Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> power: supply: core: Fix boundary conditions in interpolation<br /> <br /> The functions power_supply_temp2resist_simple and power_supply_ocv2cap_simple<br /> handle boundary conditions incorrectly.<br /> The change was introduced in a4585ba2050f460f749bbaf2b67bd56c41e30283<br /> ("power: supply: core: Use library interpolation").<br /> There are two issues: First, the lines "high = i - 1" and "high = i" in ocv2cap<br /> have the wrong order compared to temp2resist. As a consequence, ocv2cap<br /> sets high=-1 if ocv&gt;table[0].ocv, which causes an out-of-bounds read.<br /> Second, the logic of temp2resist is also not correct.<br /> Consider the case table[] = {{20, 100}, {10, 80}, {0, 60}}.<br /> For temp=5, we expect a resistance of 70% by interpolation.<br /> However, temp2resist sets high=low=2 and returns 60.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> serial: 8250: Fix PM usage_count for console handover<br /> <br /> When console is enabled, univ8250_console_setup() calls<br /> serial8250_console_setup() before .dev is set to uart_port. Therefore,<br /> it will not call pm_runtime_get_sync(). Later, when the actual driver<br /> is going to take over univ8250_console_exit() is called. As .dev is<br /> already set, serial8250_console_exit() makes pm_runtime_put_sync() call<br /> with usage count being zero triggering PM usage count warning<br /> (extra debug for univ8250_console_setup(), univ8250_console_exit(), and<br /> serial8250_register_ports()):<br /> <br /> [ 0.068987] univ8250_console_setup ttyS0 nodev<br /> [ 0.499670] printk: console [ttyS0] enabled<br /> [ 0.717955] printk: console [ttyS0] printing thread started<br /> [ 1.960163] serial8250_register_ports assigned dev for ttyS0<br /> [ 1.976830] printk: console [ttyS0] disabled<br /> [ 1.976888] printk: console [ttyS0] printing thread stopped<br /> [ 1.977073] univ8250_console_exit ttyS0 usage:0<br /> [ 1.977075] serial8250 serial8250: Runtime PM usage count underflow!<br /> [ 1.977429] dw-apb-uart.6: ttyS0 at MMIO 0x4010006000 (irq = 33, base_baud = 115200) is a 16550A<br /> [ 1.977812] univ8250_console_setup ttyS0 usage:2<br /> [ 1.978167] printk: console [ttyS0] printing thread started<br /> [ 1.978203] printk: console [ttyS0] enabled<br /> <br /> To fix the issue, call pm_runtime_get_sync() in<br /> serial8250_register_ports() as soon as .dev is set for an uart_port<br /> if it has console enabled.<br /> <br /> This problem became apparent only recently because 82586a721595 ("PM:<br /> runtime: Avoid device usage count underflows") added the warning<br /> printout. I confirmed this problem also occurs with v5.18 (w/o the<br /> warning printout, obviously).

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ASoC: rt711-sdca: fix kernel NULL pointer dereference when IO error<br /> <br /> The initial settings will be written before the codec probe function.<br /> But, the rt711-&gt;component doesn&amp;#39;t be assigned yet.<br /> If IO error happened during initial settings operations, it will cause the kernel panic.<br /> This patch changed component-&gt;dev to slave-&gt;dev to fix this issue.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tcp: Fix a data-race around sysctl_tcp_probe_threshold.<br /> <br /> While reading sysctl_tcp_probe_threshold, it can be changed concurrently.<br /> Thus, we need to add READ_ONCE() to its reader.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tcp: Fix data-races around sysctl_tcp_min_snd_mss.<br /> <br /> While reading sysctl_tcp_min_snd_mss, it can be changed concurrently.<br /> Thus, we need to add READ_ONCE() to its readers.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tcp: Fix data-races around sysctl_tcp_base_mss.<br /> <br /> While reading sysctl_tcp_base_mss, it can be changed concurrently.<br /> Thus, we need to add READ_ONCE() to its readers.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tcp: Fix data-races around sysctl_tcp_mtu_probing.<br /> <br /> While reading sysctl_tcp_mtu_probing, it can be changed concurrently.<br /> Thus, we need to add READ_ONCE() to its readers.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tcp: Fix data-races around sysctl_tcp_l3mdev_accept.<br /> <br /> While reading sysctl_tcp_l3mdev_accept, it can be changed concurrently.<br /> Thus, we need to add READ_ONCE() to its readers.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ip: Fix a data-race around sysctl_ip_autobind_reuse.<br /> <br /> While reading sysctl_ip_autobind_reuse, it can be changed concurrently.<br /> Thus, we need to add READ_ONCE() to its reader.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept.<br /> <br /> While reading sysctl_tcp_fwmark_accept, it can be changed concurrently.<br /> Thus, we need to add READ_ONCE() to its reader.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ip: Fix a data-race around sysctl_fwmark_reflect.<br /> <br /> While reading sysctl_fwmark_reflect, it can be changed concurrently.<br /> Thus, we need to add READ_ONCE() to its reader.