c:2653<br /> process_one_work+0x2d8/0x504 kernel/workqueue.c:2289<br /> worker_thread+0x340/0x610 kernel/workqueue.c:2436<br /> kthread+0x12c/0x158 kernel/kthread.c:376<br /> ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860<br /> Code: 91011400 aa0803e1 a90027ea 94373093 (d4210000)

Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2022. Notes: none.

Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2022. Notes: none.

Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2022. Notes: none.

Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2022. Notes: none.

Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2022. Notes: none.

Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2022. Notes: none.

Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2022. Notes: none.