Action not permitted
Modal body text goes here.
Modal Title
Modal Body
alsa-2024:8870
Vulnerability from osv_almalinux
Published
2024-11-05 00:00
Modified
2024-11-06 09:52
Summary
Moderate: kernel-rt security update
Details
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)
- kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)
- kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)
- kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)
- kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)
- kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)
- kernel: nouveau: lock the client object tree. (CVE-2024-27062)
- kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)
- kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)
- kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)
- kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)
- kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)
- kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)
- kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)
- kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503)
- kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)
- kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)
- kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)
- kernel: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CVE-2024-40984)
- kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)
- kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)
- kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)
- kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)
- kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)
- kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)
- kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)
- kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)
- kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)
- kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)
- kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)
- kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)
- kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)
- kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)
- kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)
- kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)
- kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)
- kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)
- kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)
- kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)
- kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)
- kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)
- kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-debug-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-rt-modules-extra"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-553.27.1.rt7.368.el8_10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. \n\nSecurity Fix(es): \n\n * kernel: net/bluetooth: race condition in conn_info_{min,max}_age_set() (CVE-2024-24857)\n * kernel: dmaengine: fix NULL pointer in channel unregistration function (CVE-2023-52492)\n * kernel: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (CVE-2024-26851)\n * kernel: netfilter: nft_set_pipapo: do not free live element (CVE-2024-26924)\n * kernel: netfilter: nft_set_pipapo: walk over current view on netlink dump (CVE-2024-27017)\n * kernel: KVM: Always flush async #PF workqueue when vCPU is being destroyed (CVE-2024-26976)\n * kernel: nouveau: lock the client object tree. (CVE-2024-27062)\n * kernel: netfilter: bridge: replace physindev with physinif in nf_bridge_info (CVE-2024-35839)\n * kernel: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (CVE-2024-35898)\n * kernel: dma-direct: Leak pages on dma_set_decrypted() failure (CVE-2024-35939)\n * kernel: net/mlx5e: Fix netif state handling (CVE-2024-38608)\n * kernel: r8169: Fix possible ring buffer corruption on fragmented Tx packets. (CVE-2024-38586)\n * kernel: of: module: add buffer overflow check in of_modalias() (CVE-2024-38541)\n * kernel: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (CVE-2024-38540)\n * kernel: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (CVE-2024-39503)\n * kernel: drm/i915/dpt: Make DPT object unshrinkable (CVE-2024-40924)\n * kernel: ipv6: prevent possible NULL deref in fib6_nh_init() (CVE-2024-40961)\n * kernel: tipc: force a dst refcount before doing decryption (CVE-2024-40983)\n * kernel: ACPICA: Revert \u0026#34;ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\u0026#34; (CVE-2024-40984)\n * kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CVE-2022-48773)\n * kernel: bpf: Fix overrunning reservations in ringbuf (CVE-2024-41009)\n * kernel: netfilter: nf_tables: prefer nft_chain_validate (CVE-2024-41042)\n * kernel: ibmvnic: Add tx check to prevent skb leak (CVE-2024-41066)\n * kernel: drm/i915/gt: Fix potential UAF by revoke of fence registers (CVE-2024-41092)\n * kernel: drm/amdgpu: avoid using null object of framebuffer (CVE-2024-41093)\n * kernel: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (CVE-2024-42070)\n * kernel: gfs2: Fix NULL pointer dereference in gfs2_log_flush (CVE-2024-42079)\n * kernel: USB: serial: mos7840: fix crash on resume (CVE-2024-42244)\n * kernel: tipc: Return non-zero value from tipc_udp_addr2str() on error (CVE-2024-42284)\n * kernel: kobject_uevent: Fix OOB access within zap_modalias_env() (CVE-2024-42292)\n * kernel: dev/parport: fix the array out-of-bounds risk (CVE-2024-42301)\n * kernel: block: initialize integrity buffer to zero before writing it to media (CVE-2024-43854)\n * kernel: mlxsw: spectrum_acl_erp: Fix object nesting warning (CVE-2024-43880)\n * kernel: gso: do not skip outer ip header in case of ipip and net_failover (CVE-2022-48936)\n * kernel: padata: Fix possible divide-by-0 panic in padata_mt_helper() (CVE-2024-43889)\n * kernel: memcg: protect concurrent access to mem_cgroup_idr (CVE-2024-43892)\n * kernel: sctp: Fix null-ptr-deref in reuseport_add_sock(). (CVE-2024-44935)\n * kernel: bonding: fix xfrm real_dev null pointer dereference (CVE-2024-44989)\n * kernel: bonding: fix null pointer deref in bond_ipsec_offload_ok (CVE-2024-44990)\n * kernel: netfilter: flowtable: initialise extack before use (CVE-2024-45018)\n * kernel: ELF: fix kernel.randomize_va_space double read (CVE-2024-46826)\n * kernel: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (CVE-2024-47668)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2024:8870",
"modified": "2024-11-06T09:52:31Z",
"published": "2024-11-05T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:8870"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-48773"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-48936"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-52492"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-24857"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-26851"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-26924"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-26976"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-27017"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-27062"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-35839"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-35898"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-35939"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-38540"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-38541"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-38586"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-38608"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-39503"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-40924"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-40961"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-40983"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-40984"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41009"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41042"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41066"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41092"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41093"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-42070"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-42079"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-42244"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-42284"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-42292"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-42301"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-43854"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-43880"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-43889"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-43892"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-44935"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-44989"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-44990"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-45018"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-46826"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-47668"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2266247"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2269183"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2275750"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2277168"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278262"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278350"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2278387"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2281284"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2281669"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2281817"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2293356"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2293402"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2293458"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2293459"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297475"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297508"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297545"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297567"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2297568"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2298109"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2298412"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2300412"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2300442"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2300487"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2300488"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2300508"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2300517"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2307862"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2307865"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2307892"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2309852"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2309853"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2311715"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2315178"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2317601"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-8870.html"
}
],
"related": [
"CVE-2024-24857",
"CVE-2023-52492",
"CVE-2024-26851",
"CVE-2024-26924",
"CVE-2024-27017",
"CVE-2024-26976",
"CVE-2024-27062",
"CVE-2024-35839",
"CVE-2024-35898",
"CVE-2024-35939",
"CVE-2024-38608",
"CVE-2024-38586",
"CVE-2024-38541",
"CVE-2024-38540",
"CVE-2024-39503",
"CVE-2024-40924",
"CVE-2024-40961",
"CVE-2024-40983",
"CVE-2024-40984",
"CVE-2022-48773",
"CVE-2024-41009",
"CVE-2024-41042",
"CVE-2024-41066",
"CVE-2024-41092",
"CVE-2024-41093",
"CVE-2024-42070",
"CVE-2024-42079",
"CVE-2024-42244",
"CVE-2024-42284",
"CVE-2024-42292",
"CVE-2024-42301",
"CVE-2024-43854",
"CVE-2024-43880",
"CVE-2022-48936",
"CVE-2024-43889",
"CVE-2024-43892",
"CVE-2024-44935",
"CVE-2024-44989",
"CVE-2024-44990",
"CVE-2024-45018",
"CVE-2024-46826",
"CVE-2024-47668"
],
"summary": "Moderate: kernel-rt security update"
}
CVE-2024-44990 (GCVE-0-2024-44990)
Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:14
VLAI?
EPSS
Title
bonding: fix null pointer deref in bond_ipsec_offload_ok
Summary
In the Linux kernel, the following vulnerability has been resolved:
bonding: fix null pointer deref in bond_ipsec_offload_ok
We must check if there is an active slave before dereferencing the pointer.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 81216b9352be43f8958092d379f6dec85443c309
(git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59 (git) Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 32a0173600c63aadaf2103bf02f074982e8602ab (git) Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 0707260a18312bbcd2a5668584e3692d0a29e3f6 (git) Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < b70b0ddfed31fc92c8dc722d0afafc8e14cb550c (git) Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 95c90e4ad89d493a7a14fa200082e466e2548f9d (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T20:19:45.863668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T20:21:23.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:14:46.719Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/bonding/bond_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "81216b9352be43f8958092d379f6dec85443c309",
"status": "affected",
"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
"versionType": "git"
},
{
"lessThan": "2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59",
"status": "affected",
"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
"versionType": "git"
},
{
"lessThan": "32a0173600c63aadaf2103bf02f074982e8602ab",
"status": "affected",
"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
"versionType": "git"
},
{
"lessThan": "0707260a18312bbcd2a5668584e3692d0a29e3f6",
"status": "affected",
"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
"versionType": "git"
},
{
"lessThan": "b70b0ddfed31fc92c8dc722d0afafc8e14cb550c",
"status": "affected",
"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
"versionType": "git"
},
{
"lessThan": "95c90e4ad89d493a7a14fa200082e466e2548f9d",
"status": "affected",
"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/bonding/bond_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix null pointer deref in bond_ipsec_offload_ok\n\nWe must check if there is an active slave before dereferencing the pointer."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:30:33.385Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/81216b9352be43f8958092d379f6dec85443c309"
},
{
"url": "https://git.kernel.org/stable/c/2f5bdd68c1ce64bda6bef4d361a3de23b04ccd59"
},
{
"url": "https://git.kernel.org/stable/c/32a0173600c63aadaf2103bf02f074982e8602ab"
},
{
"url": "https://git.kernel.org/stable/c/0707260a18312bbcd2a5668584e3692d0a29e3f6"
},
{
"url": "https://git.kernel.org/stable/c/b70b0ddfed31fc92c8dc722d0afafc8e14cb550c"
},
{
"url": "https://git.kernel.org/stable/c/95c90e4ad89d493a7a14fa200082e466e2548f9d"
}
],
"title": "bonding: fix null pointer deref in bond_ipsec_offload_ok",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-44990",
"datePublished": "2024-09-04T19:54:37.518Z",
"dateReserved": "2024-08-21T05:34:56.671Z",
"dateUpdated": "2025-11-03T22:14:46.719Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26924 (GCVE-0-2024-26924)
Vulnerability from cvelistv5 – Published: 2024-04-24 21:49 – Updated: 2025-11-04 17:14
VLAI?
EPSS
Title
netfilter: nft_set_pipapo: do not free live element
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: do not free live element
Pablo reports a crash with large batches of elements with a
back-to-back add/remove pattern. Quoting Pablo:
add_elem("00000000") timeout 100 ms
...
add_elem("0000000X") timeout 100 ms
del_elem("0000000X") <---------------- delete one that was just added
...
add_elem("00005000") timeout 100 ms
1) nft_pipapo_remove() removes element 0000000X
Then, KASAN shows a splat.
Looking at the remove function there is a chance that we will drop a
rule that maps to a non-deactivated element.
Removal happens in two steps, first we do a lookup for key k and return the
to-be-removed element and mark it as inactive in the next generation.
Then, in a second step, the element gets removed from the set/map.
The _remove function does not work correctly if we have more than one
element that share the same key.
This can happen if we insert an element into a set when the set already
holds an element with same key, but the element mapping to the existing
key has timed out or is not active in the next generation.
In such case its possible that removal will unmap the wrong element.
If this happens, we will leak the non-deactivated element, it becomes
unreachable.
The element that got deactivated (and will be freed later) will
remain reachable in the set data structure, this can result in
a crash when such an element is retrieved during lookup (stale
pointer).
Add a check that the fully matching key does in fact map to the element
that we have marked as inactive in the deactivation step.
If not, we need to continue searching.
Add a bug/warn trap at the end of the function as well, the remove
function must not ever be called with an invisible/unreachable/non-existent
element.
v2: avoid uneeded temporary variable (Stefano)
Severity ?
5.9 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
3c4287f62044a90e73a561aa05fc46e62da173da , < e3b887a9c11caf8357a821260e095f2a694a34f2
(git)
Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < 7a1679e2d9bfa3b5f8755c2c7113e54b7d42bd46 (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < 41d8fdf3afaff312e17466e4ab732937738d5644 (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < ebf7c9746f073035ee26209e38c3a1170f7b349a (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < 14b001ba221136c15f894577253e8db535b99487 (git) Affected: 3c4287f62044a90e73a561aa05fc46e62da173da , < 3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc (git) |
||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.6"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "3c4287f62044"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-29T16:46:54.309255Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:49:06.077Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:14:47.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3b887a9c11caf8357a821260e095f2a694a34f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a1679e2d9bfa3b5f8755c2c7113e54b7d42bd46"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41d8fdf3afaff312e17466e4ab732937738d5644"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ebf7c9746f073035ee26209e38c3a1170f7b349a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14b001ba221136c15f894577253e8db535b99487"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e3b887a9c11caf8357a821260e095f2a694a34f2",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "7a1679e2d9bfa3b5f8755c2c7113e54b7d42bd46",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "41d8fdf3afaff312e17466e4ab732937738d5644",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "ebf7c9746f073035ee26209e38c3a1170f7b349a",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "14b001ba221136c15f894577253e8db535b99487",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
},
{
"lessThan": "3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc",
"status": "affected",
"version": "3c4287f62044a90e73a561aa05fc46e62da173da",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.88",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.29",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.216",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.157",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.88",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.29",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: do not free live element\n\nPablo reports a crash with large batches of elements with a\nback-to-back add/remove pattern. Quoting Pablo:\n\n add_elem(\"00000000\") timeout 100 ms\n ...\n add_elem(\"0000000X\") timeout 100 ms\n del_elem(\"0000000X\") \u003c---------------- delete one that was just added\n ...\n add_elem(\"00005000\") timeout 100 ms\n\n 1) nft_pipapo_remove() removes element 0000000X\n Then, KASAN shows a splat.\n\nLooking at the remove function there is a chance that we will drop a\nrule that maps to a non-deactivated element.\n\nRemoval happens in two steps, first we do a lookup for key k and return the\nto-be-removed element and mark it as inactive in the next generation.\nThen, in a second step, the element gets removed from the set/map.\n\nThe _remove function does not work correctly if we have more than one\nelement that share the same key.\n\nThis can happen if we insert an element into a set when the set already\nholds an element with same key, but the element mapping to the existing\nkey has timed out or is not active in the next generation.\n\nIn such case its possible that removal will unmap the wrong element.\nIf this happens, we will leak the non-deactivated element, it becomes\nunreachable.\n\nThe element that got deactivated (and will be freed later) will\nremain reachable in the set data structure, this can result in\na crash when such an element is retrieved during lookup (stale\npointer).\n\nAdd a check that the fully matching key does in fact map to the element\nthat we have marked as inactive in the deactivation step.\nIf not, we need to continue searching.\n\nAdd a bug/warn trap at the end of the function as well, the remove\nfunction must not ever be called with an invisible/unreachable/non-existent\nelement.\n\nv2: avoid uneeded temporary variable (Stefano)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:59:49.595Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e3b887a9c11caf8357a821260e095f2a694a34f2"
},
{
"url": "https://git.kernel.org/stable/c/7a1679e2d9bfa3b5f8755c2c7113e54b7d42bd46"
},
{
"url": "https://git.kernel.org/stable/c/41d8fdf3afaff312e17466e4ab732937738d5644"
},
{
"url": "https://git.kernel.org/stable/c/ebf7c9746f073035ee26209e38c3a1170f7b349a"
},
{
"url": "https://git.kernel.org/stable/c/14b001ba221136c15f894577253e8db535b99487"
},
{
"url": "https://git.kernel.org/stable/c/3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc"
}
],
"title": "netfilter: nft_set_pipapo: do not free live element",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26924",
"datePublished": "2024-04-24T21:49:22.631Z",
"dateReserved": "2024-02-19T14:20:24.194Z",
"dateUpdated": "2025-11-04T17:14:47.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38541 (GCVE-0-2024-38541)
Vulnerability from cvelistv5 – Published: 2024-06-19 13:35 – Updated: 2025-11-03 19:30
VLAI?
EPSS
Title
of: module: add buffer overflow check in of_modalias()
Summary
In the Linux kernel, the following vulnerability has been resolved:
of: module: add buffer overflow check in of_modalias()
In of_modalias(), if the buffer happens to be too small even for the 1st
snprintf() call, the len parameter will become negative and str parameter
(if not NULL initially) will point beyond the buffer's end. Add the buffer
overflow check after the 1st snprintf() call and fix such check after the
strlen() call (accounting for the terminating NUL char).
Severity ?
9.8 (Critical)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
bc575064d688c8933a6ca51429bea9bc63628d3b , < 46795440ef2b4ac919d09310a69a404c5bc90a88
(git)
Affected: bc575064d688c8933a6ca51429bea9bc63628d3b , < 733e62786bdf1b2b9dbb09ba2246313306503414 (git) Affected: bc575064d688c8933a6ca51429bea9bc63628d3b , < c7f24b7d94549ff4623e8f41ea4d9f5319bd8ac8 (git) Affected: bc575064d688c8933a6ca51429bea9bc63628d3b , < 5d59fd637a8af42b211a92b2edb2474325b4d488 (git) Affected: bc575064d688c8933a6ca51429bea9bc63628d3b , < 0b0d5701a8bf02f8fee037e81aacf6746558bfd6 (git) Affected: bc575064d688c8933a6ca51429bea9bc63628d3b , < ee332023adfd5882808f2dabf037b32d6ce36f9e (git) Affected: bc575064d688c8933a6ca51429bea9bc63628d3b , < e45b69360a63165377b30db4a1dfddd89ca18e9a (git) Affected: bc575064d688c8933a6ca51429bea9bc63628d3b , < cf7385cb26ac4f0ee6c7385960525ad534323252 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "0b0d5701a8bf",
"status": "affected",
"version": "bc575064d688",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ee332023adfd",
"status": "affected",
"version": "bc575064d688",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e45b69360a63",
"status": "affected",
"version": "bc575064d688",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "cf7385cb26ac",
"status": "affected",
"version": "bc575064d688",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.14"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.33",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.12",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.10",
"status": "unaffected",
"version": "6.9.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.10-rc1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38541",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T19:51:57.578646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T13:56:15.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:30:14.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b0d5701a8bf02f8fee037e81aacf6746558bfd6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee332023adfd5882808f2dabf037b32d6ce36f9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e45b69360a63165377b30db4a1dfddd89ca18e9a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf7385cb26ac4f0ee6c7385960525ad534323252"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/of/module.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "46795440ef2b4ac919d09310a69a404c5bc90a88",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "733e62786bdf1b2b9dbb09ba2246313306503414",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "c7f24b7d94549ff4623e8f41ea4d9f5319bd8ac8",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "5d59fd637a8af42b211a92b2edb2474325b4d488",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "0b0d5701a8bf02f8fee037e81aacf6746558bfd6",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "ee332023adfd5882808f2dabf037b32d6ce36f9e",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "e45b69360a63165377b30db4a1dfddd89ca18e9a",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
},
{
"lessThan": "cf7385cb26ac4f0ee6c7385960525ad534323252",
"status": "affected",
"version": "bc575064d688c8933a6ca51429bea9bc63628d3b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/of/module.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.294",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.238",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.182",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.294",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.238",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.182",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.136",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: module: add buffer overflow check in of_modalias()\n\nIn of_modalias(), if the buffer happens to be too small even for the 1st\nsnprintf() call, the len parameter will become negative and str parameter\n(if not NULL initially) will point beyond the buffer\u0027s end. Add the buffer\noverflow check after the 1st snprintf() call and fix such check after the\nstrlen() call (accounting for the terminating NUL char)."
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T12:57:16.081Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/46795440ef2b4ac919d09310a69a404c5bc90a88"
},
{
"url": "https://git.kernel.org/stable/c/733e62786bdf1b2b9dbb09ba2246313306503414"
},
{
"url": "https://git.kernel.org/stable/c/c7f24b7d94549ff4623e8f41ea4d9f5319bd8ac8"
},
{
"url": "https://git.kernel.org/stable/c/5d59fd637a8af42b211a92b2edb2474325b4d488"
},
{
"url": "https://git.kernel.org/stable/c/0b0d5701a8bf02f8fee037e81aacf6746558bfd6"
},
{
"url": "https://git.kernel.org/stable/c/ee332023adfd5882808f2dabf037b32d6ce36f9e"
},
{
"url": "https://git.kernel.org/stable/c/e45b69360a63165377b30db4a1dfddd89ca18e9a"
},
{
"url": "https://git.kernel.org/stable/c/cf7385cb26ac4f0ee6c7385960525ad534323252"
}
],
"title": "of: module: add buffer overflow check in of_modalias()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38541",
"datePublished": "2024-06-19T13:35:16.637Z",
"dateReserved": "2024-06-18T19:36:34.919Z",
"dateUpdated": "2025-11-03T19:30:14.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43880 (GCVE-0-2024-43880)
Vulnerability from cvelistv5 – Published: 2024-08-21 00:06 – Updated: 2025-11-03 22:06
VLAI?
EPSS
Title
mlxsw: spectrum_acl_erp: Fix object nesting warning
Summary
In the Linux kernel, the following vulnerability has been resolved:
mlxsw: spectrum_acl_erp: Fix object nesting warning
ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM
(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can
contain more ACLs (i.e., tc filters), but the number of masks in each
region (i.e., tc chain) is limited.
In order to mitigate the effects of the above limitation, the device
allows filters to share a single mask if their masks only differ in up
to 8 consecutive bits. For example, dst_ip/25 can be represented using
dst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the
number of masks being used (and therefore does not support mask
aggregation), but can contain a limited number of filters.
The driver uses the "objagg" library to perform the mask aggregation by
passing it objects that consist of the filter's mask and whether the
filter is to be inserted into the A-TCAM or the C-TCAM since filters in
different TCAMs cannot share a mask.
The set of created objects is dependent on the insertion order of the
filters and is not necessarily optimal. Therefore, the driver will
periodically ask the library to compute a more optimal set ("hints") by
looking at all the existing objects.
When the library asks the driver whether two objects can be aggregated
the driver only compares the provided masks and ignores the A-TCAM /
C-TCAM indication. This is the right thing to do since the goal is to
move as many filters as possible to the A-TCAM. The driver also forbids
two identical masks from being aggregated since this can only happen if
one was intentionally put in the C-TCAM to avoid a conflict in the
A-TCAM.
The above can result in the following set of hints:
H1: {mask X, A-TCAM} -> H2: {mask Y, A-TCAM} // X is Y + delta
H3: {mask Y, C-TCAM} -> H4: {mask Z, A-TCAM} // Y is Z + delta
After getting the hints from the library the driver will start migrating
filters from one region to another while consulting the computed hints
and instructing the device to perform a lookup in both regions during
the transition.
Assuming a filter with mask X is being migrated into the A-TCAM in the
new region, the hints lookup will return H1. Since H2 is the parent of
H1, the library will try to find the object associated with it and
create it if necessary in which case another hints lookup (recursive)
will be performed. This hints lookup for {mask Y, A-TCAM} will either
return H2 or H3 since the driver passes the library an object comparison
function that ignores the A-TCAM / C-TCAM indication.
This can eventually lead to nested objects which are not supported by
the library [1].
Fix by removing the object comparison function from both the driver and
the library as the driver was the only user. That way the lookup will
only return exact matches.
I do not have a reliable reproducer that can reproduce the issue in a
timely manner, but before the fix the issue would reproduce in several
minutes and with the fix it does not reproduce in over an hour.
Note that the current usefulness of the hints is limited because they
include the C-TCAM indication and represent aggregation that cannot
actually happen. This will be addressed in net-next.
[1]
WARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0
Modules linked in:
CPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42
Hardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018
Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work
RIP: 0010:objagg_obj_parent_assign+0xb5/0xd0
[...]
Call Trace:
<TASK>
__objagg_obj_get+0x2bb/0x580
objagg_obj_get+0xe/0x80
mlxsw_sp_acl_erp_mask_get+0xb5/0xf0
mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0
mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0
mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270
mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510
process_one_work+0x151/0x370
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
9069a3817d82b01b3a55da382c774e3575946130 , < 4dc09f6f260db3c4565a4ec52ba369393598f2fb
(git)
Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 36a9996e020dd5aa325e0ecc55eb2328288ea6bb (git) Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 9a5261a984bba4f583d966c550fa72c33ff3714e (git) Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 25c6fd9648ad05da493a5d30881896a78a08b624 (git) Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 0e59c2d22853266704e127915653598f7f104037 (git) Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < fb5d4fc578e655d113f09565f6f047e15f7ab578 (git) Affected: 9069a3817d82b01b3a55da382c774e3575946130 , < 97d833ceb27dc19f8777d63f90be4a27b5daeedf (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:05:51.322073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:17.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:06:33.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c",
"include/linux/objagg.h",
"lib/objagg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4dc09f6f260db3c4565a4ec52ba369393598f2fb",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "36a9996e020dd5aa325e0ecc55eb2328288ea6bb",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "9a5261a984bba4f583d966c550fa72c33ff3714e",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "25c6fd9648ad05da493a5d30881896a78a08b624",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "0e59c2d22853266704e127915653598f7f104037",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "fb5d4fc578e655d113f09565f6f047e15f7ab578",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
},
{
"lessThan": "97d833ceb27dc19f8777d63f90be4a27b5daeedf",
"status": "affected",
"version": "9069a3817d82b01b3a55da382c774e3575946130",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_erp.c",
"include/linux/objagg.h",
"lib/objagg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_erp: Fix object nesting warning\n\nACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM\n(A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can\ncontain more ACLs (i.e., tc filters), but the number of masks in each\nregion (i.e., tc chain) is limited.\n\nIn order to mitigate the effects of the above limitation, the device\nallows filters to share a single mask if their masks only differ in up\nto 8 consecutive bits. For example, dst_ip/25 can be represented using\ndst_ip/24 with a delta of 1 bit. The C-TCAM does not have a limit on the\nnumber of masks being used (and therefore does not support mask\naggregation), but can contain a limited number of filters.\n\nThe driver uses the \"objagg\" library to perform the mask aggregation by\npassing it objects that consist of the filter\u0027s mask and whether the\nfilter is to be inserted into the A-TCAM or the C-TCAM since filters in\ndifferent TCAMs cannot share a mask.\n\nThe set of created objects is dependent on the insertion order of the\nfilters and is not necessarily optimal. Therefore, the driver will\nperiodically ask the library to compute a more optimal set (\"hints\") by\nlooking at all the existing objects.\n\nWhen the library asks the driver whether two objects can be aggregated\nthe driver only compares the provided masks and ignores the A-TCAM /\nC-TCAM indication. This is the right thing to do since the goal is to\nmove as many filters as possible to the A-TCAM. The driver also forbids\ntwo identical masks from being aggregated since this can only happen if\none was intentionally put in the C-TCAM to avoid a conflict in the\nA-TCAM.\n\nThe above can result in the following set of hints:\n\nH1: {mask X, A-TCAM} -\u003e H2: {mask Y, A-TCAM} // X is Y + delta\nH3: {mask Y, C-TCAM} -\u003e H4: {mask Z, A-TCAM} // Y is Z + delta\n\nAfter getting the hints from the library the driver will start migrating\nfilters from one region to another while consulting the computed hints\nand instructing the device to perform a lookup in both regions during\nthe transition.\n\nAssuming a filter with mask X is being migrated into the A-TCAM in the\nnew region, the hints lookup will return H1. Since H2 is the parent of\nH1, the library will try to find the object associated with it and\ncreate it if necessary in which case another hints lookup (recursive)\nwill be performed. This hints lookup for {mask Y, A-TCAM} will either\nreturn H2 or H3 since the driver passes the library an object comparison\nfunction that ignores the A-TCAM / C-TCAM indication.\n\nThis can eventually lead to nested objects which are not supported by\nthe library [1].\n\nFix by removing the object comparison function from both the driver and\nthe library as the driver was the only user. That way the lookup will\nonly return exact matches.\n\nI do not have a reliable reproducer that can reproduce the issue in a\ntimely manner, but before the fix the issue would reproduce in several\nminutes and with the fix it does not reproduce in over an hour.\n\nNote that the current usefulness of the hints is limited because they\ninclude the C-TCAM indication and represent aggregation that cannot\nactually happen. This will be addressed in net-next.\n\n[1]\nWARNING: CPU: 0 PID: 153 at lib/objagg.c:170 objagg_obj_parent_assign+0xb5/0xd0\nModules linked in:\nCPU: 0 PID: 153 Comm: kworker/0:18 Not tainted 6.9.0-rc6-custom-g70fbc2c1c38b #42\nHardware name: Mellanox Technologies Ltd. MSN3700C/VMOD0008, BIOS 5.11 10/10/2018\nWorkqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work\nRIP: 0010:objagg_obj_parent_assign+0xb5/0xd0\n[...]\nCall Trace:\n \u003cTASK\u003e\n __objagg_obj_get+0x2bb/0x580\n objagg_obj_get+0xe/0x80\n mlxsw_sp_acl_erp_mask_get+0xb5/0xf0\n mlxsw_sp_acl_atcam_entry_add+0xe8/0x3c0\n mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0\n mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270\n mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510\n process_one_work+0x151/0x370"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:26.245Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4dc09f6f260db3c4565a4ec52ba369393598f2fb"
},
{
"url": "https://git.kernel.org/stable/c/36a9996e020dd5aa325e0ecc55eb2328288ea6bb"
},
{
"url": "https://git.kernel.org/stable/c/9a5261a984bba4f583d966c550fa72c33ff3714e"
},
{
"url": "https://git.kernel.org/stable/c/25c6fd9648ad05da493a5d30881896a78a08b624"
},
{
"url": "https://git.kernel.org/stable/c/0e59c2d22853266704e127915653598f7f104037"
},
{
"url": "https://git.kernel.org/stable/c/fb5d4fc578e655d113f09565f6f047e15f7ab578"
},
{
"url": "https://git.kernel.org/stable/c/97d833ceb27dc19f8777d63f90be4a27b5daeedf"
}
],
"title": "mlxsw: spectrum_acl_erp: Fix object nesting warning",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43880",
"datePublished": "2024-08-21T00:06:32.562Z",
"dateReserved": "2024-08-17T09:11:59.287Z",
"dateUpdated": "2025-11-03T22:06:33.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42244 (GCVE-0-2024-42244)
Vulnerability from cvelistv5 – Published: 2024-08-07 15:14 – Updated: 2025-11-03 22:02
VLAI?
EPSS
Title
USB: serial: mos7840: fix crash on resume
Summary
In the Linux kernel, the following vulnerability has been resolved:
USB: serial: mos7840: fix crash on resume
Since commit c49cfa917025 ("USB: serial: use generic method if no
alternative is provided in usb serial layer"), USB serial core calls the
generic resume implementation when the driver has not provided one.
This can trigger a crash on resume with mos7840 since support for
multiple read URBs was added back in 2011. Specifically, both port read
URBs are now submitted on resume for open ports, but the context pointer
of the second URB is left set to the core rather than mos7840 port
structure.
Fix this by implementing dedicated suspend and resume functions for
mos7840.
Tested with Delock 87414 USB 2.0 to 4x serial adapter.
[ johan: analyse crash and rewrite commit message; set busy flag on
resume; drop bulk-in check; drop unnecessary usb_kill_urb() ]
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d83b405383c965498923f3561c3321e2b5df5727 , < 932a86a711c722b45ed47ba2103adca34d225b33
(git)
Affected: d83b405383c965498923f3561c3321e2b5df5727 , < b14aa5673e0a8077ff4b74f0bb260735e7d5e6a4 (git) Affected: d83b405383c965498923f3561c3321e2b5df5727 , < 1094ed500987e67a9d18b0f95e1812f1cc720856 (git) Affected: d83b405383c965498923f3561c3321e2b5df5727 , < 5ae6a64f18211851c8df6b4221381c438b9a7348 (git) Affected: d83b405383c965498923f3561c3321e2b5df5727 , < 553e67dec846323b5575e78a776cf594c13f98c4 (git) Affected: d83b405383c965498923f3561c3321e2b5df5727 , < c15a688e49987385baa8804bf65d570e362f8576 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:13:38.256870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:31.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:02:43.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/serial/mos7840.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "932a86a711c722b45ed47ba2103adca34d225b33",
"status": "affected",
"version": "d83b405383c965498923f3561c3321e2b5df5727",
"versionType": "git"
},
{
"lessThan": "b14aa5673e0a8077ff4b74f0bb260735e7d5e6a4",
"status": "affected",
"version": "d83b405383c965498923f3561c3321e2b5df5727",
"versionType": "git"
},
{
"lessThan": "1094ed500987e67a9d18b0f95e1812f1cc720856",
"status": "affected",
"version": "d83b405383c965498923f3561c3321e2b5df5727",
"versionType": "git"
},
{
"lessThan": "5ae6a64f18211851c8df6b4221381c438b9a7348",
"status": "affected",
"version": "d83b405383c965498923f3561c3321e2b5df5727",
"versionType": "git"
},
{
"lessThan": "553e67dec846323b5575e78a776cf594c13f98c4",
"status": "affected",
"version": "d83b405383c965498923f3561c3321e2b5df5727",
"versionType": "git"
},
{
"lessThan": "c15a688e49987385baa8804bf65d570e362f8576",
"status": "affected",
"version": "d83b405383c965498923f3561c3321e2b5df5727",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/serial/mos7840.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"lessThan": "3.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.100",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.41",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.222",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.163",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.100",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.41",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: mos7840: fix crash on resume\n\nSince commit c49cfa917025 (\"USB: serial: use generic method if no\nalternative is provided in usb serial layer\"), USB serial core calls the\ngeneric resume implementation when the driver has not provided one.\n\nThis can trigger a crash on resume with mos7840 since support for\nmultiple read URBs was added back in 2011. Specifically, both port read\nURBs are now submitted on resume for open ports, but the context pointer\nof the second URB is left set to the core rather than mos7840 port\nstructure.\n\nFix this by implementing dedicated suspend and resume functions for\nmos7840.\n\nTested with Delock 87414 USB 2.0 to 4x serial adapter.\n\n[ johan: analyse crash and rewrite commit message; set busy flag on\n resume; drop bulk-in check; drop unnecessary usb_kill_urb() ]"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:24:57.378Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/932a86a711c722b45ed47ba2103adca34d225b33"
},
{
"url": "https://git.kernel.org/stable/c/b14aa5673e0a8077ff4b74f0bb260735e7d5e6a4"
},
{
"url": "https://git.kernel.org/stable/c/1094ed500987e67a9d18b0f95e1812f1cc720856"
},
{
"url": "https://git.kernel.org/stable/c/5ae6a64f18211851c8df6b4221381c438b9a7348"
},
{
"url": "https://git.kernel.org/stable/c/553e67dec846323b5575e78a776cf594c13f98c4"
},
{
"url": "https://git.kernel.org/stable/c/c15a688e49987385baa8804bf65d570e362f8576"
}
],
"title": "USB: serial: mos7840: fix crash on resume",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42244",
"datePublished": "2024-08-07T15:14:30.359Z",
"dateReserved": "2024-07-30T07:40:12.254Z",
"dateUpdated": "2025-11-03T22:02:43.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42292 (GCVE-0-2024-42292)
Vulnerability from cvelistv5 – Published: 2024-08-17 09:09 – Updated: 2025-11-03 22:03
VLAI?
EPSS
Title
kobject_uevent: Fix OOB access within zap_modalias_env()
Summary
In the Linux kernel, the following vulnerability has been resolved:
kobject_uevent: Fix OOB access within zap_modalias_env()
zap_modalias_env() wrongly calculates size of memory block to move, so
will cause OOB memory access issue if variable MODALIAS is not the last
one within its @env parameter, fixed by correcting size to memmove.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
9b3fa47d4a76b1d606a396455f9bbeee083ef008 , < 81a15d28f32af01493ae8c5457e0d55314a4167d
(git)
Affected: 9b3fa47d4a76b1d606a396455f9bbeee083ef008 , < b59a5e86a3934f1b6a5bd1368902dbc79bdecc90 (git) Affected: 9b3fa47d4a76b1d606a396455f9bbeee083ef008 , < 648d5490460d38436640da0812bf7f6351c150d2 (git) Affected: 9b3fa47d4a76b1d606a396455f9bbeee083ef008 , < c5ee8adc8d98a49703320d13878ba2b923b142f5 (git) Affected: 9b3fa47d4a76b1d606a396455f9bbeee083ef008 , < 68d63ace80b76395e7935687ecdb86421adc2168 (git) Affected: 9b3fa47d4a76b1d606a396455f9bbeee083ef008 , < 57fe01d3d04276875c7e3a6dc763517fc05b8762 (git) Affected: 9b3fa47d4a76b1d606a396455f9bbeee083ef008 , < d4663536754defff75ff1eca0aaebc41da165a8d (git) Affected: 9b3fa47d4a76b1d606a396455f9bbeee083ef008 , < dd6e9894b451e7c85cceb8e9dc5432679a70e7dc (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42292",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:00.545656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:29.474Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:03:51.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"lib/kobject_uevent.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "81a15d28f32af01493ae8c5457e0d55314a4167d",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
},
{
"lessThan": "b59a5e86a3934f1b6a5bd1368902dbc79bdecc90",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
},
{
"lessThan": "648d5490460d38436640da0812bf7f6351c150d2",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
},
{
"lessThan": "c5ee8adc8d98a49703320d13878ba2b923b142f5",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
},
{
"lessThan": "68d63ace80b76395e7935687ecdb86421adc2168",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
},
{
"lessThan": "57fe01d3d04276875c7e3a6dc763517fc05b8762",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
},
{
"lessThan": "d4663536754defff75ff1eca0aaebc41da165a8d",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
},
{
"lessThan": "dd6e9894b451e7c85cceb8e9dc5432679a70e7dc",
"status": "affected",
"version": "9b3fa47d4a76b1d606a396455f9bbeee083ef008",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"lib/kobject_uevent.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkobject_uevent: Fix OOB access within zap_modalias_env()\n\nzap_modalias_env() wrongly calculates size of memory block to move, so\nwill cause OOB memory access issue if variable MODALIAS is not the last\none within its @env parameter, fixed by correcting size to memmove."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:26:07.282Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/81a15d28f32af01493ae8c5457e0d55314a4167d"
},
{
"url": "https://git.kernel.org/stable/c/b59a5e86a3934f1b6a5bd1368902dbc79bdecc90"
},
{
"url": "https://git.kernel.org/stable/c/648d5490460d38436640da0812bf7f6351c150d2"
},
{
"url": "https://git.kernel.org/stable/c/c5ee8adc8d98a49703320d13878ba2b923b142f5"
},
{
"url": "https://git.kernel.org/stable/c/68d63ace80b76395e7935687ecdb86421adc2168"
},
{
"url": "https://git.kernel.org/stable/c/57fe01d3d04276875c7e3a6dc763517fc05b8762"
},
{
"url": "https://git.kernel.org/stable/c/d4663536754defff75ff1eca0aaebc41da165a8d"
},
{
"url": "https://git.kernel.org/stable/c/dd6e9894b451e7c85cceb8e9dc5432679a70e7dc"
}
],
"title": "kobject_uevent: Fix OOB access within zap_modalias_env()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42292",
"datePublished": "2024-08-17T09:09:01.586Z",
"dateReserved": "2024-07-30T07:40:12.268Z",
"dateUpdated": "2025-11-03T22:03:51.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27062 (GCVE-0-2024-27062)
Vulnerability from cvelistv5 – Published: 2024-05-01 13:00 – Updated: 2026-01-05 10:35
VLAI?
EPSS
Title
nouveau: lock the client object tree.
Summary
In the Linux kernel, the following vulnerability has been resolved:
nouveau: lock the client object tree.
It appears the client object tree has no locking unless I've missed
something else. Fix races around adding/removing client objects,
mostly vram bar mappings.
4562.099306] general protection fault, probably for non-canonical address 0x6677ed422bceb80c: 0000 [#1] PREEMPT SMP PTI
[ 4562.099314] CPU: 2 PID: 23171 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27
[ 4562.099324] Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021
[ 4562.099330] RIP: 0010:nvkm_object_search+0x1d/0x70 [nouveau]
[ 4562.099503] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 48 89 f8 48 85 f6 74 39 48 8b 87 a0 00 00 00 48 85 c0 74 12 <48> 8b 48 f8 48 39 ce 73 15 48 8b 40 10 48 85 c0 75 ee 48 c7 c0 fe
[ 4562.099506] RSP: 0000:ffffa94cc420bbf8 EFLAGS: 00010206
[ 4562.099512] RAX: 6677ed422bceb814 RBX: ffff98108791f400 RCX: ffff9810f26b8f58
[ 4562.099517] RDX: 0000000000000000 RSI: ffff9810f26b9158 RDI: ffff98108791f400
[ 4562.099519] RBP: ffff9810f26b9158 R08: 0000000000000000 R09: 0000000000000000
[ 4562.099521] R10: ffffa94cc420bc48 R11: 0000000000000001 R12: ffff9810f02a7cc0
[ 4562.099526] R13: 0000000000000000 R14: 00000000000000ff R15: 0000000000000007
[ 4562.099528] FS: 00007f629c5017c0(0000) GS:ffff98142c700000(0000) knlGS:0000000000000000
[ 4562.099534] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 4562.099536] CR2: 00007f629a882000 CR3: 000000017019e004 CR4: 00000000003706f0
[ 4562.099541] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 4562.099542] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 4562.099544] Call Trace:
[ 4562.099555] <TASK>
[ 4562.099573] ? die_addr+0x36/0x90
[ 4562.099583] ? exc_general_protection+0x246/0x4a0
[ 4562.099593] ? asm_exc_general_protection+0x26/0x30
[ 4562.099600] ? nvkm_object_search+0x1d/0x70 [nouveau]
[ 4562.099730] nvkm_ioctl+0xa1/0x250 [nouveau]
[ 4562.099861] nvif_object_map_handle+0xc8/0x180 [nouveau]
[ 4562.099986] nouveau_ttm_io_mem_reserve+0x122/0x270 [nouveau]
[ 4562.100156] ? dma_resv_test_signaled+0x26/0xb0
[ 4562.100163] ttm_bo_vm_fault_reserved+0x97/0x3c0 [ttm]
[ 4562.100182] ? __mutex_unlock_slowpath+0x2a/0x270
[ 4562.100189] nouveau_ttm_fault+0x69/0xb0 [nouveau]
[ 4562.100356] __do_fault+0x32/0x150
[ 4562.100362] do_fault+0x7c/0x560
[ 4562.100369] __handle_mm_fault+0x800/0xc10
[ 4562.100382] handle_mm_fault+0x17c/0x3e0
[ 4562.100388] do_user_addr_fault+0x208/0x860
[ 4562.100395] exc_page_fault+0x7f/0x200
[ 4562.100402] asm_exc_page_fault+0x26/0x30
[ 4562.100412] RIP: 0033:0x9b9870
[ 4562.100419] Code: 85 a8 f7 ff ff 8b 8d 80 f7 ff ff 89 08 e9 18 f2 ff ff 0f 1f 84 00 00 00 00 00 44 89 32 e9 90 fa ff ff 0f 1f 84 00 00 00 00 00 <44> 89 32 e9 f8 f1 ff ff 0f 1f 84 00 00 00 00 00 66 44 89 32 e9 e7
[ 4562.100422] RSP: 002b:00007fff9ba2dc70 EFLAGS: 00010246
[ 4562.100426] RAX: 0000000000000004 RBX: 000000000dd65e10 RCX: 000000fff0000000
[ 4562.100428] RDX: 00007f629a882000 RSI: 00007f629a882000 RDI: 0000000000000066
[ 4562.100432] RBP: 00007fff9ba2e570 R08: 0000000000000000 R09: 0000000123ddf000
[ 4562.100434] R10: 0000000000000001 R11: 0000000000000246 R12: 000000007fffffff
[ 4562.100436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 4562.100446] </TASK>
[ 4562.100448] Modules linked in: nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink cmac bnep sunrpc iwlmvm intel_rapl_msr intel_rapl_common snd_sof_pci_intel_cnl x86_pkg_temp_thermal intel_powerclamp snd_sof_intel_hda_common mac80211 coretemp snd_soc_acpi_intel_match kvm_intel snd_soc_acpi snd_soc_hdac_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof_intel_hda_mlink
---truncated---
Severity ?
5.5 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
bf81df9be28657eea4aca8c6ab4ed3e69f8a051c , < 6887314f5356389fc219b8152e951ac084a10ef7
(git)
Affected: bf81df9be28657eea4aca8c6ab4ed3e69f8a051c , < 96c8751844171af4b3898fee3857ee180586f589 (git) Affected: bf81df9be28657eea4aca8c6ab4ed3e69f8a051c , < b7cc4ff787a572edf2c55caeffaa88cd801eb135 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-27062",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:29:48.801156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T16:56:45.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6887314f5356389fc219b8152e951ac084a10ef7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/96c8751844171af4b3898fee3857ee180586f589"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7cc4ff787a572edf2c55caeffaa88cd801eb135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/include/nvkm/core/client.h",
"drivers/gpu/drm/nouveau/nvkm/core/client.c",
"drivers/gpu/drm/nouveau/nvkm/core/object.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6887314f5356389fc219b8152e951ac084a10ef7",
"status": "affected",
"version": "bf81df9be28657eea4aca8c6ab4ed3e69f8a051c",
"versionType": "git"
},
{
"lessThan": "96c8751844171af4b3898fee3857ee180586f589",
"status": "affected",
"version": "bf81df9be28657eea4aca8c6ab4ed3e69f8a051c",
"versionType": "git"
},
{
"lessThan": "b7cc4ff787a572edf2c55caeffaa88cd801eb135",
"status": "affected",
"version": "bf81df9be28657eea4aca8c6ab4ed3e69f8a051c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/include/nvkm/core/client.h",
"drivers/gpu/drm/nouveau/nvkm/core/client.c",
"drivers/gpu/drm/nouveau/nvkm/core/object.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau: lock the client object tree.\n\nIt appears the client object tree has no locking unless I\u0027ve missed\nsomething else. Fix races around adding/removing client objects,\nmostly vram bar mappings.\n\n 4562.099306] general protection fault, probably for non-canonical address 0x6677ed422bceb80c: 0000 [#1] PREEMPT SMP PTI\n[ 4562.099314] CPU: 2 PID: 23171 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27\n[ 4562.099324] Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS PRO WIFI/Z390 I AORUS PRO WIFI-CF, BIOS F8 11/05/2021\n[ 4562.099330] RIP: 0010:nvkm_object_search+0x1d/0x70 [nouveau]\n[ 4562.099503] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 0f 1f 44 00 00 48 89 f8 48 85 f6 74 39 48 8b 87 a0 00 00 00 48 85 c0 74 12 \u003c48\u003e 8b 48 f8 48 39 ce 73 15 48 8b 40 10 48 85 c0 75 ee 48 c7 c0 fe\n[ 4562.099506] RSP: 0000:ffffa94cc420bbf8 EFLAGS: 00010206\n[ 4562.099512] RAX: 6677ed422bceb814 RBX: ffff98108791f400 RCX: ffff9810f26b8f58\n[ 4562.099517] RDX: 0000000000000000 RSI: ffff9810f26b9158 RDI: ffff98108791f400\n[ 4562.099519] RBP: ffff9810f26b9158 R08: 0000000000000000 R09: 0000000000000000\n[ 4562.099521] R10: ffffa94cc420bc48 R11: 0000000000000001 R12: ffff9810f02a7cc0\n[ 4562.099526] R13: 0000000000000000 R14: 00000000000000ff R15: 0000000000000007\n[ 4562.099528] FS: 00007f629c5017c0(0000) GS:ffff98142c700000(0000) knlGS:0000000000000000\n[ 4562.099534] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 4562.099536] CR2: 00007f629a882000 CR3: 000000017019e004 CR4: 00000000003706f0\n[ 4562.099541] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 4562.099542] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 4562.099544] Call Trace:\n[ 4562.099555] \u003cTASK\u003e\n[ 4562.099573] ? die_addr+0x36/0x90\n[ 4562.099583] ? exc_general_protection+0x246/0x4a0\n[ 4562.099593] ? asm_exc_general_protection+0x26/0x30\n[ 4562.099600] ? nvkm_object_search+0x1d/0x70 [nouveau]\n[ 4562.099730] nvkm_ioctl+0xa1/0x250 [nouveau]\n[ 4562.099861] nvif_object_map_handle+0xc8/0x180 [nouveau]\n[ 4562.099986] nouveau_ttm_io_mem_reserve+0x122/0x270 [nouveau]\n[ 4562.100156] ? dma_resv_test_signaled+0x26/0xb0\n[ 4562.100163] ttm_bo_vm_fault_reserved+0x97/0x3c0 [ttm]\n[ 4562.100182] ? __mutex_unlock_slowpath+0x2a/0x270\n[ 4562.100189] nouveau_ttm_fault+0x69/0xb0 [nouveau]\n[ 4562.100356] __do_fault+0x32/0x150\n[ 4562.100362] do_fault+0x7c/0x560\n[ 4562.100369] __handle_mm_fault+0x800/0xc10\n[ 4562.100382] handle_mm_fault+0x17c/0x3e0\n[ 4562.100388] do_user_addr_fault+0x208/0x860\n[ 4562.100395] exc_page_fault+0x7f/0x200\n[ 4562.100402] asm_exc_page_fault+0x26/0x30\n[ 4562.100412] RIP: 0033:0x9b9870\n[ 4562.100419] Code: 85 a8 f7 ff ff 8b 8d 80 f7 ff ff 89 08 e9 18 f2 ff ff 0f 1f 84 00 00 00 00 00 44 89 32 e9 90 fa ff ff 0f 1f 84 00 00 00 00 00 \u003c44\u003e 89 32 e9 f8 f1 ff ff 0f 1f 84 00 00 00 00 00 66 44 89 32 e9 e7\n[ 4562.100422] RSP: 002b:00007fff9ba2dc70 EFLAGS: 00010246\n[ 4562.100426] RAX: 0000000000000004 RBX: 000000000dd65e10 RCX: 000000fff0000000\n[ 4562.100428] RDX: 00007f629a882000 RSI: 00007f629a882000 RDI: 0000000000000066\n[ 4562.100432] RBP: 00007fff9ba2e570 R08: 0000000000000000 R09: 0000000123ddf000\n[ 4562.100434] R10: 0000000000000001 R11: 0000000000000246 R12: 000000007fffffff\n[ 4562.100436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\n[ 4562.100446] \u003c/TASK\u003e\n[ 4562.100448] Modules linked in: nf_conntrack_netbios_ns nf_conntrack_broadcast nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink cmac bnep sunrpc iwlmvm intel_rapl_msr intel_rapl_common snd_sof_pci_intel_cnl x86_pkg_temp_thermal intel_powerclamp snd_sof_intel_hda_common mac80211 coretemp snd_soc_acpi_intel_match kvm_intel snd_soc_acpi snd_soc_hdac_hda snd_sof_pci snd_sof_xtensa_dsp snd_sof_intel_hda_mlink \n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:35:13.192Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6887314f5356389fc219b8152e951ac084a10ef7"
},
{
"url": "https://git.kernel.org/stable/c/96c8751844171af4b3898fee3857ee180586f589"
},
{
"url": "https://git.kernel.org/stable/c/b7cc4ff787a572edf2c55caeffaa88cd801eb135"
}
],
"title": "nouveau: lock the client object tree.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27062",
"datePublished": "2024-05-01T13:00:21.052Z",
"dateReserved": "2024-02-19T14:20:24.215Z",
"dateUpdated": "2026-01-05T10:35:13.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40983 (GCVE-0-2024-40983)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:33 – Updated: 2025-11-03 21:58
VLAI?
EPSS
Title
tipc: force a dst refcount before doing decryption
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: force a dst refcount before doing decryption
As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before
entering the xfrm type handlers"):
"Crypto requests might return asynchronous. In this case we leave the
rcu protected region, so force a refcount on the skb's destination
entry before we enter the xfrm type input/output handlers."
On TIPC decryption path it has the same problem, and skb_dst_force()
should be called before doing decryption to avoid a possible crash.
Shuang reported this issue when this warning is triggered:
[] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]
[] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug
[] Workqueue: crypto cryptd_queue_worker
[] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]
[] Call Trace:
[] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]
[] tipc_rcv+0xcf5/0x1060 [tipc]
[] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]
[] cryptd_aead_crypt+0xdb/0x190
[] cryptd_queue_worker+0xed/0x190
[] process_one_work+0x93d/0x17e0
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < 3eb1b39627892c4e26cb0162b75725aa5fcc60c8
(git)
Affected: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < 692803b39a36e63ac73208e0a3769ae6a2f9bc76 (git) Affected: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < 623c90d86a61e3780f682b32928af469c66ec4c2 (git) Affected: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < b57a4a2dc8746cea58a922ebe31b6aa629d69d93 (git) Affected: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < 6808b41371670c51feea14f63ade211e78100930 (git) Affected: fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 , < 2ebe8f840c7450ecbfca9d18ac92e9ce9155e269 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:58:47.921Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:02:13.493957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:21.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/node.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3eb1b39627892c4e26cb0162b75725aa5fcc60c8",
"status": "affected",
"version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
"versionType": "git"
},
{
"lessThan": "692803b39a36e63ac73208e0a3769ae6a2f9bc76",
"status": "affected",
"version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
"versionType": "git"
},
{
"lessThan": "623c90d86a61e3780f682b32928af469c66ec4c2",
"status": "affected",
"version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
"versionType": "git"
},
{
"lessThan": "b57a4a2dc8746cea58a922ebe31b6aa629d69d93",
"status": "affected",
"version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
"versionType": "git"
},
{
"lessThan": "6808b41371670c51feea14f63ade211e78100930",
"status": "affected",
"version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
"versionType": "git"
},
{
"lessThan": "2ebe8f840c7450ecbfca9d18ac92e9ce9155e269",
"status": "affected",
"version": "fc1b6d6de2208774efd2a20bf0daddb02d18b1e0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/node.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.96",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.96",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.36",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.7",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: force a dst refcount before doing decryption\n\nAs it says in commit 3bc07321ccc2 (\"xfrm: Force a dst refcount before\nentering the xfrm type handlers\"):\n\n\"Crypto requests might return asynchronous. In this case we leave the\n rcu protected region, so force a refcount on the skb\u0027s destination\n entry before we enter the xfrm type input/output handlers.\"\n\nOn TIPC decryption path it has the same problem, and skb_dst_force()\nshould be called before doing decryption to avoid a possible crash.\n\nShuang reported this issue when this warning is triggered:\n\n [] WARNING: include/net/dst.h:337 tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Kdump: loaded Tainted: G W --------- - - 4.18.0-496.el8.x86_64+debug\n [] Workqueue: crypto cryptd_queue_worker\n [] RIP: 0010:tipc_sk_rcv+0x1055/0x1ea0 [tipc]\n [] Call Trace:\n [] tipc_sk_mcast_rcv+0x548/0xea0 [tipc]\n [] tipc_rcv+0xcf5/0x1060 [tipc]\n [] tipc_aead_decrypt_done+0x215/0x2e0 [tipc]\n [] cryptd_aead_crypt+0xdb/0x190\n [] cryptd_queue_worker+0xed/0x190\n [] process_one_work+0x93d/0x17e0"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:19:19.684Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3eb1b39627892c4e26cb0162b75725aa5fcc60c8"
},
{
"url": "https://git.kernel.org/stable/c/692803b39a36e63ac73208e0a3769ae6a2f9bc76"
},
{
"url": "https://git.kernel.org/stable/c/623c90d86a61e3780f682b32928af469c66ec4c2"
},
{
"url": "https://git.kernel.org/stable/c/b57a4a2dc8746cea58a922ebe31b6aa629d69d93"
},
{
"url": "https://git.kernel.org/stable/c/6808b41371670c51feea14f63ade211e78100930"
},
{
"url": "https://git.kernel.org/stable/c/2ebe8f840c7450ecbfca9d18ac92e9ce9155e269"
}
],
"title": "tipc: force a dst refcount before doing decryption",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40983",
"datePublished": "2024-07-12T12:33:57.263Z",
"dateReserved": "2024-07-12T12:17:45.604Z",
"dateUpdated": "2025-11-03T21:58:47.921Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41092 (GCVE-0-2024-41092)
Vulnerability from cvelistv5 – Published: 2024-07-29 15:48 – Updated: 2025-11-03 22:00
VLAI?
EPSS
Title
drm/i915/gt: Fix potential UAF by revoke of fence registers
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: Fix potential UAF by revoke of fence registers
CI has been sporadically reporting the following issue triggered by
igt@i915_selftest@live@hangcheck on ADL-P and similar machines:
<6> [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence
...
<6> [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled
<6> [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled
<3> [414.070354] Unable to pin Y-tiled fence; err:-4
<3> [414.071282] i915_vma_revoke_fence:301 GEM_BUG_ON(!i915_active_is_idle(&fence->active))
...
<4>[ 609.603992] ------------[ cut here ]------------
<2>[ 609.603995] kernel BUG at drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c:301!
<4>[ 609.604003] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
<4>[ 609.604006] CPU: 0 PID: 268 Comm: kworker/u64:3 Tainted: G U W 6.9.0-CI_DRM_14785-g1ba62f8cea9c+ #1
<4>[ 609.604008] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023
<4>[ 609.604010] Workqueue: i915 __i915_gem_free_work [i915]
<4>[ 609.604149] RIP: 0010:i915_vma_revoke_fence+0x187/0x1f0 [i915]
...
<4>[ 609.604271] Call Trace:
<4>[ 609.604273] <TASK>
...
<4>[ 609.604716] __i915_vma_evict+0x2e9/0x550 [i915]
<4>[ 609.604852] __i915_vma_unbind+0x7c/0x160 [i915]
<4>[ 609.604977] force_unbind+0x24/0xa0 [i915]
<4>[ 609.605098] i915_vma_destroy+0x2f/0xa0 [i915]
<4>[ 609.605210] __i915_gem_object_pages_fini+0x51/0x2f0 [i915]
<4>[ 609.605330] __i915_gem_free_objects.isra.0+0x6a/0xc0 [i915]
<4>[ 609.605440] process_scheduled_works+0x351/0x690
...
In the past, there were similar failures reported by CI from other IGT
tests, observed on other platforms.
Before commit 63baf4f3d587 ("drm/i915/gt: Only wait for GPU activity
before unbinding a GGTT fence"), i915_vma_revoke_fence() was waiting for
idleness of vma->active via fence_update(). That commit introduced
vma->fence->active in order for the fence_update() to be able to wait
selectively on that one instead of vma->active since only idleness of
fence registers was needed. But then, another commit 0d86ee35097a
("drm/i915/gt: Make fence revocation unequivocal") replaced the call to
fence_update() in i915_vma_revoke_fence() with only fence_write(), and
also added that GEM_BUG_ON(!i915_active_is_idle(&fence->active)) in front.
No justification was provided on why we might then expect idleness of
vma->fence->active without first waiting on it.
The issue can be potentially caused by a race among revocation of fence
registers on one side and sequential execution of signal callbacks invoked
on completion of a request that was using them on the other, still
processed in parallel to revocation of those fence registers. Fix it by
waiting for idleness of vma->fence->active in i915_vma_revoke_fence().
(cherry picked from commit 24bb052d3dd499c5956abad5f7d8e4fd07da7fb1)
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 , < f771b91f21c46ad1217328d05e72a2c7e3add535
(git)
Affected: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 , < 29c0fdf49078ab161570d3d1c6e13d66f182717d (git) Affected: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 , < ca0fabd365a27a94a36e68a7a02df8ff3c13dac6 (git) Affected: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 , < 06dec31a0a5112a91f49085e8a8fa1a82296d5c7 (git) Affected: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 , < 414f4a31f7a811008fd9a33b06216b060bad18fc (git) Affected: 0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 , < 996c3412a06578e9d779a16b9e79ace18125ab50 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:49.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f771b91f21c46ad1217328d05e72a2c7e3add535"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29c0fdf49078ab161570d3d1c6e13d66f182717d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca0fabd365a27a94a36e68a7a02df8ff3c13dac6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06dec31a0a5112a91f49085e8a8fa1a82296d5c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/414f4a31f7a811008fd9a33b06216b060bad18fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/996c3412a06578e9d779a16b9e79ace18125ab50"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41092",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:20:35.535942Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:56.013Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f771b91f21c46ad1217328d05e72a2c7e3add535",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
},
{
"lessThan": "29c0fdf49078ab161570d3d1c6e13d66f182717d",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
},
{
"lessThan": "ca0fabd365a27a94a36e68a7a02df8ff3c13dac6",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
},
{
"lessThan": "06dec31a0a5112a91f49085e8a8fa1a82296d5c7",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
},
{
"lessThan": "414f4a31f7a811008fd9a33b06216b060bad18fc",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
},
{
"lessThan": "996c3412a06578e9d779a16b9e79ace18125ab50",
"status": "affected",
"version": "0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/gt: Fix potential UAF by revoke of fence registers\n\nCI has been sporadically reporting the following issue triggered by\nigt@i915_selftest@live@hangcheck on ADL-P and similar machines:\n\n\u003c6\u003e [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence\n...\n\u003c6\u003e [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled\n\u003c6\u003e [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled\n\u003c3\u003e [414.070354] Unable to pin Y-tiled fence; err:-4\n\u003c3\u003e [414.071282] i915_vma_revoke_fence:301 GEM_BUG_ON(!i915_active_is_idle(\u0026fence-\u003eactive))\n...\n\u003c4\u003e[ 609.603992] ------------[ cut here ]------------\n\u003c2\u003e[ 609.603995] kernel BUG at drivers/gpu/drm/i915/gt/intel_ggtt_fencing.c:301!\n\u003c4\u003e[ 609.604003] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n\u003c4\u003e[ 609.604006] CPU: 0 PID: 268 Comm: kworker/u64:3 Tainted: G U W 6.9.0-CI_DRM_14785-g1ba62f8cea9c+ #1\n\u003c4\u003e[ 609.604008] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023\n\u003c4\u003e[ 609.604010] Workqueue: i915 __i915_gem_free_work [i915]\n\u003c4\u003e[ 609.604149] RIP: 0010:i915_vma_revoke_fence+0x187/0x1f0 [i915]\n...\n\u003c4\u003e[ 609.604271] Call Trace:\n\u003c4\u003e[ 609.604273] \u003cTASK\u003e\n...\n\u003c4\u003e[ 609.604716] __i915_vma_evict+0x2e9/0x550 [i915]\n\u003c4\u003e[ 609.604852] __i915_vma_unbind+0x7c/0x160 [i915]\n\u003c4\u003e[ 609.604977] force_unbind+0x24/0xa0 [i915]\n\u003c4\u003e[ 609.605098] i915_vma_destroy+0x2f/0xa0 [i915]\n\u003c4\u003e[ 609.605210] __i915_gem_object_pages_fini+0x51/0x2f0 [i915]\n\u003c4\u003e[ 609.605330] __i915_gem_free_objects.isra.0+0x6a/0xc0 [i915]\n\u003c4\u003e[ 609.605440] process_scheduled_works+0x351/0x690\n...\n\nIn the past, there were similar failures reported by CI from other IGT\ntests, observed on other platforms.\n\nBefore commit 63baf4f3d587 (\"drm/i915/gt: Only wait for GPU activity\nbefore unbinding a GGTT fence\"), i915_vma_revoke_fence() was waiting for\nidleness of vma-\u003eactive via fence_update(). That commit introduced\nvma-\u003efence-\u003eactive in order for the fence_update() to be able to wait\nselectively on that one instead of vma-\u003eactive since only idleness of\nfence registers was needed. But then, another commit 0d86ee35097a\n(\"drm/i915/gt: Make fence revocation unequivocal\") replaced the call to\nfence_update() in i915_vma_revoke_fence() with only fence_write(), and\nalso added that GEM_BUG_ON(!i915_active_is_idle(\u0026fence-\u003eactive)) in front.\nNo justification was provided on why we might then expect idleness of\nvma-\u003efence-\u003eactive without first waiting on it.\n\nThe issue can be potentially caused by a race among revocation of fence\nregisters on one side and sequential execution of signal callbacks invoked\non completion of a request that was using them on the other, still\nprocessed in parallel to revocation of those fence registers. Fix it by\nwaiting for idleness of vma-\u003efence-\u003eactive in i915_vma_revoke_fence().\n\n(cherry picked from commit 24bb052d3dd499c5956abad5f7d8e4fd07da7fb1)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:21:54.366Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f771b91f21c46ad1217328d05e72a2c7e3add535"
},
{
"url": "https://git.kernel.org/stable/c/29c0fdf49078ab161570d3d1c6e13d66f182717d"
},
{
"url": "https://git.kernel.org/stable/c/ca0fabd365a27a94a36e68a7a02df8ff3c13dac6"
},
{
"url": "https://git.kernel.org/stable/c/06dec31a0a5112a91f49085e8a8fa1a82296d5c7"
},
{
"url": "https://git.kernel.org/stable/c/414f4a31f7a811008fd9a33b06216b060bad18fc"
},
{
"url": "https://git.kernel.org/stable/c/996c3412a06578e9d779a16b9e79ace18125ab50"
}
],
"title": "drm/i915/gt: Fix potential UAF by revoke of fence registers",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41092",
"datePublished": "2024-07-29T15:48:05.853Z",
"dateReserved": "2024-07-12T12:17:45.636Z",
"dateUpdated": "2025-11-03T22:00:49.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43889 (GCVE-0-2024-43889)
Vulnerability from cvelistv5 – Published: 2024-08-26 10:10 – Updated: 2025-11-03 22:06
VLAI?
EPSS
Title
padata: Fix possible divide-by-0 panic in padata_mt_helper()
Summary
In the Linux kernel, the following vulnerability has been resolved:
padata: Fix possible divide-by-0 panic in padata_mt_helper()
We are hit with a not easily reproducible divide-by-0 panic in padata.c at
bootup time.
[ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI
[ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1
[ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021
[ 10.017908] Workqueue: events_unbound padata_mt_helper
[ 10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0
:
[ 10.017963] Call Trace:
[ 10.017968] <TASK>
[ 10.018004] ? padata_mt_helper+0x39/0xb0
[ 10.018084] process_one_work+0x174/0x330
[ 10.018093] worker_thread+0x266/0x3a0
[ 10.018111] kthread+0xcf/0x100
[ 10.018124] ret_from_fork+0x31/0x50
[ 10.018138] ret_from_fork_asm+0x1a/0x30
[ 10.018147] </TASK>
Looking at the padata_mt_helper() function, the only way a divide-by-0
panic can happen is when ps->chunk_size is 0. The way that chunk_size is
initialized in padata_do_multithreaded(), chunk_size can be 0 when the
min_chunk in the passed-in padata_mt_job structure is 0.
Fix this divide-by-0 panic by making sure that chunk_size will be at least
1 no matter what the input parameters are.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
004ed42638f4428e70ead59d170f3d17ff761a0f , < ab8b397d5997d8c37610252528edc54bebf9f6d3
(git)
Affected: 004ed42638f4428e70ead59d170f3d17ff761a0f , < 8f5ffd2af7274853ff91d6cd62541191d9fbd10d (git) Affected: 004ed42638f4428e70ead59d170f3d17ff761a0f , < a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f (git) Affected: 004ed42638f4428e70ead59d170f3d17ff761a0f , < 924f788c906dccaca30acab86c7124371e1d6f2c (git) Affected: 004ed42638f4428e70ead59d170f3d17ff761a0f , < da0ffe84fcc1627a7dff82c80b823b94236af905 (git) Affected: 004ed42638f4428e70ead59d170f3d17ff761a0f , < 6d45e1c948a8b7ed6ceddb14319af69424db730c (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:29:28.630880Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:58.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:06:45.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ab8b397d5997d8c37610252528edc54bebf9f6d3",
"status": "affected",
"version": "004ed42638f4428e70ead59d170f3d17ff761a0f",
"versionType": "git"
},
{
"lessThan": "8f5ffd2af7274853ff91d6cd62541191d9fbd10d",
"status": "affected",
"version": "004ed42638f4428e70ead59d170f3d17ff761a0f",
"versionType": "git"
},
{
"lessThan": "a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f",
"status": "affected",
"version": "004ed42638f4428e70ead59d170f3d17ff761a0f",
"versionType": "git"
},
{
"lessThan": "924f788c906dccaca30acab86c7124371e1d6f2c",
"status": "affected",
"version": "004ed42638f4428e70ead59d170f3d17ff761a0f",
"versionType": "git"
},
{
"lessThan": "da0ffe84fcc1627a7dff82c80b823b94236af905",
"status": "affected",
"version": "004ed42638f4428e70ead59d170f3d17ff761a0f",
"versionType": "git"
},
{
"lessThan": "6d45e1c948a8b7ed6ceddb14319af69424db730c",
"status": "affected",
"version": "004ed42638f4428e70ead59d170f3d17ff761a0f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/padata.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npadata: Fix possible divide-by-0 panic in padata_mt_helper()\n\nWe are hit with a not easily reproducible divide-by-0 panic in padata.c at\nbootup time.\n\n [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI\n [ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1\n [ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021\n [ 10.017908] Workqueue: events_unbound padata_mt_helper\n [ 10.017908] RIP: 0010:padata_mt_helper+0x39/0xb0\n :\n [ 10.017963] Call Trace:\n [ 10.017968] \u003cTASK\u003e\n [ 10.018004] ? padata_mt_helper+0x39/0xb0\n [ 10.018084] process_one_work+0x174/0x330\n [ 10.018093] worker_thread+0x266/0x3a0\n [ 10.018111] kthread+0xcf/0x100\n [ 10.018124] ret_from_fork+0x31/0x50\n [ 10.018138] ret_from_fork_asm+0x1a/0x30\n [ 10.018147] \u003c/TASK\u003e\n\nLooking at the padata_mt_helper() function, the only way a divide-by-0\npanic can happen is when ps-\u003echunk_size is 0. The way that chunk_size is\ninitialized in padata_do_multithreaded(), chunk_size can be 0 when the\nmin_chunk in the passed-in padata_mt_job structure is 0.\n\nFix this divide-by-0 panic by making sure that chunk_size will be at least\n1 no matter what the input parameters are."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:28:37.846Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ab8b397d5997d8c37610252528edc54bebf9f6d3"
},
{
"url": "https://git.kernel.org/stable/c/8f5ffd2af7274853ff91d6cd62541191d9fbd10d"
},
{
"url": "https://git.kernel.org/stable/c/a29cfcb848c31f22b4de6a531c3e1d68c9bfe09f"
},
{
"url": "https://git.kernel.org/stable/c/924f788c906dccaca30acab86c7124371e1d6f2c"
},
{
"url": "https://git.kernel.org/stable/c/da0ffe84fcc1627a7dff82c80b823b94236af905"
},
{
"url": "https://git.kernel.org/stable/c/6d45e1c948a8b7ed6ceddb14319af69424db730c"
}
],
"title": "padata: Fix possible divide-by-0 panic in padata_mt_helper()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43889",
"datePublished": "2024-08-26T10:10:42.270Z",
"dateReserved": "2024-08-17T09:11:59.288Z",
"dateUpdated": "2025-11-03T22:06:45.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46826 (GCVE-0-2024-46826)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
ELF: fix kernel.randomize_va_space double read
Summary
In the Linux kernel, the following vulnerability has been resolved:
ELF: fix kernel.randomize_va_space double read
ELF loader uses "randomize_va_space" twice. It is sysctl and can change
at any moment, so 2 loads could see 2 different values in theory with
unpredictable consequences.
Issue exactly one load for consistent value across one exec.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
32a932332c8bad842804842eaf9651ad6268e637 , < 1f81d51141a234ad0a3874b4d185dc27a521cd27
(git)
Affected: 32a932332c8bad842804842eaf9651ad6268e637 , < 53f17409abf61f66b6f05aff795e938e5ba811d1 (git) Affected: 32a932332c8bad842804842eaf9651ad6268e637 , < 1cf8cd80903073440b6ea055811d04edd24fe4f7 (git) Affected: 32a932332c8bad842804842eaf9651ad6268e637 , < 2a97388a807b6ab5538aa8f8537b2463c6988bd2 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:12:53.943216Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:13:04.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:19:13.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/binfmt_elf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1f81d51141a234ad0a3874b4d185dc27a521cd27",
"status": "affected",
"version": "32a932332c8bad842804842eaf9651ad6268e637",
"versionType": "git"
},
{
"lessThan": "53f17409abf61f66b6f05aff795e938e5ba811d1",
"status": "affected",
"version": "32a932332c8bad842804842eaf9651ad6268e637",
"versionType": "git"
},
{
"lessThan": "1cf8cd80903073440b6ea055811d04edd24fe4f7",
"status": "affected",
"version": "32a932332c8bad842804842eaf9651ad6268e637",
"versionType": "git"
},
{
"lessThan": "2a97388a807b6ab5538aa8f8537b2463c6988bd2",
"status": "affected",
"version": "32a932332c8bad842804842eaf9651ad6268e637",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/binfmt_elf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.25"
},
{
"lessThan": "2.6.25",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nELF: fix kernel.randomize_va_space double read\n\nELF loader uses \"randomize_va_space\" twice. It is sysctl and can change\nat any moment, so 2 loads could see 2 different values in theory with\nunpredictable consequences.\n\nIssue exactly one load for consistent value across one exec."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:25.693Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27"
},
{
"url": "https://git.kernel.org/stable/c/53f17409abf61f66b6f05aff795e938e5ba811d1"
},
{
"url": "https://git.kernel.org/stable/c/1cf8cd80903073440b6ea055811d04edd24fe4f7"
},
{
"url": "https://git.kernel.org/stable/c/2a97388a807b6ab5538aa8f8537b2463c6988bd2"
}
],
"title": "ELF: fix kernel.randomize_va_space double read",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46826",
"datePublished": "2024-09-27T12:39:25.860Z",
"dateReserved": "2024-09-11T15:12:18.285Z",
"dateUpdated": "2026-01-05T10:53:25.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38586 (GCVE-0-2024-38586)
Vulnerability from cvelistv5 – Published: 2024-06-19 13:37 – Updated: 2025-05-04 09:14
VLAI?
EPSS
Title
r8169: Fix possible ring buffer corruption on fragmented Tx packets.
Summary
In the Linux kernel, the following vulnerability has been resolved:
r8169: Fix possible ring buffer corruption on fragmented Tx packets.
An issue was found on the RTL8125b when transmitting small fragmented
packets, whereby invalid entries were inserted into the transmit ring
buffer, subsequently leading to calls to dma_unmap_single() with a null
address.
This was caused by rtl8169_start_xmit() not noticing changes to nr_frags
which may occur when small packets are padded (to work around hardware
quirks) in rtl8169_tso_csum_v2().
To fix this, postpone inspecting nr_frags until after any padding has been
applied.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 61c1c98e2607120ce9c3fa1bf75e6da909712b27
(git)
Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < b6d21cf40de103d63ae78551098a7c06af8c98dd (git) Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 0c48185a95309556725f818b82120bb74e9c627d (git) Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 68222d7b4b72aa321135cd453dac37f00ec41fd1 (git) Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 078d5b7500d70af2de6b38e226b03f0b932026a6 (git) Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 54e7a0d111240c92c0f02ceba6eb8f26bf6d6479 (git) Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < c71e3a5cffd5309d7f84444df03d5b72600cc417 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38586",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:13:50.332760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:55.087Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/realtek/r8169_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "61c1c98e2607120ce9c3fa1bf75e6da909712b27",
"status": "affected",
"version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
"versionType": "git"
},
{
"lessThan": "b6d21cf40de103d63ae78551098a7c06af8c98dd",
"status": "affected",
"version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
"versionType": "git"
},
{
"lessThan": "0c48185a95309556725f818b82120bb74e9c627d",
"status": "affected",
"version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
"versionType": "git"
},
{
"lessThan": "68222d7b4b72aa321135cd453dac37f00ec41fd1",
"status": "affected",
"version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
"versionType": "git"
},
{
"lessThan": "078d5b7500d70af2de6b38e226b03f0b932026a6",
"status": "affected",
"version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
"versionType": "git"
},
{
"lessThan": "54e7a0d111240c92c0f02ceba6eb8f26bf6d6479",
"status": "affected",
"version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
"versionType": "git"
},
{
"lessThan": "c71e3a5cffd5309d7f84444df03d5b72600cc417",
"status": "affected",
"version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/realtek/r8169_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nr8169: Fix possible ring buffer corruption on fragmented Tx packets.\n\nAn issue was found on the RTL8125b when transmitting small fragmented\npackets, whereby invalid entries were inserted into the transmit ring\nbuffer, subsequently leading to calls to dma_unmap_single() with a null\naddress.\n\nThis was caused by rtl8169_start_xmit() not noticing changes to nr_frags\nwhich may occur when small packets are padded (to work around hardware\nquirks) in rtl8169_tso_csum_v2().\n\nTo fix this, postpone inspecting nr_frags until after any padding has been\napplied."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:14:41.890Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27"
},
{
"url": "https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd"
},
{
"url": "https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d"
},
{
"url": "https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1"
},
{
"url": "https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6"
},
{
"url": "https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479"
},
{
"url": "https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417"
}
],
"title": "r8169: Fix possible ring buffer corruption on fragmented Tx packets.",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38586",
"datePublished": "2024-06-19T13:37:41.879Z",
"dateReserved": "2024-06-18T19:36:34.929Z",
"dateUpdated": "2025-05-04T09:14:41.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-41066 (GCVE-0-2024-41066)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:57 – Updated: 2026-01-05 10:37
VLAI?
EPSS
Title
ibmvnic: Add tx check to prevent skb leak
Summary
In the Linux kernel, the following vulnerability has been resolved:
ibmvnic: Add tx check to prevent skb leak
Below is a summary of how the driver stores a reference to an skb during
transmit:
tx_buff[free_map[consumer_index]]->skb = new_skb;
free_map[consumer_index] = IBMVNIC_INVALID_MAP;
consumer_index ++;
Where variable data looks like this:
free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3]
consumer_index^
tx_buff == [skb=null, skb=<ptr>, skb=<ptr>, skb=null, skb=null]
The driver has checks to ensure that free_map[consumer_index] pointed to
a valid index but there was no check to ensure that this index pointed
to an unused/null skb address. So, if, by some chance, our free_map and
tx_buff lists become out of sync then we were previously risking an
skb memory leak. This could then cause tcp congestion control to stop
sending packets, eventually leading to ETIMEDOUT.
Therefore, add a conditional to ensure that the skb address is null. If
not then warn the user (because this is still a bug that should be
patched) and free the old pointer to prevent memleak/tcp problems.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
65d6470d139a6c1655fccb5cbacbeaba8e8ad2f8 , < 16ad1557cae582e79bb82dddd612d9bdfaa11d4c
(git)
Affected: 65d6470d139a6c1655fccb5cbacbeaba8e8ad2f8 , < 267c61c4afed0ff9a2e83462abad3f41d8ca1f06 (git) Affected: 65d6470d139a6c1655fccb5cbacbeaba8e8ad2f8 , < e7b75def33eae61ddaad6cb616c517dc3882eb2a (git) Affected: 65d6470d139a6c1655fccb5cbacbeaba8e8ad2f8 , < 0983d288caf984de0202c66641577b739caad561 (git) Affected: 1a64564eee05128f773930649edfdd50cbe80656 (git) Affected: 5142c39253385702a4de8f897027e1d76fc333de (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:16.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/16ad1557cae582e79bb82dddd612d9bdfaa11d4c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/267c61c4afed0ff9a2e83462abad3f41d8ca1f06"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e7b75def33eae61ddaad6cb616c517dc3882eb2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0983d288caf984de0202c66641577b739caad561"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41066",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:21:52.759335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:57.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ibm/ibmvnic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "16ad1557cae582e79bb82dddd612d9bdfaa11d4c",
"status": "affected",
"version": "65d6470d139a6c1655fccb5cbacbeaba8e8ad2f8",
"versionType": "git"
},
{
"lessThan": "267c61c4afed0ff9a2e83462abad3f41d8ca1f06",
"status": "affected",
"version": "65d6470d139a6c1655fccb5cbacbeaba8e8ad2f8",
"versionType": "git"
},
{
"lessThan": "e7b75def33eae61ddaad6cb616c517dc3882eb2a",
"status": "affected",
"version": "65d6470d139a6c1655fccb5cbacbeaba8e8ad2f8",
"versionType": "git"
},
{
"lessThan": "0983d288caf984de0202c66641577b739caad561",
"status": "affected",
"version": "65d6470d139a6c1655fccb5cbacbeaba8e8ad2f8",
"versionType": "git"
},
{
"status": "affected",
"version": "1a64564eee05128f773930649edfdd50cbe80656",
"versionType": "git"
},
{
"status": "affected",
"version": "5142c39253385702a4de8f897027e1d76fc333de",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/ibm/ibmvnic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.42",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.101",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.42",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.11",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nibmvnic: Add tx check to prevent skb leak\n\nBelow is a summary of how the driver stores a reference to an skb during\ntransmit:\n tx_buff[free_map[consumer_index]]-\u003eskb = new_skb;\n free_map[consumer_index] = IBMVNIC_INVALID_MAP;\n consumer_index ++;\nWhere variable data looks like this:\n free_map == [4, IBMVNIC_INVALID_MAP, IBMVNIC_INVALID_MAP, 0, 3]\n \tconsumer_index^\n tx_buff == [skb=null, skb=\u003cptr\u003e, skb=\u003cptr\u003e, skb=null, skb=null]\n\nThe driver has checks to ensure that free_map[consumer_index] pointed to\na valid index but there was no check to ensure that this index pointed\nto an unused/null skb address. So, if, by some chance, our free_map and\ntx_buff lists become out of sync then we were previously risking an\nskb memory leak. This could then cause tcp congestion control to stop\nsending packets, eventually leading to ETIMEDOUT.\n\nTherefore, add a conditional to ensure that the skb address is null. If\nnot then warn the user (because this is still a bug that should be\npatched) and free the old pointer to prevent memleak/tcp problems."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:37:32.438Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/16ad1557cae582e79bb82dddd612d9bdfaa11d4c"
},
{
"url": "https://git.kernel.org/stable/c/267c61c4afed0ff9a2e83462abad3f41d8ca1f06"
},
{
"url": "https://git.kernel.org/stable/c/e7b75def33eae61ddaad6cb616c517dc3882eb2a"
},
{
"url": "https://git.kernel.org/stable/c/0983d288caf984de0202c66641577b739caad561"
}
],
"title": "ibmvnic: Add tx check to prevent skb leak",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41066",
"datePublished": "2024-07-29T14:57:27.832Z",
"dateReserved": "2024-07-12T12:17:45.630Z",
"dateUpdated": "2026-01-05T10:37:32.438Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-24857 (GCVE-0-2024-24857)
Vulnerability from cvelistv5 – Published: 2024-02-05 07:31 – Updated: 2025-02-13 17:40
VLAI?
EPSS
Title
Race condition vulnerability in Linux kernel bluetooth in conn_info_{min,max}_age_set()
Summary
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.
Severity ?
4.6 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux kernel |
Affected:
v4.0-rc1 , < v6.8-rc2
(custom)
|
Credits
白家驹 <baijiaju@buaa.edu.cn>
韩桂栋 <hanguidong@buaa.edu.cn>
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24857",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-21T19:29:31.571479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:43:34.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8155"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"bluetooth"
],
"packageName": "kernel",
"platforms": [
"Linux",
"x86",
"ARM"
],
"product": "Linux kernel",
"programFiles": [
"https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/hci_debugfs.c"
],
"repo": "https://gitee.com/anolis/cloud-kernel.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "v6.8-rc2",
"status": "affected",
"version": "v4.0-rc1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.\u003c/p\u003e"
}
],
"value": "A race condition was found in the Linux kernel\u0027s net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service."
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26 Leveraging Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:09:33.398Z",
"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"shortName": "Anolis"
},
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8155"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://lore.kernel.org/lkml/20231222162310.6461-1-2045gemini@gmail.com/T/\"\u003ehttps://lore.kernel.org/lkml/20231222162310.6461-1-2045gemini@gmail.com/T/\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://lore.kernel.org/lkml/20231222162310.6461-1-2045gemini@gmail.com/T/ https://lore.kernel.org/lkml/20231222162310.6461-1-2045gemini@gmail.com/T/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Race condition vulnerability in Linux kernel bluetooth in conn_info_{min,max}_age_set()",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"assignerShortName": "Anolis",
"cveId": "CVE-2024-24857",
"datePublished": "2024-02-05T07:31:31.308Z",
"dateReserved": "2024-02-01T09:11:56.214Z",
"dateUpdated": "2025-02-13T17:40:33.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40924 (GCVE-0-2024-40924)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:25 – Updated: 2025-11-03 21:57
VLAI?
EPSS
Title
drm/i915/dpt: Make DPT object unshrinkable
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/dpt: Make DPT object unshrinkable
In some scenarios, the DPT object gets shrunk but
the actual framebuffer did not and thus its still
there on the DPT's vm->bound_list. Then it tries to
rewrite the PTEs via a stale CPU mapping. This causes panic.
[vsyrjala: Add TODO comment]
(cherry picked from commit 51064d471c53dcc8eddd2333c3f1c1d9131ba36c)
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
0dc987b699ce4266450d407d6d79d41eab88c5d0 , < 327280149066f0e5f2e50356b5823f76dabfe86e
(git)
Affected: 0dc987b699ce4266450d407d6d79d41eab88c5d0 , < 7a9883be3b98673333eec65c4a21cc18e60292eb (git) Affected: 0dc987b699ce4266450d407d6d79d41eab88c5d0 , < a2552020fb714ff357182c3c179abfac2289f84d (git) Affected: 0dc987b699ce4266450d407d6d79d41eab88c5d0 , < 43e2b37e2ab660c3565d4cff27922bc70e79c3f1 (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:57:53.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/327280149066f0e5f2e50356b5823f76dabfe86e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a9883be3b98673333eec65c4a21cc18e60292eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2552020fb714ff357182c3c179abfac2289f84d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43e2b37e2ab660c3565d4cff27922bc70e79c3f1"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:05:20.923051Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:03.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gem/i915_gem_object.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "327280149066f0e5f2e50356b5823f76dabfe86e",
"status": "affected",
"version": "0dc987b699ce4266450d407d6d79d41eab88c5d0",
"versionType": "git"
},
{
"lessThan": "7a9883be3b98673333eec65c4a21cc18e60292eb",
"status": "affected",
"version": "0dc987b699ce4266450d407d6d79d41eab88c5d0",
"versionType": "git"
},
{
"lessThan": "a2552020fb714ff357182c3c179abfac2289f84d",
"status": "affected",
"version": "0dc987b699ce4266450d407d6d79d41eab88c5d0",
"versionType": "git"
},
{
"lessThan": "43e2b37e2ab660c3565d4cff27922bc70e79c3f1",
"status": "affected",
"version": "0dc987b699ce4266450d407d6d79d41eab88c5d0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/gem/i915_gem_object.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.95",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/dpt: Make DPT object unshrinkable\n\nIn some scenarios, the DPT object gets shrunk but\nthe actual framebuffer did not and thus its still\nthere on the DPT\u0027s vm-\u003ebound_list. Then it tries to\nrewrite the PTEs via a stale CPU mapping. This causes panic.\n\n[vsyrjala: Add TODO comment]\n(cherry picked from commit 51064d471c53dcc8eddd2333c3f1c1d9131ba36c)"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:17:56.859Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/327280149066f0e5f2e50356b5823f76dabfe86e"
},
{
"url": "https://git.kernel.org/stable/c/7a9883be3b98673333eec65c4a21cc18e60292eb"
},
{
"url": "https://git.kernel.org/stable/c/a2552020fb714ff357182c3c179abfac2289f84d"
},
{
"url": "https://git.kernel.org/stable/c/43e2b37e2ab660c3565d4cff27922bc70e79c3f1"
}
],
"title": "drm/i915/dpt: Make DPT object unshrinkable",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40924",
"datePublished": "2024-07-12T12:25:04.991Z",
"dateReserved": "2024-07-12T12:17:45.582Z",
"dateUpdated": "2025-11-03T21:57:53.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-39503 (GCVE-0-2024-39503)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:20 – Updated: 2025-11-03 21:56
VLAI?
EPSS
Title
netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type
Lion Ackermann reported that there is a race condition between namespace cleanup
in ipset and the garbage collection of the list:set type. The namespace
cleanup can destroy the list:set type of sets while the gc of the set type is
waiting to run in rcu cleanup. The latter uses data from the destroyed set which
thus leads use after free. The patch contains the following parts:
- When destroying all sets, first remove the garbage collectors, then wait
if needed and then destroy the sets.
- Fix the badly ordered "wait then remove gc" for the destroy a single set
case.
- Fix the missing rcu locking in the list:set type in the userspace test
case.
- Use proper RCU list handlings in the list:set type.
The patch depends on c1193d9bbbd3 (netfilter: ipset: Add list flush to cancel_gc).
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
c7f2733e5011bfd136f1ca93497394d43aa76225 , < c0761d1f1ce1d5b85b5e82bbb714df12de1aa8c3
(git)
Affected: a24d5f2ac8ef702a58e55ec276aad29b4bd97e05 , < 93b53c202b51a69e42ca57f5a183f7e008e19f83 (git) Affected: c2dc077d8f722a1c73a24e674f925602ee5ece49 , < 0f1bb77c6d837c9513943bc7c08f04c5cc5c6568 (git) Affected: 653bc5e6d9995d7d5f497c665b321875a626161c , < 390b353d1a1da3e9c6c0fd14fe650d69063c95d6 (git) Affected: b93a6756a01f4fd2f329a39216f9824c56a66397 , < 2ba35b37f780c6410bb4bba9c3072596d8576702 (git) Affected: 97f7cf1cd80eeed3b7c808b7c12463295c751001 , < 90ae20d47de602198eb69e6cd7a3db3420abfc08 (git) Affected: 97f7cf1cd80eeed3b7c808b7c12463295c751001 , < 4e7aaa6b82d63e8ddcbfb56b4fd3d014ca586f10 (git) Affected: 970709a67696b100a57b33af1a3d75fc34b747eb (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:56:23.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0761d1f1ce1d5b85b5e82bbb714df12de1aa8c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93b53c202b51a69e42ca57f5a183f7e008e19f83"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f1bb77c6d837c9513943bc7c08f04c5cc5c6568"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/390b353d1a1da3e9c6c0fd14fe650d69063c95d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ba35b37f780c6410bb4bba9c3072596d8576702"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/90ae20d47de602198eb69e6cd7a3db3420abfc08"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e7aaa6b82d63e8ddcbfb56b4fd3d014ca586f10"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39503",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:07:04.128981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:40.232Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/ipset/ip_set_core.c",
"net/netfilter/ipset/ip_set_list_set.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c0761d1f1ce1d5b85b5e82bbb714df12de1aa8c3",
"status": "affected",
"version": "c7f2733e5011bfd136f1ca93497394d43aa76225",
"versionType": "git"
},
{
"lessThan": "93b53c202b51a69e42ca57f5a183f7e008e19f83",
"status": "affected",
"version": "a24d5f2ac8ef702a58e55ec276aad29b4bd97e05",
"versionType": "git"
},
{
"lessThan": "0f1bb77c6d837c9513943bc7c08f04c5cc5c6568",
"status": "affected",
"version": "c2dc077d8f722a1c73a24e674f925602ee5ece49",
"versionType": "git"
},
{
"lessThan": "390b353d1a1da3e9c6c0fd14fe650d69063c95d6",
"status": "affected",
"version": "653bc5e6d9995d7d5f497c665b321875a626161c",
"versionType": "git"
},
{
"lessThan": "2ba35b37f780c6410bb4bba9c3072596d8576702",
"status": "affected",
"version": "b93a6756a01f4fd2f329a39216f9824c56a66397",
"versionType": "git"
},
{
"lessThan": "90ae20d47de602198eb69e6cd7a3db3420abfc08",
"status": "affected",
"version": "97f7cf1cd80eeed3b7c808b7c12463295c751001",
"versionType": "git"
},
{
"lessThan": "4e7aaa6b82d63e8ddcbfb56b4fd3d014ca586f10",
"status": "affected",
"version": "97f7cf1cd80eeed3b7c808b7c12463295c751001",
"versionType": "git"
},
{
"status": "affected",
"version": "970709a67696b100a57b33af1a3d75fc34b747eb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/ipset/ip_set_core.c",
"net/netfilter/ipset/ip_set_list_set.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.35",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "5.4.269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "5.10.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "5.15.149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.95",
"versionStartIncluding": "6.1.79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.35",
"versionStartIncluding": "6.6.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.6",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ipset: Fix race between namespace cleanup and gc in the list:set type\n\nLion Ackermann reported that there is a race condition between namespace cleanup\nin ipset and the garbage collection of the list:set type. The namespace\ncleanup can destroy the list:set type of sets while the gc of the set type is\nwaiting to run in rcu cleanup. The latter uses data from the destroyed set which\nthus leads use after free. The patch contains the following parts:\n\n- When destroying all sets, first remove the garbage collectors, then wait\n if needed and then destroy the sets.\n- Fix the badly ordered \"wait then remove gc\" for the destroy a single set\n case.\n- Fix the missing rcu locking in the list:set type in the userspace test\n case.\n- Use proper RCU list handlings in the list:set type.\n\nThe patch depends on c1193d9bbbd3 (netfilter: ipset: Add list flush to cancel_gc)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:57:05.808Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c0761d1f1ce1d5b85b5e82bbb714df12de1aa8c3"
},
{
"url": "https://git.kernel.org/stable/c/93b53c202b51a69e42ca57f5a183f7e008e19f83"
},
{
"url": "https://git.kernel.org/stable/c/0f1bb77c6d837c9513943bc7c08f04c5cc5c6568"
},
{
"url": "https://git.kernel.org/stable/c/390b353d1a1da3e9c6c0fd14fe650d69063c95d6"
},
{
"url": "https://git.kernel.org/stable/c/2ba35b37f780c6410bb4bba9c3072596d8576702"
},
{
"url": "https://git.kernel.org/stable/c/90ae20d47de602198eb69e6cd7a3db3420abfc08"
},
{
"url": "https://git.kernel.org/stable/c/4e7aaa6b82d63e8ddcbfb56b4fd3d014ca586f10"
}
],
"title": "netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39503",
"datePublished": "2024-07-12T12:20:36.299Z",
"dateReserved": "2024-06-25T14:23:23.752Z",
"dateUpdated": "2025-11-03T21:56:23.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41009 (GCVE-0-2024-41009)
Vulnerability from cvelistv5 – Published: 2024-07-17 06:10 – Updated: 2025-11-03 21:59
VLAI?
EPSS
Title
bpf: Fix overrunning reservations in ringbuf
Summary
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix overrunning reservations in ringbuf
The BPF ring buffer internally is implemented as a power-of-2 sized circular
buffer, with two logical and ever-increasing counters: consumer_pos is the
consumer counter to show which logical position the consumer consumed the
data, and producer_pos which is the producer counter denoting the amount of
data reserved by all producers.
Each time a record is reserved, the producer that "owns" the record will
successfully advance producer counter. In user space each time a record is
read, the consumer of the data advanced the consumer counter once it finished
processing. Both counters are stored in separate pages so that from user
space, the producer counter is read-only and the consumer counter is read-write.
One aspect that simplifies and thus speeds up the implementation of both
producers and consumers is how the data area is mapped twice contiguously
back-to-back in the virtual memory, allowing to not take any special measures
for samples that have to wrap around at the end of the circular buffer data
area, because the next page after the last data page would be first data page
again, and thus the sample will still appear completely contiguous in virtual
memory.
Each record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for
book-keeping the length and offset, and is inaccessible to the BPF program.
Helpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`
for the BPF program to use. Bing-Jhong and Muhammad reported that it is however
possible to make a second allocated memory chunk overlapping with the first
chunk and as a result, the BPF program is now able to edit first chunk's
header.
For example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size
of 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to
bpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in
[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets
allocate a chunk B with size 0x3000. This will succeed because consumer_pos
was edited ahead of time to pass the `new_prod_pos - cons_pos > rb->mask`
check. Chunk B will be in range [0x3008,0x6010], and the BPF program is able
to edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned
earlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data
pages. This means that chunk B at [0x4000,0x4008] is chunk A's header.
bpf_ringbuf_submit() / bpf_ringbuf_discard() use the header's pg_off to then
locate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk
B modified chunk A's header, then bpf_ringbuf_commit() refers to the wrong
page and could cause a crash.
Fix it by calculating the oldest pending_pos and check whether the range
from the oldest outstanding record to the newest would span beyond the ring
buffer size. If that is the case, then reject the request. We've tested with
the ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)
before/after the fix and while it seems a bit slower on some benchmarks, it
is still not significantly enough to matter.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
457f44363a8894135c85b7a9afd2bd8196db24ab , < be35504b959f2749bab280f4671e8df96dcf836f
(git)
Affected: 457f44363a8894135c85b7a9afd2bd8196db24ab , < 0f98f40eb1ed52af8b81f61901b6c0289ff59de4 (git) Affected: 457f44363a8894135c85b7a9afd2bd8196db24ab , < d1b9df0435bc61e0b44f578846516df8ef476686 (git) Affected: 457f44363a8894135c85b7a9afd2bd8196db24ab , < 511804ab701c0503b72eac08217eabfd366ba069 (git) Affected: 457f44363a8894135c85b7a9afd2bd8196db24ab , < 47416c852f2a04d348ea66ee451cbdcf8119f225 (git) Affected: 457f44363a8894135c85b7a9afd2bd8196db24ab , < cfa1a2329a691ffd991fcf7248a57d752e712881 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:59:13.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41009",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:25:12.740807Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:06.763Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/ringbuf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "be35504b959f2749bab280f4671e8df96dcf836f",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
},
{
"lessThan": "0f98f40eb1ed52af8b81f61901b6c0289ff59de4",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
},
{
"lessThan": "d1b9df0435bc61e0b44f578846516df8ef476686",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
},
{
"lessThan": "511804ab701c0503b72eac08217eabfd366ba069",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
},
{
"lessThan": "47416c852f2a04d348ea66ee451cbdcf8119f225",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
},
{
"lessThan": "cfa1a2329a691ffd991fcf7248a57d752e712881",
"status": "affected",
"version": "457f44363a8894135c85b7a9afd2bd8196db24ab",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/ringbuf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.164",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.223",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.164",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix overrunning reservations in ringbuf\n\nThe BPF ring buffer internally is implemented as a power-of-2 sized circular\nbuffer, with two logical and ever-increasing counters: consumer_pos is the\nconsumer counter to show which logical position the consumer consumed the\ndata, and producer_pos which is the producer counter denoting the amount of\ndata reserved by all producers.\n\nEach time a record is reserved, the producer that \"owns\" the record will\nsuccessfully advance producer counter. In user space each time a record is\nread, the consumer of the data advanced the consumer counter once it finished\nprocessing. Both counters are stored in separate pages so that from user\nspace, the producer counter is read-only and the consumer counter is read-write.\n\nOne aspect that simplifies and thus speeds up the implementation of both\nproducers and consumers is how the data area is mapped twice contiguously\nback-to-back in the virtual memory, allowing to not take any special measures\nfor samples that have to wrap around at the end of the circular buffer data\narea, because the next page after the last data page would be first data page\nagain, and thus the sample will still appear completely contiguous in virtual\nmemory.\n\nEach record has a struct bpf_ringbuf_hdr { u32 len; u32 pg_off; } header for\nbook-keeping the length and offset, and is inaccessible to the BPF program.\nHelpers like bpf_ringbuf_reserve() return `(void *)hdr + BPF_RINGBUF_HDR_SZ`\nfor the BPF program to use. Bing-Jhong and Muhammad reported that it is however\npossible to make a second allocated memory chunk overlapping with the first\nchunk and as a result, the BPF program is now able to edit first chunk\u0027s\nheader.\n\nFor example, consider the creation of a BPF_MAP_TYPE_RINGBUF map with size\nof 0x4000. Next, the consumer_pos is modified to 0x3000 /before/ a call to\nbpf_ringbuf_reserve() is made. This will allocate a chunk A, which is in\n[0x0,0x3008], and the BPF program is able to edit [0x8,0x3008]. Now, lets\nallocate a chunk B with size 0x3000. This will succeed because consumer_pos\nwas edited ahead of time to pass the `new_prod_pos - cons_pos \u003e rb-\u003emask`\ncheck. Chunk B will be in range [0x3008,0x6010], and the BPF program is able\nto edit [0x3010,0x6010]. Due to the ring buffer memory layout mentioned\nearlier, the ranges [0x0,0x4000] and [0x4000,0x8000] point to the same data\npages. This means that chunk B at [0x4000,0x4008] is chunk A\u0027s header.\nbpf_ringbuf_submit() / bpf_ringbuf_discard() use the header\u0027s pg_off to then\nlocate the bpf_ringbuf itself via bpf_ringbuf_restore_from_rec(). Once chunk\nB modified chunk A\u0027s header, then bpf_ringbuf_commit() refers to the wrong\npage and could cause a crash.\n\nFix it by calculating the oldest pending_pos and check whether the range\nfrom the oldest outstanding record to the newest would span beyond the ring\nbuffer size. If that is the case, then reject the request. We\u0027ve tested with\nthe ring buffer benchmark in BPF selftests (./benchs/run_bench_ringbufs.sh)\nbefore/after the fix and while it seems a bit slower on some benchmarks, it\nis still not significantly enough to matter."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:19:59.853Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/be35504b959f2749bab280f4671e8df96dcf836f"
},
{
"url": "https://git.kernel.org/stable/c/0f98f40eb1ed52af8b81f61901b6c0289ff59de4"
},
{
"url": "https://git.kernel.org/stable/c/d1b9df0435bc61e0b44f578846516df8ef476686"
},
{
"url": "https://git.kernel.org/stable/c/511804ab701c0503b72eac08217eabfd366ba069"
},
{
"url": "https://git.kernel.org/stable/c/47416c852f2a04d348ea66ee451cbdcf8119f225"
},
{
"url": "https://git.kernel.org/stable/c/cfa1a2329a691ffd991fcf7248a57d752e712881"
}
],
"title": "bpf: Fix overrunning reservations in ringbuf",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41009",
"datePublished": "2024-07-17T06:10:11.351Z",
"dateReserved": "2024-07-12T12:17:45.610Z",
"dateUpdated": "2025-11-03T21:59:13.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-44989 (GCVE-0-2024-44989)
Vulnerability from cvelistv5 – Published: 2024-09-04 19:54 – Updated: 2025-11-03 22:14
VLAI?
EPSS
Title
bonding: fix xfrm real_dev null pointer dereference
Summary
In the Linux kernel, the following vulnerability has been resolved:
bonding: fix xfrm real_dev null pointer dereference
We shouldn't set real_dev to NULL because packets can be in transit and
xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume
real_dev is set.
Example trace:
kernel: BUG: unable to handle page fault for address: 0000000000001030
kernel: bond0: (slave eni0np1): making interface the new active one
kernel: #PF: supervisor write access in kernel mode
kernel: #PF: error_code(0x0002) - not-present page
kernel: PGD 0 P4D 0
kernel: Oops: 0002 [#1] PREEMPT SMP
kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12
kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014
kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]
kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f
kernel: bond0: (slave eni0np1): making interface the new active one
kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246
kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
kernel:
kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60
kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00
kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014
kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000
kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000
kernel: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0
kernel: bond0: (slave eni0np1): making interface the new active one
kernel: Call Trace:
kernel: <TASK>
kernel: ? __die+0x1f/0x60
kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
kernel: ? page_fault_oops+0x142/0x4c0
kernel: ? do_user_addr_fault+0x65/0x670
kernel: ? kvm_read_and_reset_apf_flags+0x3b/0x50
kernel: bond0: (slave eni0np1): making interface the new active one
kernel: ? exc_page_fault+0x7b/0x180
kernel: ? asm_exc_page_fault+0x22/0x30
kernel: ? nsim_bpf_uninit+0x50/0x50 [netdevsim]
kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]
kernel: bond0: (slave eni0np1): making interface the new active one
kernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding]
kernel: xfrm_output+0x61/0x3b0
kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
kernel: ip_push_pending_frames+0x56/0x80
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 21816b696c172c19d53a30d45ee005cce246ed21
(git)
Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 2f72c6a66bcd7e0187ec085237fee5db27145294 (git) Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 7fa9243391ad2afe798ef4ea2e2851947b95754f (git) Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 4582d4ff413a07d4ed8a4823c652dc5207760548 (git) Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < 89fc1dca79db5c3e7a2d589ecbf8a3661c65f436 (git) Affected: 18cb261afd7bf50134e5ccacc5ec91ea16efadd4 , < f8cde9805981c50d0c029063dc7d82821806fc44 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44989",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T20:19:50.219529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T20:20:52.769Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:14:43.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/bonding/bond_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "21816b696c172c19d53a30d45ee005cce246ed21",
"status": "affected",
"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
"versionType": "git"
},
{
"lessThan": "2f72c6a66bcd7e0187ec085237fee5db27145294",
"status": "affected",
"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
"versionType": "git"
},
{
"lessThan": "7fa9243391ad2afe798ef4ea2e2851947b95754f",
"status": "affected",
"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
"versionType": "git"
},
{
"lessThan": "4582d4ff413a07d4ed8a4823c652dc5207760548",
"status": "affected",
"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
"versionType": "git"
},
{
"lessThan": "89fc1dca79db5c3e7a2d589ecbf8a3661c65f436",
"status": "affected",
"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
"versionType": "git"
},
{
"lessThan": "f8cde9805981c50d0c029063dc7d82821806fc44",
"status": "affected",
"version": "18cb261afd7bf50134e5ccacc5ec91ea16efadd4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/bonding/bond_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "5.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix xfrm real_dev null pointer dereference\n\nWe shouldn\u0027t set real_dev to NULL because packets can be in transit and\nxfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume\nreal_dev is set.\n\n Example trace:\n kernel: BUG: unable to handle page fault for address: 0000000000001030\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: #PF: supervisor write access in kernel mode\n kernel: #PF: error_code(0x0002) - not-present page\n kernel: PGD 0 P4D 0\n kernel: Oops: 0002 [#1] PREEMPT SMP\n kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12\n kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014\n kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 \u003c83\u003e 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel:\n kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60\n kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00\n kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014\n kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000\n kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000\n kernel: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000\n kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: Call Trace:\n kernel: \u003cTASK\u003e\n kernel: ? __die+0x1f/0x60\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ? page_fault_oops+0x142/0x4c0\n kernel: ? do_user_addr_fault+0x65/0x670\n kernel: ? kvm_read_and_reset_apf_flags+0x3b/0x50\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: ? exc_page_fault+0x7b/0x180\n kernel: ? asm_exc_page_fault+0x22/0x30\n kernel: ? nsim_bpf_uninit+0x50/0x50 [netdevsim]\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]\n kernel: bond0: (slave eni0np1): making interface the new active one\n kernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding]\n kernel: xfrm_output+0x61/0x3b0\n kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA\n kernel: ip_push_pending_frames+0x56/0x80"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:30:32.250Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/21816b696c172c19d53a30d45ee005cce246ed21"
},
{
"url": "https://git.kernel.org/stable/c/2f72c6a66bcd7e0187ec085237fee5db27145294"
},
{
"url": "https://git.kernel.org/stable/c/7fa9243391ad2afe798ef4ea2e2851947b95754f"
},
{
"url": "https://git.kernel.org/stable/c/4582d4ff413a07d4ed8a4823c652dc5207760548"
},
{
"url": "https://git.kernel.org/stable/c/89fc1dca79db5c3e7a2d589ecbf8a3661c65f436"
},
{
"url": "https://git.kernel.org/stable/c/f8cde9805981c50d0c029063dc7d82821806fc44"
}
],
"title": "bonding: fix xfrm real_dev null pointer dereference",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-44989",
"datePublished": "2024-09-04T19:54:36.858Z",
"dateReserved": "2024-08-21T05:34:56.671Z",
"dateUpdated": "2025-11-03T22:14:43.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38540 (GCVE-0-2024-38540)
Vulnerability from cvelistv5 – Published: 2024-06-19 13:35 – Updated: 2025-11-03 21:55
VLAI?
EPSS
Title
bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
Summary
In the Linux kernel, the following vulnerability has been resolved:
bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
Undefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called
with hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0.
In that case, "roundup_pow_of_two(hwq_attr->aux_stride)" gets called.
roundup_pow_of_two is documented as undefined for 0.
Fix it in the one caller that had this combination.
The undefined behavior was detected by UBSAN:
UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13
shift exponent 64 is too large for 64-bit type 'long unsigned int'
CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4
Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023
Call Trace:
<TASK>
dump_stack_lvl+0x5d/0x80
ubsan_epilogue+0x5/0x30
__ubsan_handle_shift_out_of_bounds.cold+0x61/0xec
__roundup_pow_of_two+0x25/0x35 [bnxt_re]
bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re]
bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re]
bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re]
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
? __kmalloc+0x1b6/0x4f0
? create_qp.part.0+0x128/0x1c0 [ib_core]
? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re]
create_qp.part.0+0x128/0x1c0 [ib_core]
ib_create_qp_kernel+0x50/0xd0 [ib_core]
create_mad_qp+0x8e/0xe0 [ib_core]
? __pfx_qp_event_handler+0x10/0x10 [ib_core]
ib_mad_init_device+0x2be/0x680 [ib_core]
add_client_context+0x10d/0x1a0 [ib_core]
enable_device_and_get+0xe0/0x1d0 [ib_core]
ib_register_device+0x53c/0x630 [ib_core]
? srso_alias_return_thunk+0x5/0xfbef5
bnxt_re_probe+0xbd8/0xe50 [bnxt_re]
? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re]
auxiliary_bus_probe+0x49/0x80
? driver_sysfs_add+0x57/0xc0
really_probe+0xde/0x340
? pm_runtime_barrier+0x54/0x90
? __pfx___driver_attach+0x10/0x10
__driver_probe_device+0x78/0x110
driver_probe_device+0x1f/0xa0
__driver_attach+0xba/0x1c0
bus_for_each_dev+0x8f/0xe0
bus_add_driver+0x146/0x220
driver_register+0x72/0xd0
__auxiliary_driver_register+0x6e/0xd0
? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]
bnxt_re_mod_init+0x3e/0xff0 [bnxt_re]
? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]
do_one_initcall+0x5b/0x310
do_init_module+0x90/0x250
init_module_from_file+0x86/0xc0
idempotent_init_module+0x121/0x2b0
__x64_sys_finit_module+0x5e/0xb0
do_syscall_64+0x82/0x160
? srso_alias_return_thunk+0x5/0xfbef5
? syscall_exit_to_user_mode_prepare+0x149/0x170
? srso_alias_return_thunk+0x5/0xfbef5
? syscall_exit_to_user_mode+0x75/0x230
? srso_alias_return_thunk+0x5/0xfbef5
? do_syscall_64+0x8e/0x160
? srso_alias_return_thunk+0x5/0xfbef5
? __count_memcg_events+0x69/0x100
? srso_alias_return_thunk+0x5/0xfbef5
? count_memcg_events.constprop.0+0x1a/0x30
? srso_alias_return_thunk+0x5/0xfbef5
? handle_mm_fault+0x1f0/0x300
? srso_alias_return_thunk+0x5/0xfbef5
? do_user_addr_fault+0x34e/0x640
? srso_alias_return_thunk+0x5/0xfbef5
? srso_alias_return_thunk+0x5/0xfbef5
entry_SYSCALL_64_after_hwframe+0x76/0x7e
RIP: 0033:0x7f4e5132821d
Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48
RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d
RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b
RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0
R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d
R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60
</TASK>
---[ end trace ]---
Severity ?
4.4 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
0c4dcd602817502bb3dced7a834a13ef717d65a4 , < 66a9937187ac9b5c5ffff07b8b284483e56804d1
(git)
Affected: 0c4dcd602817502bb3dced7a834a13ef717d65a4 , < 84d2f29152184f0d72ed7c9648c4ee6927df4e59 (git) Affected: 0c4dcd602817502bb3dced7a834a13ef717d65a4 , < a658f011d89dd20cf2c7cb4760ffd79201700b98 (git) Affected: 0c4dcd602817502bb3dced7a834a13ef717d65a4 , < 627493443f3a8458cb55cdae1da254a7001123bc (git) Affected: 0c4dcd602817502bb3dced7a834a13ef717d65a4 , < 8b799c00cea6fcfe5b501bbaeb228c8821acb753 (git) Affected: 0c4dcd602817502bb3dced7a834a13ef717d65a4 , < 78cfd17142ef70599d6409cbd709d94b3da58659 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-38540",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T15:37:42.492444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:54:28.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:55:46.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a658f011d89dd20cf2c7cb4760ffd79201700b98"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/627493443f3a8458cb55cdae1da254a7001123bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b799c00cea6fcfe5b501bbaeb228c8821acb753"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/78cfd17142ef70599d6409cbd709d94b3da58659"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/bnxt_re/qplib_fp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "66a9937187ac9b5c5ffff07b8b284483e56804d1",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "84d2f29152184f0d72ed7c9648c4ee6927df4e59",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "a658f011d89dd20cf2c7cb4760ffd79201700b98",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "627493443f3a8458cb55cdae1da254a7001123bc",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "8b799c00cea6fcfe5b501bbaeb228c8821acb753",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
},
{
"lessThan": "78cfd17142ef70599d6409cbd709d94b3da58659",
"status": "affected",
"version": "0c4dcd602817502bb3dced7a834a13ef717d65a4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/bnxt_re/qplib_fp.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.181",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.181",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq\n\nUndefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called\nwith hwq_attr-\u003eaux_depth != 0 and hwq_attr-\u003eaux_stride == 0.\nIn that case, \"roundup_pow_of_two(hwq_attr-\u003eaux_stride)\" gets called.\nroundup_pow_of_two is documented as undefined for 0.\n\nFix it in the one caller that had this combination.\n\nThe undefined behavior was detected by UBSAN:\n UBSAN: shift-out-of-bounds in ./include/linux/log2.h:57:13\n shift exponent 64 is too large for 64-bit type \u0027long unsigned int\u0027\n CPU: 24 PID: 1075 Comm: (udev-worker) Not tainted 6.9.0-rc6+ #4\n Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.7 10/25/2023\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x5d/0x80\n ubsan_epilogue+0x5/0x30\n __ubsan_handle_shift_out_of_bounds.cold+0x61/0xec\n __roundup_pow_of_two+0x25/0x35 [bnxt_re]\n bnxt_qplib_alloc_init_hwq+0xa1/0x470 [bnxt_re]\n bnxt_qplib_create_qp+0x19e/0x840 [bnxt_re]\n bnxt_re_create_qp+0x9b1/0xcd0 [bnxt_re]\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? __kmalloc+0x1b6/0x4f0\n ? create_qp.part.0+0x128/0x1c0 [ib_core]\n ? __pfx_bnxt_re_create_qp+0x10/0x10 [bnxt_re]\n create_qp.part.0+0x128/0x1c0 [ib_core]\n ib_create_qp_kernel+0x50/0xd0 [ib_core]\n create_mad_qp+0x8e/0xe0 [ib_core]\n ? __pfx_qp_event_handler+0x10/0x10 [ib_core]\n ib_mad_init_device+0x2be/0x680 [ib_core]\n add_client_context+0x10d/0x1a0 [ib_core]\n enable_device_and_get+0xe0/0x1d0 [ib_core]\n ib_register_device+0x53c/0x630 [ib_core]\n ? srso_alias_return_thunk+0x5/0xfbef5\n bnxt_re_probe+0xbd8/0xe50 [bnxt_re]\n ? __pfx_bnxt_re_probe+0x10/0x10 [bnxt_re]\n auxiliary_bus_probe+0x49/0x80\n ? driver_sysfs_add+0x57/0xc0\n really_probe+0xde/0x340\n ? pm_runtime_barrier+0x54/0x90\n ? __pfx___driver_attach+0x10/0x10\n __driver_probe_device+0x78/0x110\n driver_probe_device+0x1f/0xa0\n __driver_attach+0xba/0x1c0\n bus_for_each_dev+0x8f/0xe0\n bus_add_driver+0x146/0x220\n driver_register+0x72/0xd0\n __auxiliary_driver_register+0x6e/0xd0\n ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n bnxt_re_mod_init+0x3e/0xff0 [bnxt_re]\n ? __pfx_bnxt_re_mod_init+0x10/0x10 [bnxt_re]\n do_one_initcall+0x5b/0x310\n do_init_module+0x90/0x250\n init_module_from_file+0x86/0xc0\n idempotent_init_module+0x121/0x2b0\n __x64_sys_finit_module+0x5e/0xb0\n do_syscall_64+0x82/0x160\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? syscall_exit_to_user_mode_prepare+0x149/0x170\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? syscall_exit_to_user_mode+0x75/0x230\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? do_syscall_64+0x8e/0x160\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? __count_memcg_events+0x69/0x100\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? count_memcg_events.constprop.0+0x1a/0x30\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? handle_mm_fault+0x1f0/0x300\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? do_user_addr_fault+0x34e/0x640\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? srso_alias_return_thunk+0x5/0xfbef5\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f4e5132821d\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d e3 db 0c 00 f7 d8 64 89 01 48\n RSP: 002b:00007ffca9c906a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n RAX: ffffffffffffffda RBX: 0000563ec8a8f130 RCX: 00007f4e5132821d\n RDX: 0000000000000000 RSI: 00007f4e518fa07d RDI: 000000000000003b\n RBP: 00007ffca9c90760 R08: 00007f4e513f6b20 R09: 00007ffca9c906f0\n R10: 0000563ec8a8faa0 R11: 0000000000000246 R12: 00007f4e518fa07d\n R13: 0000000000020000 R14: 0000563ec8409e90 R15: 0000563ec8a8fa60\n \u003c/TASK\u003e\n ---[ end trace ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:13:35.237Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/66a9937187ac9b5c5ffff07b8b284483e56804d1"
},
{
"url": "https://git.kernel.org/stable/c/84d2f29152184f0d72ed7c9648c4ee6927df4e59"
},
{
"url": "https://git.kernel.org/stable/c/a658f011d89dd20cf2c7cb4760ffd79201700b98"
},
{
"url": "https://git.kernel.org/stable/c/627493443f3a8458cb55cdae1da254a7001123bc"
},
{
"url": "https://git.kernel.org/stable/c/8b799c00cea6fcfe5b501bbaeb228c8821acb753"
},
{
"url": "https://git.kernel.org/stable/c/78cfd17142ef70599d6409cbd709d94b3da58659"
}
],
"title": "bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38540",
"datePublished": "2024-06-19T13:35:15.823Z",
"dateReserved": "2024-06-18T19:36:34.918Z",
"dateUpdated": "2025-11-03T21:55:46.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42301 (GCVE-0-2024-42301)
Vulnerability from cvelistv5 – Published: 2024-08-17 09:09 – Updated: 2026-01-05 10:52
VLAI?
EPSS
Title
dev/parport: fix the array out-of-bounds risk
Summary
In the Linux kernel, the following vulnerability has been resolved:
dev/parport: fix the array out-of-bounds risk
Fixed array out-of-bounds issues caused by sprintf
by replacing it with snprintf for safer data copying,
ensuring the destination buffer is not overflowed.
Below is the stack trace I encountered during the actual issue:
[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:
Kernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]
[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:
QThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2
[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp
[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun
PGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024
[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:
[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0
[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20
[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c
[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc
[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38
[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 166a0bddcc27de41fe13f861c8348e8e53e988c8
(git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 47b3dce100778001cd76f7e9188944b5cb27a76d (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c719b393374d3763e64900ee19aaed767d5a08d6 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7f4da759092a1a6ce35fb085182d02de8cc4cc84 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b579ea3516c371ecf59d073772bc45dfd28c8a0e (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7789a1d6792af410aa9b39a1eb237ed24fa2170a (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ab11dac93d2d568d151b1918d7b84c2d02bacbd5 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42301",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:10:32.108495Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:05.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:04:02.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/parport/procfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "166a0bddcc27de41fe13f861c8348e8e53e988c8",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "47b3dce100778001cd76f7e9188944b5cb27a76d",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "c719b393374d3763e64900ee19aaed767d5a08d6",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7f4da759092a1a6ce35fb085182d02de8cc4cc84",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "b579ea3516c371ecf59d073772bc45dfd28c8a0e",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "7789a1d6792af410aa9b39a1eb237ed24fa2170a",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
},
{
"lessThan": "ab11dac93d2d568d151b1918d7b84c2d02bacbd5",
"status": "affected",
"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/parport/procfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "2.6.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndev/parport: fix the array out-of-bounds risk\n\nFixed array out-of-bounds issues caused by sprintf\nby replacing it with snprintf for safer data copying,\nensuring the destination buffer is not overflowed.\n\nBelow is the stack trace I encountered during the actual issue:\n\n[ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector:\nKernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport]\n[ 66.575408s] [pid:5118,cpu4,QThread,5]CPU: 4 PID: 5118 Comm:\nQThread Tainted: G S W O 5.10.97-arm64-desktop #7100.57021.2\n[ 66.575439s] [pid:5118,cpu4,QThread,6]TGID: 5087 Comm: EFileApp\n[ 66.575439s] [pid:5118,cpu4,QThread,7]Hardware name: HUAWEI HUAWEI QingYun\nPGUX-W515x-B081/SP1PANGUXM, BIOS 1.00.07 04/29/2024\n[ 66.575439s] [pid:5118,cpu4,QThread,8]Call trace:\n[ 66.575469s] [pid:5118,cpu4,QThread,9] dump_backtrace+0x0/0x1c0\n[ 66.575469s] [pid:5118,cpu4,QThread,0] show_stack+0x14/0x20\n[ 66.575469s] [pid:5118,cpu4,QThread,1] dump_stack+0xd4/0x10c\n[ 66.575500s] [pid:5118,cpu4,QThread,2] panic+0x1d8/0x3bc\n[ 66.575500s] [pid:5118,cpu4,QThread,3] __stack_chk_fail+0x2c/0x38\n[ 66.575500s] [pid:5118,cpu4,QThread,4] do_hardware_base_addr+0xcc/0xd0 [parport]"
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:52:15.968Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8"
},
{
"url": "https://git.kernel.org/stable/c/47b3dce100778001cd76f7e9188944b5cb27a76d"
},
{
"url": "https://git.kernel.org/stable/c/a44f88f7576bc1916d8d6293f5c62fbe7cbe03e0"
},
{
"url": "https://git.kernel.org/stable/c/c719b393374d3763e64900ee19aaed767d5a08d6"
},
{
"url": "https://git.kernel.org/stable/c/7f4da759092a1a6ce35fb085182d02de8cc4cc84"
},
{
"url": "https://git.kernel.org/stable/c/b579ea3516c371ecf59d073772bc45dfd28c8a0e"
},
{
"url": "https://git.kernel.org/stable/c/7789a1d6792af410aa9b39a1eb237ed24fa2170a"
},
{
"url": "https://git.kernel.org/stable/c/ab11dac93d2d568d151b1918d7b84c2d02bacbd5"
}
],
"title": "dev/parport: fix the array out-of-bounds risk",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42301",
"datePublished": "2024-08-17T09:09:08.057Z",
"dateReserved": "2024-07-30T07:40:12.271Z",
"dateUpdated": "2026-01-05T10:52:15.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48773 (GCVE-0-2022-48773)
Vulnerability from cvelistv5 – Published: 2024-07-16 11:13 – Updated: 2025-05-21 08:43
VLAI?
EPSS
Title
xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
Summary
In the Linux kernel, the following vulnerability has been resolved:
xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
If there are failures then we must not leave the non-NULL pointers with
the error value, otherwise `rpcrdma_ep_destroy` gets confused and tries
free them, resulting in an Oops.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
85cd8e2b78eea7374927750ffec60bf047f8f90b , < 1e7433fb95ccc01629a5edaa4ced0cd8c98d0ae0
(git)
Affected: 85cd8e2b78eea7374927750ffec60bf047f8f90b , < 9921c866dc369577c3ebb9adf2383b01b58c18de (git) Affected: 85cd8e2b78eea7374927750ffec60bf047f8f90b , < 2526d4d8b209dc5ac1fbeb468149774888b2a141 (git) Affected: 85cd8e2b78eea7374927750ffec60bf047f8f90b , < a9c10b5b3b67b3750a10c8b089b2e05f5e176e33 (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:01.549Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e7433fb95ccc01629a5edaa4ced0cd8c98d0ae0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9921c866dc369577c3ebb9adf2383b01b58c18de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2526d4d8b209dc5ac1fbeb468149774888b2a141"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9c10b5b3b67b3750a10c8b089b2e05f5e176e33"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48773",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:00:43.144730Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:17.912Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtrdma/verbs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1e7433fb95ccc01629a5edaa4ced0cd8c98d0ae0",
"status": "affected",
"version": "85cd8e2b78eea7374927750ffec60bf047f8f90b",
"versionType": "git"
},
{
"lessThan": "9921c866dc369577c3ebb9adf2383b01b58c18de",
"status": "affected",
"version": "85cd8e2b78eea7374927750ffec60bf047f8f90b",
"versionType": "git"
},
{
"lessThan": "2526d4d8b209dc5ac1fbeb468149774888b2a141",
"status": "affected",
"version": "85cd8e2b78eea7374927750ffec60bf047f8f90b",
"versionType": "git"
},
{
"lessThan": "a9c10b5b3b67b3750a10c8b089b2e05f5e176e33",
"status": "affected",
"version": "85cd8e2b78eea7374927750ffec60bf047f8f90b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtrdma/verbs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.102",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.25",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.102",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.25",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.11",
"versionStartIncluding": "5.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create\n\nIf there are failures then we must not leave the non-NULL pointers with\nthe error value, otherwise `rpcrdma_ep_destroy` gets confused and tries\nfree them, resulting in an Oops."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T08:43:56.628Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1e7433fb95ccc01629a5edaa4ced0cd8c98d0ae0"
},
{
"url": "https://git.kernel.org/stable/c/9921c866dc369577c3ebb9adf2383b01b58c18de"
},
{
"url": "https://git.kernel.org/stable/c/2526d4d8b209dc5ac1fbeb468149774888b2a141"
},
{
"url": "https://git.kernel.org/stable/c/a9c10b5b3b67b3750a10c8b089b2e05f5e176e33"
}
],
"title": "xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48773",
"datePublished": "2024-07-16T11:13:13.111Z",
"dateReserved": "2024-06-20T11:09:39.061Z",
"dateUpdated": "2025-05-21T08:43:56.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48936 (GCVE-0-2022-48936)
Vulnerability from cvelistv5 – Published: 2024-08-22 03:31 – Updated: 2024-08-31 05:37
VLAI?
EPSS
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2024-08-31T05:37:21.787Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"rejectedReasons": [
{
"lang": "en",
"value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48936",
"datePublished": "2024-08-22T03:31:30.847Z",
"dateRejected": "2024-08-31T05:37:21.787Z",
"dateReserved": "2024-08-22T01:27:53.622Z",
"dateUpdated": "2024-08-31T05:37:21.787Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42079 (GCVE-0-2024-42079)
Vulnerability from cvelistv5 – Published: 2024-07-29 15:52 – Updated: 2026-02-12 08:19
VLAI?
EPSS
Title
gfs2: Fix NULL pointer dereference in gfs2_log_flush
Summary
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Fix NULL pointer dereference in gfs2_log_flush
In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush
lock to provide exclusion against gfs2_log_flush().
In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before
dereferencing it. Otherwise, we could run into a NULL pointer
dereference when outstanding glock work races with an unmount
(glock_work_func -> run_queue -> do_xmote -> inode_go_sync ->
gfs2_log_flush).
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
82218943058d5e3fe692a38b5a549479738dab33 , < c3c5cfa3170c0940bc66a142859caac07d19b9d6
(git)
Affected: 82218943058d5e3fe692a38b5a549479738dab33 , < 5f6a84cfb33b34610623857bd93919dcb661e29b (git) Affected: 82218943058d5e3fe692a38b5a549479738dab33 , < 3429ef5f50909cee9e498c50f0c499b9397116ce (git) Affected: 82218943058d5e3fe692a38b5a549479738dab33 , < f54f9d5368a4e92ede7dd078a62788dae3a7c6ef (git) Affected: 82218943058d5e3fe692a38b5a549479738dab33 , < 35264909e9d1973ab9aaa2a1b07cda70f12bb828 (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:54:31.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3429ef5f50909cee9e498c50f0c499b9397116ce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f54f9d5368a4e92ede7dd078a62788dae3a7c6ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35264909e9d1973ab9aaa2a1b07cda70f12bb828"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42079",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:19:17.192306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:07.945Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/gfs2/log.c",
"fs/gfs2/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c3c5cfa3170c0940bc66a142859caac07d19b9d6",
"status": "affected",
"version": "82218943058d5e3fe692a38b5a549479738dab33",
"versionType": "git"
},
{
"lessThan": "5f6a84cfb33b34610623857bd93919dcb661e29b",
"status": "affected",
"version": "82218943058d5e3fe692a38b5a549479738dab33",
"versionType": "git"
},
{
"lessThan": "3429ef5f50909cee9e498c50f0c499b9397116ce",
"status": "affected",
"version": "82218943058d5e3fe692a38b5a549479738dab33",
"versionType": "git"
},
{
"lessThan": "f54f9d5368a4e92ede7dd078a62788dae3a7c6ef",
"status": "affected",
"version": "82218943058d5e3fe692a38b5a549479738dab33",
"versionType": "git"
},
{
"lessThan": "35264909e9d1973ab9aaa2a1b07cda70f12bb828",
"status": "affected",
"version": "82218943058d5e3fe692a38b5a549479738dab33",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/gfs2/log.c",
"fs/gfs2/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.200",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.200",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.162",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "5.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "5.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix NULL pointer dereference in gfs2_log_flush\n\nIn gfs2_jindex_free(), set sdp-\u003esd_jdesc to NULL under the log flush\nlock to provide exclusion against gfs2_log_flush().\n\nIn gfs2_log_flush(), check if sdp-\u003esd_jdesc is non-NULL before\ndereferencing it. Otherwise, we could run into a NULL pointer\ndereference when outstanding glock work races with an unmount\n(glock_work_func -\u003e run_queue -\u003e do_xmote -\u003e inode_go_sync -\u003e\ngfs2_log_flush)."
}
],
"providerMetadata": {
"dateUpdated": "2026-02-12T08:19:19.560Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c3c5cfa3170c0940bc66a142859caac07d19b9d6"
},
{
"url": "https://git.kernel.org/stable/c/5f6a84cfb33b34610623857bd93919dcb661e29b"
},
{
"url": "https://git.kernel.org/stable/c/3429ef5f50909cee9e498c50f0c499b9397116ce"
},
{
"url": "https://git.kernel.org/stable/c/f54f9d5368a4e92ede7dd078a62788dae3a7c6ef"
},
{
"url": "https://git.kernel.org/stable/c/35264909e9d1973ab9aaa2a1b07cda70f12bb828"
}
],
"title": "gfs2: Fix NULL pointer dereference in gfs2_log_flush",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42079",
"datePublished": "2024-07-29T15:52:41.360Z",
"dateReserved": "2024-07-29T15:50:41.169Z",
"dateUpdated": "2026-02-12T08:19:19.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-40984 (GCVE-0-2024-40984)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:33 – Updated: 2025-11-03 21:58
VLAI?
EPSS
Title
ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
Summary
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid
"Info: mapping multiple BARs. Your kernel is fine.""). The initial
purpose of this commit was to stop memory mappings for operation
regions from overlapping page boundaries, as it can trigger warnings
if different page attributes are present.
However, it was found that when this situation arises, mapping
continues until the boundary's end, but there is still an attempt to
read/write the entire length of the map, leading to a NULL pointer
deference. For example, if a four-byte mapping request is made but
only one byte is mapped because it hits the current page boundary's
end, a four-byte read/write attempt is still made, resulting in a NULL
pointer deference.
Instead, map the entire length, as the ACPI specification does not
mandate that it must be within the same page boundary. It is
permissible for it to be mapped across different regions.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d410ee5109a1633a686a5663c6743a92e1181f9b , < 435ecc978c3d5d0c4e172ec5b956dc1904061d98
(git)
Affected: d410ee5109a1633a686a5663c6743a92e1181f9b , < ae465109d82f4fb03c5adbe85f2d6a6a3d59124c (git) Affected: d410ee5109a1633a686a5663c6743a92e1181f9b , < 6eca23100e9030725f69c1babacd58803f29ec8d (git) Affected: d410ee5109a1633a686a5663c6743a92e1181f9b , < dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f (git) Affected: d410ee5109a1633a686a5663c6743a92e1181f9b , < ddc1f5f124479360a1fd43f73be950781d172239 (git) Affected: d410ee5109a1633a686a5663c6743a92e1181f9b , < 434c6b924e1f4c219aab2d9e05fe79c5364e37d3 (git) Affected: d410ee5109a1633a686a5663c6743a92e1181f9b , < e21a4c9129c72fa54dd00f5ebf71219b41d43c04 (git) Affected: d410ee5109a1633a686a5663c6743a92e1181f9b , < a83e1385b780d41307433ddbc86e3c528db031f0 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:58:49.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/435ecc978c3d5d0c4e172ec5b956dc1904061d98"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae465109d82f4fb03c5adbe85f2d6a6a3d59124c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6eca23100e9030725f69c1babacd58803f29ec8d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ddc1f5f124479360a1fd43f73be950781d172239"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/434c6b924e1f4c219aab2d9e05fe79c5364e37d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e21a4c9129c72fa54dd00f5ebf71219b41d43c04"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a83e1385b780d41307433ddbc86e3c528db031f0"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40984",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:02:10.333733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:21.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/acpi/acpica/exregion.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "435ecc978c3d5d0c4e172ec5b956dc1904061d98",
"status": "affected",
"version": "d410ee5109a1633a686a5663c6743a92e1181f9b",
"versionType": "git"
},
{
"lessThan": "ae465109d82f4fb03c5adbe85f2d6a6a3d59124c",
"status": "affected",
"version": "d410ee5109a1633a686a5663c6743a92e1181f9b",
"versionType": "git"
},
{
"lessThan": "6eca23100e9030725f69c1babacd58803f29ec8d",
"status": "affected",
"version": "d410ee5109a1633a686a5663c6743a92e1181f9b",
"versionType": "git"
},
{
"lessThan": "dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f",
"status": "affected",
"version": "d410ee5109a1633a686a5663c6743a92e1181f9b",
"versionType": "git"
},
{
"lessThan": "ddc1f5f124479360a1fd43f73be950781d172239",
"status": "affected",
"version": "d410ee5109a1633a686a5663c6743a92e1181f9b",
"versionType": "git"
},
{
"lessThan": "434c6b924e1f4c219aab2d9e05fe79c5364e37d3",
"status": "affected",
"version": "d410ee5109a1633a686a5663c6743a92e1181f9b",
"versionType": "git"
},
{
"lessThan": "e21a4c9129c72fa54dd00f5ebf71219b41d43c04",
"status": "affected",
"version": "d410ee5109a1633a686a5663c6743a92e1181f9b",
"versionType": "git"
},
{
"lessThan": "a83e1385b780d41307433ddbc86e3c528db031f0",
"status": "affected",
"version": "d410ee5109a1633a686a5663c6743a92e1181f9b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/acpi/acpica/exregion.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.32"
},
{
"lessThan": "2.6.32",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.96",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.96",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.36",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.7",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"\n\nUndo the modifications made in commit d410ee5109a1 (\"ACPICA: avoid\n\"Info: mapping multiple BARs. Your kernel is fine.\"\"). The initial\npurpose of this commit was to stop memory mappings for operation\nregions from overlapping page boundaries, as it can trigger warnings\nif different page attributes are present.\n\nHowever, it was found that when this situation arises, mapping\ncontinues until the boundary\u0027s end, but there is still an attempt to\nread/write the entire length of the map, leading to a NULL pointer\ndeference. For example, if a four-byte mapping request is made but\nonly one byte is mapped because it hits the current page boundary\u0027s\nend, a four-byte read/write attempt is still made, resulting in a NULL\npointer deference.\n\nInstead, map the entire length, as the ACPI specification does not\nmandate that it must be within the same page boundary. It is\npermissible for it to be mapped across different regions."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:19:20.884Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/435ecc978c3d5d0c4e172ec5b956dc1904061d98"
},
{
"url": "https://git.kernel.org/stable/c/ae465109d82f4fb03c5adbe85f2d6a6a3d59124c"
},
{
"url": "https://git.kernel.org/stable/c/6eca23100e9030725f69c1babacd58803f29ec8d"
},
{
"url": "https://git.kernel.org/stable/c/dc5017c57f5eee80020c73ff8b67ba7f9fd08b1f"
},
{
"url": "https://git.kernel.org/stable/c/ddc1f5f124479360a1fd43f73be950781d172239"
},
{
"url": "https://git.kernel.org/stable/c/434c6b924e1f4c219aab2d9e05fe79c5364e37d3"
},
{
"url": "https://git.kernel.org/stable/c/e21a4c9129c72fa54dd00f5ebf71219b41d43c04"
},
{
"url": "https://git.kernel.org/stable/c/a83e1385b780d41307433ddbc86e3c528db031f0"
}
],
"title": "ACPICA: Revert \"ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.\"",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40984",
"datePublished": "2024-07-12T12:33:57.947Z",
"dateReserved": "2024-07-12T12:17:45.604Z",
"dateUpdated": "2025-11-03T21:58:49.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43854 (GCVE-0-2024-43854)
Vulnerability from cvelistv5 – Published: 2024-08-17 09:22 – Updated: 2025-11-03 22:05
VLAI?
EPSS
Title
block: initialize integrity buffer to zero before writing it to media
Summary
In the Linux kernel, the following vulnerability has been resolved:
block: initialize integrity buffer to zero before writing it to media
Metadata added by bio_integrity_prep is using plain kmalloc, which leads
to random kernel memory being written media. For PI metadata this is
limited to the app tag that isn't used by kernel generated metadata,
but for non-PI metadata the entire buffer leaks kernel memory.
Fix this by adding the __GFP_ZERO flag to allocations for writes.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < 9f4af4cf08f9a0329ade3d938f55d2220c40d0a6
(git)
Affected: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < 129f95948a96105c1fad8e612c9097763e88ac5f (git) Affected: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < 3fd11fe4f20756b4c0847f755a64cd96f8c6a005 (git) Affected: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2 (git) Affected: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < d418313bd8f55c079a7da12651951b489a638ac1 (git) Affected: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < 23a19655fb56f241e592041156dfb1c6d04da644 (git) Affected: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < ebc0e91ba76dc6544fff9f5b66408b1982806a00 (git) Affected: 7ba1ba12eeef0aa7113beb16410ef8b7c748e18b , < 899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:07:14.517245Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:20.780Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:05:51.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/bio-integrity.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9f4af4cf08f9a0329ade3d938f55d2220c40d0a6",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "129f95948a96105c1fad8e612c9097763e88ac5f",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "3fd11fe4f20756b4c0847f755a64cd96f8c6a005",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "d418313bd8f55c079a7da12651951b489a638ac1",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "23a19655fb56f241e592041156dfb1c6d04da644",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "ebc0e91ba76dc6544fff9f5b66408b1982806a00",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
},
{
"lessThan": "899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f",
"status": "affected",
"version": "7ba1ba12eeef0aa7113beb16410ef8b7c748e18b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/bio-integrity.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.27"
},
{
"lessThan": "2.6.27",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.322",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.322",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "2.6.27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "2.6.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: initialize integrity buffer to zero before writing it to media\n\nMetadata added by bio_integrity_prep is using plain kmalloc, which leads\nto random kernel memory being written media. For PI metadata this is\nlimited to the app tag that isn\u0027t used by kernel generated metadata,\nbut for non-PI metadata the entire buffer leaks kernel memory.\n\nFix this by adding the __GFP_ZERO flag to allocations for writes."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:27:45.701Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6"
},
{
"url": "https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f"
},
{
"url": "https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005"
},
{
"url": "https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2"
},
{
"url": "https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1"
},
{
"url": "https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644"
},
{
"url": "https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b1982806a00"
},
{
"url": "https://git.kernel.org/stable/c/899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f"
}
],
"title": "block: initialize integrity buffer to zero before writing it to media",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43854",
"datePublished": "2024-08-17T09:22:11.297Z",
"dateReserved": "2024-08-17T09:11:59.278Z",
"dateUpdated": "2025-11-03T22:05:51.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26976 (GCVE-0-2024-26976)
Vulnerability from cvelistv5 – Published: 2024-05-01 05:20 – Updated: 2025-05-04 09:01
VLAI?
EPSS
Title
KVM: Always flush async #PF workqueue when vCPU is being destroyed
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: Always flush async #PF workqueue when vCPU is being destroyed
Always flush the per-vCPU async #PF workqueue when a vCPU is clearing its
completion queue, e.g. when a VM and all its vCPUs is being destroyed.
KVM must ensure that none of its workqueue callbacks is running when the
last reference to the KVM _module_ is put. Gifting a reference to the
associated VM prevents the workqueue callback from dereferencing freed
vCPU/VM memory, but does not prevent the KVM module from being unloaded
before the callback completes.
Drop the misguided VM refcount gifting, as calling kvm_put_kvm() from
async_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will
result in deadlock. async_pf_execute() can't return until kvm_put_kvm()
finishes, and kvm_put_kvm() can't return until async_pf_execute() finishes:
WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm]
Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass
CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015
Workqueue: events async_pf_execute [kvm]
RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm]
Call Trace:
<TASK>
async_pf_execute+0x198/0x260 [kvm]
process_one_work+0x145/0x2d0
worker_thread+0x27e/0x3a0
kthread+0xba/0xe0
ret_from_fork+0x2d/0x50
ret_from_fork_asm+0x11/0x20
</TASK>
---[ end trace 0000000000000000 ]---
INFO: task kworker/8:1:251 blocked for more than 120 seconds.
Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119
"echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
task:kworker/8:1 state:D stack:0 pid:251 ppid:2 flags:0x00004000
Workqueue: events async_pf_execute [kvm]
Call Trace:
<TASK>
__schedule+0x33f/0xa40
schedule+0x53/0xc0
schedule_timeout+0x12a/0x140
__wait_for_common+0x8d/0x1d0
__flush_work.isra.0+0x19f/0x2c0
kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm]
kvm_arch_destroy_vm+0x78/0x1b0 [kvm]
kvm_put_kvm+0x1c1/0x320 [kvm]
async_pf_execute+0x198/0x260 [kvm]
process_one_work+0x145/0x2d0
worker_thread+0x27e/0x3a0
kthread+0xba/0xe0
ret_from_fork+0x2d/0x50
ret_from_fork_asm+0x11/0x20
</TASK>
If kvm_clear_async_pf_completion_queue() actually flushes the workqueue,
then there's no need to gift async_pf_execute() a reference because all
invocations of async_pf_execute() will be forced to complete before the
vCPU and its VM are destroyed/freed. And that in turn fixes the module
unloading bug as __fput() won't do module_put() on the last vCPU reference
until the vCPU has been freed, e.g. if closing the vCPU file also puts the
last reference to the KVM module.
Note that kvm_check_async_pf_completion() may also take the work item off
the completion queue and so also needs to flush the work queue, as the
work will not be seen by kvm_clear_async_pf_completion_queue(). Waiting
on the workqueue could theoretically delay a vCPU due to waiting for the
work to complete, but that's a very, very small chance, and likely a very
small delay. kvm_arch_async_page_present_queued() unconditionally makes a
new request, i.e. will effectively delay entering the guest, so the
remaining work is really just:
trace_kvm_async_pf_completed(addr, cr2_or_gpa);
__kvm_vcpu_wake_up(vcpu);
mmput(mm);
and mmput() can't drop the last reference to the page tables if the vCPU is
still alive, i.e. the vCPU won't get stuck tearing down page tables.
Add a helper to do the flushing, specifically to deal with "wakeup all"
work items, as they aren't actually work items, i.e. are never placed in a
workqueue. Trying to flush a bogus workqueue entry rightly makes
__flush_work() complain (kudos to whoever added that sanity check).
Note, commit 5f6de5cbebee ("KVM: Prevent module exit until al
---truncated---
Severity ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
af585b921e5d1e919947c4b1164b59507fe7cd7b , < ab2c2f5d9576112ad22cfd3798071cb74693b1f5
(git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 82e25cc1c2e93c3023da98be282322fc08b61ffb (git) Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < f8730d6335e5f43d09151fca1f0f41922209a264 (git) Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 83d3c5e309611ef593e2fcb78444fc8ceedf9bac (git) Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < b54478d20375874aeee257744dedfd3e413432ff (git) Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < a75afe480d4349c524d9c659b1a5a544dbc39a98 (git) Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 4f3a3bce428fb439c66a578adc447afce7b4a750 (git) Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < caa9af2e27c275e089d702cfbaaece3b42bca31b (git) Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 3d75b8aa5c29058a512db29da7cbee8052724157 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ab2c2f5d9576",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "82e25cc1c2e9",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "8730d6335e5",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "83d3c5e30961",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b54478d20375",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "a75afe480d43",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4f3a3bce428f",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "caa9af2e27c2",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3d75b8aa5c29",
"status": "affected",
"version": "af585b921e5d",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "2.6.38",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.312",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.274",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.215",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.154",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.84",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.24",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.8",
"status": "unaffected",
"version": "6.7.12",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-26976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:06:50.709457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:08:04.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:21:05.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ab2c2f5d9576112ad22cfd3798071cb74693b1f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82e25cc1c2e93c3023da98be282322fc08b61ffb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f8730d6335e5f43d09151fca1f0f41922209a264"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/83d3c5e309611ef593e2fcb78444fc8ceedf9bac"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b54478d20375874aeee257744dedfd3e413432ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a75afe480d4349c524d9c659b1a5a544dbc39a98"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f3a3bce428fb439c66a578adc447afce7b4a750"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/caa9af2e27c275e089d702cfbaaece3b42bca31b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d75b8aa5c29058a512db29da7cbee8052724157"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"virt/kvm/async_pf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ab2c2f5d9576112ad22cfd3798071cb74693b1f5",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "82e25cc1c2e93c3023da98be282322fc08b61ffb",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "f8730d6335e5f43d09151fca1f0f41922209a264",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "83d3c5e309611ef593e2fcb78444fc8ceedf9bac",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "b54478d20375874aeee257744dedfd3e413432ff",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "a75afe480d4349c524d9c659b1a5a544dbc39a98",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "4f3a3bce428fb439c66a578adc447afce7b4a750",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "caa9af2e27c275e089d702cfbaaece3b42bca31b",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
},
{
"lessThan": "3d75b8aa5c29058a512db29da7cbee8052724157",
"status": "affected",
"version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"virt/kvm/async_pf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.38"
},
{
"lessThan": "2.6.38",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "2.6.38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Always flush async #PF workqueue when vCPU is being destroyed\n\nAlways flush the per-vCPU async #PF workqueue when a vCPU is clearing its\ncompletion queue, e.g. when a VM and all its vCPUs is being destroyed.\nKVM must ensure that none of its workqueue callbacks is running when the\nlast reference to the KVM _module_ is put. Gifting a reference to the\nassociated VM prevents the workqueue callback from dereferencing freed\nvCPU/VM memory, but does not prevent the KVM module from being unloaded\nbefore the callback completes.\n\nDrop the misguided VM refcount gifting, as calling kvm_put_kvm() from\nasync_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will\nresult in deadlock. async_pf_execute() can\u0027t return until kvm_put_kvm()\nfinishes, and kvm_put_kvm() can\u0027t return until async_pf_execute() finishes:\n\n WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm]\n Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass\n CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Workqueue: events async_pf_execute [kvm]\n RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm]\n Call Trace:\n \u003cTASK\u003e\n async_pf_execute+0x198/0x260 [kvm]\n process_one_work+0x145/0x2d0\n worker_thread+0x27e/0x3a0\n kthread+0xba/0xe0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n INFO: task kworker/8:1:251 blocked for more than 120 seconds.\n Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/8:1 state:D stack:0 pid:251 ppid:2 flags:0x00004000\n Workqueue: events async_pf_execute [kvm]\n Call Trace:\n \u003cTASK\u003e\n __schedule+0x33f/0xa40\n schedule+0x53/0xc0\n schedule_timeout+0x12a/0x140\n __wait_for_common+0x8d/0x1d0\n __flush_work.isra.0+0x19f/0x2c0\n kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm]\n kvm_arch_destroy_vm+0x78/0x1b0 [kvm]\n kvm_put_kvm+0x1c1/0x320 [kvm]\n async_pf_execute+0x198/0x260 [kvm]\n process_one_work+0x145/0x2d0\n worker_thread+0x27e/0x3a0\n kthread+0xba/0xe0\n ret_from_fork+0x2d/0x50\n ret_from_fork_asm+0x11/0x20\n \u003c/TASK\u003e\n\nIf kvm_clear_async_pf_completion_queue() actually flushes the workqueue,\nthen there\u0027s no need to gift async_pf_execute() a reference because all\ninvocations of async_pf_execute() will be forced to complete before the\nvCPU and its VM are destroyed/freed. And that in turn fixes the module\nunloading bug as __fput() won\u0027t do module_put() on the last vCPU reference\nuntil the vCPU has been freed, e.g. if closing the vCPU file also puts the\nlast reference to the KVM module.\n\nNote that kvm_check_async_pf_completion() may also take the work item off\nthe completion queue and so also needs to flush the work queue, as the\nwork will not be seen by kvm_clear_async_pf_completion_queue(). Waiting\non the workqueue could theoretically delay a vCPU due to waiting for the\nwork to complete, but that\u0027s a very, very small chance, and likely a very\nsmall delay. kvm_arch_async_page_present_queued() unconditionally makes a\nnew request, i.e. will effectively delay entering the guest, so the\nremaining work is really just:\n\n trace_kvm_async_pf_completed(addr, cr2_or_gpa);\n\n __kvm_vcpu_wake_up(vcpu);\n\n mmput(mm);\n\nand mmput() can\u0027t drop the last reference to the page tables if the vCPU is\nstill alive, i.e. the vCPU won\u0027t get stuck tearing down page tables.\n\nAdd a helper to do the flushing, specifically to deal with \"wakeup all\"\nwork items, as they aren\u0027t actually work items, i.e. are never placed in a\nworkqueue. Trying to flush a bogus workqueue entry rightly makes\n__flush_work() complain (kudos to whoever added that sanity check).\n\nNote, commit 5f6de5cbebee (\"KVM: Prevent module exit until al\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:01:18.606Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ab2c2f5d9576112ad22cfd3798071cb74693b1f5"
},
{
"url": "https://git.kernel.org/stable/c/82e25cc1c2e93c3023da98be282322fc08b61ffb"
},
{
"url": "https://git.kernel.org/stable/c/f8730d6335e5f43d09151fca1f0f41922209a264"
},
{
"url": "https://git.kernel.org/stable/c/83d3c5e309611ef593e2fcb78444fc8ceedf9bac"
},
{
"url": "https://git.kernel.org/stable/c/b54478d20375874aeee257744dedfd3e413432ff"
},
{
"url": "https://git.kernel.org/stable/c/a75afe480d4349c524d9c659b1a5a544dbc39a98"
},
{
"url": "https://git.kernel.org/stable/c/4f3a3bce428fb439c66a578adc447afce7b4a750"
},
{
"url": "https://git.kernel.org/stable/c/caa9af2e27c275e089d702cfbaaece3b42bca31b"
},
{
"url": "https://git.kernel.org/stable/c/3d75b8aa5c29058a512db29da7cbee8052724157"
}
],
"title": "KVM: Always flush async #PF workqueue when vCPU is being destroyed",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26976",
"datePublished": "2024-05-01T05:20:24.025Z",
"dateReserved": "2024-02-19T14:20:24.203Z",
"dateUpdated": "2025-05-04T09:01:18.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26851 (GCVE-0-2024-26851)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:17 – Updated: 2025-05-04 08:57
VLAI?
EPSS
Title
netfilter: nf_conntrack_h323: Add protection for bmp length out of range
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_conntrack_h323: Add protection for bmp length out of range
UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts
that are out of bounds for their data type.
vmlinux get_bitmap(b=75) + 712
<net/netfilter/nf_conntrack_h323_asn1.c:0>
vmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956
<net/netfilter/nf_conntrack_h323_asn1.c:592>
vmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216
<net/netfilter/nf_conntrack_h323_asn1.c:814>
vmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812
<net/netfilter/nf_conntrack_h323_asn1.c:576>
vmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216
<net/netfilter/nf_conntrack_h323_asn1.c:814>
vmlinux DecodeRasMessage() + 304
<net/netfilter/nf_conntrack_h323_asn1.c:833>
vmlinux ras_help() + 684
<net/netfilter/nf_conntrack_h323_main.c:1728>
vmlinux nf_confirm() + 188
<net/netfilter/nf_conntrack_proto.c:137>
Due to abnormal data in skb->data, the extension bitmap length
exceeds 32 when decoding ras message then uses the length to make
a shift operation. It will change into negative after several loop.
UBSAN load could detect a negative shift as an undefined behaviour
and reports exception.
So we add the protection to avoid the length exceeding 32. Or else
it will return out of range error and stop decoding.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
5e35941d990123f155b02d5663e51a24f816b6f3 , < 98db42191329c679f4ca52bec0b319689e1ad8cb
(git)
Affected: 5e35941d990123f155b02d5663e51a24f816b6f3 , < 4bafcc43baf7bcf93566394dbd15726b5b456b7a (git) Affected: 5e35941d990123f155b02d5663e51a24f816b6f3 , < ccd1108b16ab572d9bf635586b0925635dbd6bbc (git) Affected: 5e35941d990123f155b02d5663e51a24f816b6f3 , < b3c0f553820516ad4b62a9390ecd28d6f73a7b13 (git) Affected: 5e35941d990123f155b02d5663e51a24f816b6f3 , < 39001e3c42000e7c2038717af0d33c32319ad591 (git) Affected: 5e35941d990123f155b02d5663e51a24f816b6f3 , < 014a807f1cc9c9d5173c1cd935835553b00d211c (git) Affected: 5e35941d990123f155b02d5663e51a24f816b6f3 , < 80ee5054435a11c87c9a4f30f1ff750080c96416 (git) Affected: 5e35941d990123f155b02d5663e51a24f816b6f3 , < 767146637efc528b5e3d31297df115e85a2fd362 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T17:33:25.792652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T17:33:34.212Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:13.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/98db42191329c679f4ca52bec0b319689e1ad8cb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4bafcc43baf7bcf93566394dbd15726b5b456b7a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ccd1108b16ab572d9bf635586b0925635dbd6bbc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b3c0f553820516ad4b62a9390ecd28d6f73a7b13"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39001e3c42000e7c2038717af0d33c32319ad591"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/014a807f1cc9c9d5173c1cd935835553b00d211c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80ee5054435a11c87c9a4f30f1ff750080c96416"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/767146637efc528b5e3d31297df115e85a2fd362"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_conntrack_h323_asn1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "98db42191329c679f4ca52bec0b319689e1ad8cb",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "4bafcc43baf7bcf93566394dbd15726b5b456b7a",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "ccd1108b16ab572d9bf635586b0925635dbd6bbc",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "b3c0f553820516ad4b62a9390ecd28d6f73a7b13",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "39001e3c42000e7c2038717af0d33c32319ad591",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "014a807f1cc9c9d5173c1cd935835553b00d211c",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "80ee5054435a11c87c9a4f30f1ff750080c96416",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
},
{
"lessThan": "767146637efc528b5e3d31297df115e85a2fd362",
"status": "affected",
"version": "5e35941d990123f155b02d5663e51a24f816b6f3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_conntrack_h323_asn1.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.17"
},
{
"lessThan": "2.6.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.310",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.272",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.213",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.22",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.310",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.272",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.213",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.152",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.82",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.22",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.10",
"versionStartIncluding": "2.6.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_conntrack_h323: Add protection for bmp length out of range\n\nUBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts\nthat are out of bounds for their data type.\n\nvmlinux get_bitmap(b=75) + 712\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:0\u003e\nvmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD008037018, level=134443100) + 1956\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:592\u003e\nvmlinux decode_choice(base=0xFFFFFFD0080370F0, level=23843636) + 1216\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:814\u003e\nvmlinux decode_seq(f=0xFFFFFFD0080371A8, level=134443500) + 812\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:576\u003e\nvmlinux decode_choice(base=0xFFFFFFD008037280, level=0) + 1216\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:814\u003e\nvmlinux DecodeRasMessage() + 304\n\u003cnet/netfilter/nf_conntrack_h323_asn1.c:833\u003e\nvmlinux ras_help() + 684\n\u003cnet/netfilter/nf_conntrack_h323_main.c:1728\u003e\nvmlinux nf_confirm() + 188\n\u003cnet/netfilter/nf_conntrack_proto.c:137\u003e\n\nDue to abnormal data in skb-\u003edata, the extension bitmap length\nexceeds 32 when decoding ras message then uses the length to make\na shift operation. It will change into negative after several loop.\nUBSAN load could detect a negative shift as an undefined behaviour\nand reports exception.\nSo we add the protection to avoid the length exceeding 32. Or else\nit will return out of range error and stop decoding."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T08:57:57.098Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/98db42191329c679f4ca52bec0b319689e1ad8cb"
},
{
"url": "https://git.kernel.org/stable/c/4bafcc43baf7bcf93566394dbd15726b5b456b7a"
},
{
"url": "https://git.kernel.org/stable/c/ccd1108b16ab572d9bf635586b0925635dbd6bbc"
},
{
"url": "https://git.kernel.org/stable/c/b3c0f553820516ad4b62a9390ecd28d6f73a7b13"
},
{
"url": "https://git.kernel.org/stable/c/39001e3c42000e7c2038717af0d33c32319ad591"
},
{
"url": "https://git.kernel.org/stable/c/014a807f1cc9c9d5173c1cd935835553b00d211c"
},
{
"url": "https://git.kernel.org/stable/c/80ee5054435a11c87c9a4f30f1ff750080c96416"
},
{
"url": "https://git.kernel.org/stable/c/767146637efc528b5e3d31297df115e85a2fd362"
}
],
"title": "netfilter: nf_conntrack_h323: Add protection for bmp length out of range",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26851",
"datePublished": "2024-04-17T10:17:15.298Z",
"dateReserved": "2024-02-19T14:20:24.183Z",
"dateUpdated": "2025-05-04T08:57:57.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35898 (GCVE-0-2024-35898)
Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 09:07
VLAI?
EPSS
Title
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()
nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can
concurrent with __nft_flowtable_type_get() within nf_tables_newflowtable().
And thhere is not any protection when iterate over nf_tables_flowtables
list in __nft_flowtable_type_get(). Therefore, there is pertential
data-race of nf_tables_flowtables list entry.
Use list_for_each_entry_rcu() to iterate over nf_tables_flowtables list
in __nft_flowtable_type_get(), and use rcu_read_lock() in the caller
nft_flowtable_type_get() to protect the entire type query process.
Severity ?
5.5 (Medium)
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 69d1fe14a680042ec913f22196b58e2c8ff1b007
(git)
Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < a347bc8e6251eaee4b619da28020641eb5b0dd77 (git) Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 940d41caa71f0d3a52df2fde5fada524a993e331 (git) Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 2485bcfe05ee3cf9ca8923a94fa2e456924c79c8 (git) Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b (git) Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 8b891153b2e4dc0ca9d9dab8f619d49c740813df (git) Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < e684b1674fd1ca4361812a491242ae871d6b2859 (git) Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 24225011d81b471acc0e1e315b7d9905459a6304 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T18:29:13.616197Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T19:40:06.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.658Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69d1fe14a680042ec913f22196b58e2c8ff1b007"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a347bc8e6251eaee4b619da28020641eb5b0dd77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/940d41caa71f0d3a52df2fde5fada524a993e331"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2485bcfe05ee3cf9ca8923a94fa2e456924c79c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8b891153b2e4dc0ca9d9dab8f619d49c740813df"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e684b1674fd1ca4361812a491242ae871d6b2859"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69d1fe14a680042ec913f22196b58e2c8ff1b007",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "a347bc8e6251eaee4b619da28020641eb5b0dd77",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "940d41caa71f0d3a52df2fde5fada524a993e331",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "2485bcfe05ee3cf9ca8923a94fa2e456924c79c8",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "8b891153b2e4dc0ca9d9dab8f619d49c740813df",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "e684b1674fd1ca4361812a491242ae871d6b2859",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
},
{
"lessThan": "24225011d81b471acc0e1e315b7d9905459a6304",
"status": "affected",
"version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.85",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.26",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.5",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()\n\nnft_unregister_flowtable_type() within nf_flow_inet_module_exit() can\nconcurrent with __nft_flowtable_type_get() within nf_tables_newflowtable().\nAnd thhere is not any protection when iterate over nf_tables_flowtables\nlist in __nft_flowtable_type_get(). Therefore, there is pertential\ndata-race of nf_tables_flowtables list entry.\n\nUse list_for_each_entry_rcu() to iterate over nf_tables_flowtables list\nin __nft_flowtable_type_get(), and use rcu_read_lock() in the caller\nnft_flowtable_type_get() to protect the entire type query process."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:07:54.817Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69d1fe14a680042ec913f22196b58e2c8ff1b007"
},
{
"url": "https://git.kernel.org/stable/c/a347bc8e6251eaee4b619da28020641eb5b0dd77"
},
{
"url": "https://git.kernel.org/stable/c/940d41caa71f0d3a52df2fde5fada524a993e331"
},
{
"url": "https://git.kernel.org/stable/c/2485bcfe05ee3cf9ca8923a94fa2e456924c79c8"
},
{
"url": "https://git.kernel.org/stable/c/9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b"
},
{
"url": "https://git.kernel.org/stable/c/8b891153b2e4dc0ca9d9dab8f619d49c740813df"
},
{
"url": "https://git.kernel.org/stable/c/e684b1674fd1ca4361812a491242ae871d6b2859"
},
{
"url": "https://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304"
}
],
"title": "netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35898",
"datePublished": "2024-05-19T08:34:52.519Z",
"dateReserved": "2024-05-17T13:50:33.114Z",
"dateUpdated": "2025-05-04T09:07:54.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52492 (GCVE-0-2023-52492)
Vulnerability from cvelistv5 – Published: 2024-02-29 15:52 – Updated: 2025-05-04 07:37
VLAI?
EPSS
Title
dmaengine: fix NULL pointer in channel unregistration function
Summary
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: fix NULL pointer in channel unregistration function
__dma_async_device_channel_register() can fail. In case of failure,
chan->local is freed (with free_percpu()), and chan->local is nullified.
When dma_async_device_unregister() is called (because of managed API or
intentionally by DMA controller driver), channels are unconditionally
unregistered, leading to this NULL pointer:
[ 1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0
[...]
[ 1.484499] Call trace:
[ 1.486930] device_del+0x40/0x394
[ 1.490314] device_unregister+0x20/0x7c
[ 1.494220] __dma_async_device_channel_unregister+0x68/0xc0
Look at dma_async_device_register() function error path, channel device
unregistration is done only if chan->local is not NULL.
Then add the same condition at the beginning of
__dma_async_device_channel_unregister() function, to avoid NULL pointer
issue whatever the API used to reach this function.
Severity ?
4.4 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
d2fb0a0438384fee08a418025f743913020033ce , < 9de69732dde4e443c1c7f89acbbed2c45a6a8e17
(git)
Affected: d2fb0a0438384fee08a418025f743913020033ce , < 047fce470412ab64cb7345f9ff5d06919078ad79 (git) Affected: d2fb0a0438384fee08a418025f743913020033ce , < 2ab32986a0b9e329eb7f8f04dd57cc127f797c08 (git) Affected: d2fb0a0438384fee08a418025f743913020033ce , < 7f0ccfad2031eddcc510caf4e57f2d4aa2d8a50b (git) Affected: d2fb0a0438384fee08a418025f743913020033ce , < 9263fd2a63487c6d04cbb7b74a48fb12e1e352d0 (git) Affected: d2fb0a0438384fee08a418025f743913020033ce , < f5c24d94512f1b288262beda4d3dcb9629222fc7 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52492",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-11T18:32:39.400118Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T19:02:52.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9de69732dde4e443c1c7f89acbbed2c45a6a8e17"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/047fce470412ab64cb7345f9ff5d06919078ad79"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ab32986a0b9e329eb7f8f04dd57cc127f797c08"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f0ccfad2031eddcc510caf4e57f2d4aa2d8a50b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9263fd2a63487c6d04cbb7b74a48fb12e1e352d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5c24d94512f1b288262beda4d3dcb9629222fc7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/dma/dmaengine.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9de69732dde4e443c1c7f89acbbed2c45a6a8e17",
"status": "affected",
"version": "d2fb0a0438384fee08a418025f743913020033ce",
"versionType": "git"
},
{
"lessThan": "047fce470412ab64cb7345f9ff5d06919078ad79",
"status": "affected",
"version": "d2fb0a0438384fee08a418025f743913020033ce",
"versionType": "git"
},
{
"lessThan": "2ab32986a0b9e329eb7f8f04dd57cc127f797c08",
"status": "affected",
"version": "d2fb0a0438384fee08a418025f743913020033ce",
"versionType": "git"
},
{
"lessThan": "7f0ccfad2031eddcc510caf4e57f2d4aa2d8a50b",
"status": "affected",
"version": "d2fb0a0438384fee08a418025f743913020033ce",
"versionType": "git"
},
{
"lessThan": "9263fd2a63487c6d04cbb7b74a48fb12e1e352d0",
"status": "affected",
"version": "d2fb0a0438384fee08a418025f743913020033ce",
"versionType": "git"
},
{
"lessThan": "f5c24d94512f1b288262beda4d3dcb9629222fc7",
"status": "affected",
"version": "d2fb0a0438384fee08a418025f743913020033ce",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/dma/dmaengine.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.76",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.15",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fix NULL pointer in channel unregistration function\n\n__dma_async_device_channel_register() can fail. In case of failure,\nchan-\u003elocal is freed (with free_percpu()), and chan-\u003elocal is nullified.\nWhen dma_async_device_unregister() is called (because of managed API or\nintentionally by DMA controller driver), channels are unconditionally\nunregistered, leading to this NULL pointer:\n[ 1.318693] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0\n[...]\n[ 1.484499] Call trace:\n[ 1.486930] device_del+0x40/0x394\n[ 1.490314] device_unregister+0x20/0x7c\n[ 1.494220] __dma_async_device_channel_unregister+0x68/0xc0\n\nLook at dma_async_device_register() function error path, channel device\nunregistration is done only if chan-\u003elocal is not NULL.\n\nThen add the same condition at the beginning of\n__dma_async_device_channel_unregister() function, to avoid NULL pointer\nissue whatever the API used to reach this function."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T07:37:55.393Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9de69732dde4e443c1c7f89acbbed2c45a6a8e17"
},
{
"url": "https://git.kernel.org/stable/c/047fce470412ab64cb7345f9ff5d06919078ad79"
},
{
"url": "https://git.kernel.org/stable/c/2ab32986a0b9e329eb7f8f04dd57cc127f797c08"
},
{
"url": "https://git.kernel.org/stable/c/7f0ccfad2031eddcc510caf4e57f2d4aa2d8a50b"
},
{
"url": "https://git.kernel.org/stable/c/9263fd2a63487c6d04cbb7b74a48fb12e1e352d0"
},
{
"url": "https://git.kernel.org/stable/c/f5c24d94512f1b288262beda4d3dcb9629222fc7"
}
],
"title": "dmaengine: fix NULL pointer in channel unregistration function",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52492",
"datePublished": "2024-02-29T15:52:10.499Z",
"dateReserved": "2024-02-20T12:30:33.304Z",
"dateUpdated": "2025-05-04T07:37:55.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40961 (GCVE-0-2024-40961)
Vulnerability from cvelistv5 – Published: 2024-07-12 12:32 – Updated: 2025-11-03 21:58
VLAI?
EPSS
Title
ipv6: prevent possible NULL deref in fib6_nh_init()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipv6: prevent possible NULL deref in fib6_nh_init()
syzbot reminds us that in6_dev_get() can return NULL.
fib6_nh_init()
ip6_validate_gw( &idev )
ip6_route_check_nh( idev )
*idev = in6_dev_get(dev); // can be NULL
Oops: general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7]
CPU: 0 PID: 11237 Comm: syz-executor.3 Not tainted 6.10.0-rc2-syzkaller-00249-gbe27b8965297 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
RIP: 0010:fib6_nh_init+0x640/0x2160 net/ipv6/route.c:3606
Code: 00 00 fc ff df 4c 8b 64 24 58 48 8b 44 24 28 4c 8b 74 24 30 48 89 c1 48 89 44 24 28 48 8d 98 e0 05 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 b3 17 00 00 8b 1b 31 ff 89 de e8 b8 8b
RSP: 0018:ffffc900032775a0 EFLAGS: 00010202
RAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000000000
RDX: 0000000000000010 RSI: ffffc90003277a54 RDI: ffff88802b3a08d8
RBP: ffffc900032778b0 R08: 00000000000002fc R09: 0000000000000000
R10: 00000000000002fc R11: 0000000000000000 R12: ffff88802b3a08b8
R13: 1ffff9200064eec8 R14: ffffc90003277a00 R15: dffffc0000000000
FS: 00007f940feb06c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000000245e8000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
ip6_route_info_create+0x99e/0x12b0 net/ipv6/route.c:3809
ip6_route_add+0x28/0x160 net/ipv6/route.c:3853
ipv6_route_ioctl+0x588/0x870 net/ipv6/route.c:4483
inet6_ioctl+0x21a/0x280 net/ipv6/af_inet6.c:579
sock_do_ioctl+0x158/0x460 net/socket.c:1222
sock_ioctl+0x629/0x8e0 net/socket.c:1341
vfs_ioctl fs/ioctl.c:51 [inline]
__do_sys_ioctl fs/ioctl.c:907 [inline]
__se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f940f07cea9
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
428604fb118facce1309670779a35baf27ad044c , < 3200ffeec4d59aad5bc9ca75d2c1fae47c0aeade
(git)
Affected: 428604fb118facce1309670779a35baf27ad044c , < de5ad4d45cd0128a2a37555f48ab69aa19d78adc (git) Affected: 428604fb118facce1309670779a35baf27ad044c , < 4cdfe813015d5a24586bd0a84fa0fa6eb0a1f668 (git) Affected: 428604fb118facce1309670779a35baf27ad044c , < 88b9a55e2e35ea846d41f4efdc29d23345bd1aa4 (git) Affected: 428604fb118facce1309670779a35baf27ad044c , < b6947723c9eabcab58cfb33cdb0a565a6aee6727 (git) Affected: 428604fb118facce1309670779a35baf27ad044c , < ae8d3d39efe366c2198f530e01e4bf07830bf403 (git) Affected: 428604fb118facce1309670779a35baf27ad044c , < 2eab4543a2204092c3a7af81d7d6c506e59a03a6 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:58:27.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3200ffeec4d59aad5bc9ca75d2c1fae47c0aeade"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/de5ad4d45cd0128a2a37555f48ab69aa19d78adc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4cdfe813015d5a24586bd0a84fa0fa6eb0a1f668"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/88b9a55e2e35ea846d41f4efdc29d23345bd1aa4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6947723c9eabcab58cfb33cdb0a565a6aee6727"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae8d3d39efe366c2198f530e01e4bf07830bf403"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2eab4543a2204092c3a7af81d7d6c506e59a03a6"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-40961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:03:26.191957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:23.580Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3200ffeec4d59aad5bc9ca75d2c1fae47c0aeade",
"status": "affected",
"version": "428604fb118facce1309670779a35baf27ad044c",
"versionType": "git"
},
{
"lessThan": "de5ad4d45cd0128a2a37555f48ab69aa19d78adc",
"status": "affected",
"version": "428604fb118facce1309670779a35baf27ad044c",
"versionType": "git"
},
{
"lessThan": "4cdfe813015d5a24586bd0a84fa0fa6eb0a1f668",
"status": "affected",
"version": "428604fb118facce1309670779a35baf27ad044c",
"versionType": "git"
},
{
"lessThan": "88b9a55e2e35ea846d41f4efdc29d23345bd1aa4",
"status": "affected",
"version": "428604fb118facce1309670779a35baf27ad044c",
"versionType": "git"
},
{
"lessThan": "b6947723c9eabcab58cfb33cdb0a565a6aee6727",
"status": "affected",
"version": "428604fb118facce1309670779a35baf27ad044c",
"versionType": "git"
},
{
"lessThan": "ae8d3d39efe366c2198f530e01e4bf07830bf403",
"status": "affected",
"version": "428604fb118facce1309670779a35baf27ad044c",
"versionType": "git"
},
{
"lessThan": "2eab4543a2204092c3a7af81d7d6c506e59a03a6",
"status": "affected",
"version": "428604fb118facce1309670779a35baf27ad044c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/route.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.96",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.36",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.96",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.36",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.7",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent possible NULL deref in fib6_nh_init()\n\nsyzbot reminds us that in6_dev_get() can return NULL.\n\nfib6_nh_init()\n ip6_validate_gw( \u0026idev )\n ip6_route_check_nh( idev )\n *idev = in6_dev_get(dev); // can be NULL\n\nOops: general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7]\nCPU: 0 PID: 11237 Comm: syz-executor.3 Not tainted 6.10.0-rc2-syzkaller-00249-gbe27b8965297 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024\n RIP: 0010:fib6_nh_init+0x640/0x2160 net/ipv6/route.c:3606\nCode: 00 00 fc ff df 4c 8b 64 24 58 48 8b 44 24 28 4c 8b 74 24 30 48 89 c1 48 89 44 24 28 48 8d 98 e0 05 00 00 48 89 d8 48 c1 e8 03 \u003c42\u003e 0f b6 04 38 84 c0 0f 85 b3 17 00 00 8b 1b 31 ff 89 de e8 b8 8b\nRSP: 0018:ffffc900032775a0 EFLAGS: 00010202\nRAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000000000\nRDX: 0000000000000010 RSI: ffffc90003277a54 RDI: ffff88802b3a08d8\nRBP: ffffc900032778b0 R08: 00000000000002fc R09: 0000000000000000\nR10: 00000000000002fc R11: 0000000000000000 R12: ffff88802b3a08b8\nR13: 1ffff9200064eec8 R14: ffffc90003277a00 R15: dffffc0000000000\nFS: 00007f940feb06c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 00000000245e8000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n ip6_route_info_create+0x99e/0x12b0 net/ipv6/route.c:3809\n ip6_route_add+0x28/0x160 net/ipv6/route.c:3853\n ipv6_route_ioctl+0x588/0x870 net/ipv6/route.c:4483\n inet6_ioctl+0x21a/0x280 net/ipv6/af_inet6.c:579\n sock_do_ioctl+0x158/0x460 net/socket.c:1222\n sock_ioctl+0x629/0x8e0 net/socket.c:1341\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:907 [inline]\n __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f940f07cea9"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:18:51.755Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3200ffeec4d59aad5bc9ca75d2c1fae47c0aeade"
},
{
"url": "https://git.kernel.org/stable/c/de5ad4d45cd0128a2a37555f48ab69aa19d78adc"
},
{
"url": "https://git.kernel.org/stable/c/4cdfe813015d5a24586bd0a84fa0fa6eb0a1f668"
},
{
"url": "https://git.kernel.org/stable/c/88b9a55e2e35ea846d41f4efdc29d23345bd1aa4"
},
{
"url": "https://git.kernel.org/stable/c/b6947723c9eabcab58cfb33cdb0a565a6aee6727"
},
{
"url": "https://git.kernel.org/stable/c/ae8d3d39efe366c2198f530e01e4bf07830bf403"
},
{
"url": "https://git.kernel.org/stable/c/2eab4543a2204092c3a7af81d7d6c506e59a03a6"
}
],
"title": "ipv6: prevent possible NULL deref in fib6_nh_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-40961",
"datePublished": "2024-07-12T12:32:02.654Z",
"dateReserved": "2024-07-12T12:17:45.594Z",
"dateUpdated": "2025-11-03T21:58:27.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35839 (GCVE-0-2024-35839)
Vulnerability from cvelistv5 – Published: 2024-05-17 14:27 – Updated: 2025-05-04 09:06
VLAI?
EPSS
Title
netfilter: bridge: replace physindev with physinif in nf_bridge_info
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: bridge: replace physindev with physinif in nf_bridge_info
An skb can be added to a neigh->arp_queue while waiting for an arp
reply. Where original skb's skb->dev can be different to neigh's
neigh->dev. For instance in case of bridging dnated skb from one veth to
another, the skb would be added to a neigh->arp_queue of the bridge.
As skb->dev can be reset back to nf_bridge->physindev and used, and as
there is no explicit mechanism that prevents this physindev from been
freed under us (for instance neigh_flush_dev doesn't cleanup skbs from
different device's neigh queue) we can crash on e.g. this stack:
arp_process
neigh_update
skb = __skb_dequeue(&neigh->arp_queue)
neigh_resolve_output(..., skb)
...
br_nf_dev_xmit
br_nf_pre_routing_finish_bridge_slow
skb->dev = nf_bridge->physindev
br_handle_frame_finish
Let's use plain ifindex instead of net_device link. To peek into the
original net_device we will use dev_get_by_index_rcu(). Thus either we
get device and are safe to use it or we don't get it and drop skb.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
c4e70a87d975d1f561a00abfe2d3cefa2a486c95 , < 7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b
(git)
Affected: c4e70a87d975d1f561a00abfe2d3cefa2a486c95 , < 9325e3188a9cf3f69fc6f32af59844bbc5b90547 (git) Affected: c4e70a87d975d1f561a00abfe2d3cefa2a486c95 , < 544add1f1cfb78c3dfa3e6edcf4668f6be5e730c (git) Affected: c4e70a87d975d1f561a00abfe2d3cefa2a486c95 , < 9874808878d9eed407e3977fd11fee49de1e1d86 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-23T19:26:55.890240Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:44.186Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9325e3188a9cf3f69fc6f32af59844bbc5b90547"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/544add1f1cfb78c3dfa3e6edcf4668f6be5e730c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9874808878d9eed407e3977fd11fee49de1e1d86"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/netfilter_bridge.h",
"include/linux/skbuff.h",
"net/bridge/br_netfilter_hooks.c",
"net/bridge/br_netfilter_ipv6.c",
"net/ipv4/netfilter/nf_reject_ipv4.c",
"net/ipv6/netfilter/nf_reject_ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b",
"status": "affected",
"version": "c4e70a87d975d1f561a00abfe2d3cefa2a486c95",
"versionType": "git"
},
{
"lessThan": "9325e3188a9cf3f69fc6f32af59844bbc5b90547",
"status": "affected",
"version": "c4e70a87d975d1f561a00abfe2d3cefa2a486c95",
"versionType": "git"
},
{
"lessThan": "544add1f1cfb78c3dfa3e6edcf4668f6be5e730c",
"status": "affected",
"version": "c4e70a87d975d1f561a00abfe2d3cefa2a486c95",
"versionType": "git"
},
{
"lessThan": "9874808878d9eed407e3977fd11fee49de1e1d86",
"status": "affected",
"version": "c4e70a87d975d1f561a00abfe2d3cefa2a486c95",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/netfilter_bridge.h",
"include/linux/skbuff.h",
"net/bridge/br_netfilter_hooks.c",
"net/bridge/br_netfilter_ipv6.c",
"net/ipv4/netfilter/nf_reject_ipv4.c",
"net/ipv6/netfilter/nf_reject_ipv6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bridge: replace physindev with physinif in nf_bridge_info\n\nAn skb can be added to a neigh-\u003earp_queue while waiting for an arp\nreply. Where original skb\u0027s skb-\u003edev can be different to neigh\u0027s\nneigh-\u003edev. For instance in case of bridging dnated skb from one veth to\nanother, the skb would be added to a neigh-\u003earp_queue of the bridge.\n\nAs skb-\u003edev can be reset back to nf_bridge-\u003ephysindev and used, and as\nthere is no explicit mechanism that prevents this physindev from been\nfreed under us (for instance neigh_flush_dev doesn\u0027t cleanup skbs from\ndifferent device\u0027s neigh queue) we can crash on e.g. this stack:\n\narp_process\n neigh_update\n skb = __skb_dequeue(\u0026neigh-\u003earp_queue)\n neigh_resolve_output(..., skb)\n ...\n br_nf_dev_xmit\n br_nf_pre_routing_finish_bridge_slow\n skb-\u003edev = nf_bridge-\u003ephysindev\n br_handle_frame_finish\n\nLet\u0027s use plain ifindex instead of net_device link. To peek into the\noriginal net_device we will use dev_get_by_index_rcu(). Thus either we\nget device and are safe to use it or we don\u0027t get it and drop skb."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:06:34.423Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7ae19ee81ca56b13c50a78de6c47d5b8fdc9d97b"
},
{
"url": "https://git.kernel.org/stable/c/9325e3188a9cf3f69fc6f32af59844bbc5b90547"
},
{
"url": "https://git.kernel.org/stable/c/544add1f1cfb78c3dfa3e6edcf4668f6be5e730c"
},
{
"url": "https://git.kernel.org/stable/c/9874808878d9eed407e3977fd11fee49de1e1d86"
}
],
"title": "netfilter: bridge: replace physindev with physinif in nf_bridge_info",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35839",
"datePublished": "2024-05-17T14:27:30.524Z",
"dateReserved": "2024-05-17T13:50:33.104Z",
"dateUpdated": "2025-05-04T09:06:34.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-42070 (GCVE-0-2024-42070)
Vulnerability from cvelistv5 – Published: 2024-07-29 15:52 – Updated: 2025-11-03 22:01
VLAI?
EPSS
Title
netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
register store validation for NFT_DATA_VALUE is conditional, however,
the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This
only requires a new helper function to infer the register type from the
set datatype so this conditional check can be removed. Otherwise,
pointer to chain object can be leaked through the registers.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
96518518cc417bb0a8c80b9fb736202e28acdf96 , < 40188a25a9847dbeb7ec67517174a835a677752f
(git)
Affected: 96518518cc417bb0a8c80b9fb736202e28acdf96 , < 23752737c6a618e994f9a310ec2568881a6b49c4 (git) Affected: 96518518cc417bb0a8c80b9fb736202e28acdf96 , < 5d43d789b57943720dca4181a05f6477362b94cf (git) Affected: 96518518cc417bb0a8c80b9fb736202e28acdf96 , < 461302e07f49687ffe7d105fa0a330c07c7646d8 (git) Affected: 96518518cc417bb0a8c80b9fb736202e28acdf96 , < efb27ad05949403848f487823b597ed67060e007 (git) Affected: 96518518cc417bb0a8c80b9fb736202e28acdf96 , < 952bf8df222599baadbd4f838a49c4fef81d2564 (git) Affected: 96518518cc417bb0a8c80b9fb736202e28acdf96 , < 41a6375d48deaf7f730304b5153848bfa1c2980f (git) Affected: 96518518cc417bb0a8c80b9fb736202e28acdf96 , < 7931d32955e09d0a11b1fe0b6aac1bfa061c005c (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:01:06.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42070",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:19:46.237204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:08.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c",
"net/netfilter/nft_lookup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "40188a25a9847dbeb7ec67517174a835a677752f",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
},
{
"lessThan": "23752737c6a618e994f9a310ec2568881a6b49c4",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
},
{
"lessThan": "5d43d789b57943720dca4181a05f6477362b94cf",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
},
{
"lessThan": "461302e07f49687ffe7d105fa0a330c07c7646d8",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
},
{
"lessThan": "efb27ad05949403848f487823b597ed67060e007",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
},
{
"lessThan": "952bf8df222599baadbd4f838a49c4fef81d2564",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
},
{
"lessThan": "41a6375d48deaf7f730304b5153848bfa1c2980f",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
},
{
"lessThan": "7931d32955e09d0a11b1fe0b6aac1bfa061c005c",
"status": "affected",
"version": "96518518cc417bb0a8c80b9fb736202e28acdf96",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c",
"net/netfilter/nft_lookup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.317",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.279",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.221",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers\n\nregister store validation for NFT_DATA_VALUE is conditional, however,\nthe datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This\nonly requires a new helper function to infer the register type from the\nset datatype so this conditional check can be removed. Otherwise,\npointer to chain object can be leaked through the registers."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:22:18.843Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f"
},
{
"url": "https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4"
},
{
"url": "https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf"
},
{
"url": "https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8"
},
{
"url": "https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007"
},
{
"url": "https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564"
},
{
"url": "https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f"
},
{
"url": "https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c"
}
],
"title": "netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42070",
"datePublished": "2024-07-29T15:52:34.061Z",
"dateReserved": "2024-07-29T15:50:41.168Z",
"dateUpdated": "2025-11-03T22:01:06.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-44935 (GCVE-0-2024-44935)
Vulnerability from cvelistv5 – Published: 2024-08-26 10:11 – Updated: 2025-11-03 22:13
VLAI?
EPSS
Title
sctp: Fix null-ptr-deref in reuseport_add_sock().
Summary
In the Linux kernel, the following vulnerability has been resolved:
sctp: Fix null-ptr-deref in reuseport_add_sock().
syzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in
reuseport_add_sock(). [0]
The repro first creates a listener with SO_REUSEPORT. Then, it creates
another listener on the same port and concurrently closes the first
listener.
The second listen() calls reuseport_add_sock() with the first listener as
sk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently,
but the close() does clear it by reuseport_detach_sock().
The problem is SCTP does not properly synchronise reuseport_alloc(),
reuseport_add_sock(), and reuseport_detach_sock().
The caller of reuseport_alloc() and reuseport_{add,detach}_sock() must
provide synchronisation for sockets that are classified into the same
reuseport group.
Otherwise, such sockets form multiple identical reuseport groups, and
all groups except one would be silently dead.
1. Two sockets call listen() concurrently
2. No socket in the same group found in sctp_ep_hashtable[]
3. Two sockets call reuseport_alloc() and form two reuseport groups
4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives
incoming packets
Also, the reported null-ptr-deref could occur.
TCP/UDP guarantees that would not happen by holding the hash bucket lock.
Let's apply the locking strategy to __sctp_hash_endpoint() and
__sctp_unhash_endpoint().
[0]:
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]
CPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
RIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350
Code: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14
RSP: 0018:ffffc9000b947c98 EFLAGS: 00010202
RAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000
RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012
RBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385
R10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
__sctp_hash_endpoint net/sctp/input.c:762 [inline]
sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790
sctp_listen_start net/sctp/socket.c:8570 [inline]
sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625
__sys_listen_socket net/socket.c:1883 [inline]
__sys_listen+0x1b7/0x230 net/socket.c:1894
__do_sys_listen net/socket.c:1902 [inline]
__se_sys_listen net/socket.c:1900 [inline]
__x64_sys_listen+0x5a/0x70 net/socket.c:1900
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f24e46039b9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032
RAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9
RDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004
RBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0
R10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42c
R13:
---truncated---
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
6ba84574026792ce33a40c7da721dea36d0f3973 , < c9b3fc4f157867e858734e31022ebee8a24f0de7
(git)
Affected: 6ba84574026792ce33a40c7da721dea36d0f3973 , < 52319d9d2f522ed939af31af70f8c3a0f0f67e6c (git) Affected: 6ba84574026792ce33a40c7da721dea36d0f3973 , < 54b303d8f9702b8ab618c5032fae886b16356928 (git) Affected: 6ba84574026792ce33a40c7da721dea36d0f3973 , < 05e4a0fa248240efd99a539853e844f0f0a9e6a5 (git) Affected: 6ba84574026792ce33a40c7da721dea36d0f3973 , < 1407be30fc17eff918a98e0a990c0e988f11dc84 (git) Affected: 6ba84574026792ce33a40c7da721dea36d0f3973 , < e809a84c802377ef61525a298a1ec1728759b913 (git) Affected: 6ba84574026792ce33a40c7da721dea36d0f3973 , < 9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-44935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:27:48.024530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:55.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:13:41.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sctp/input.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c9b3fc4f157867e858734e31022ebee8a24f0de7",
"status": "affected",
"version": "6ba84574026792ce33a40c7da721dea36d0f3973",
"versionType": "git"
},
{
"lessThan": "52319d9d2f522ed939af31af70f8c3a0f0f67e6c",
"status": "affected",
"version": "6ba84574026792ce33a40c7da721dea36d0f3973",
"versionType": "git"
},
{
"lessThan": "54b303d8f9702b8ab618c5032fae886b16356928",
"status": "affected",
"version": "6ba84574026792ce33a40c7da721dea36d0f3973",
"versionType": "git"
},
{
"lessThan": "05e4a0fa248240efd99a539853e844f0f0a9e6a5",
"status": "affected",
"version": "6ba84574026792ce33a40c7da721dea36d0f3973",
"versionType": "git"
},
{
"lessThan": "1407be30fc17eff918a98e0a990c0e988f11dc84",
"status": "affected",
"version": "6ba84574026792ce33a40c7da721dea36d0f3973",
"versionType": "git"
},
{
"lessThan": "e809a84c802377ef61525a298a1ec1728759b913",
"status": "affected",
"version": "6ba84574026792ce33a40c7da721dea36d0f3973",
"versionType": "git"
},
{
"lessThan": "9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18",
"status": "affected",
"version": "6ba84574026792ce33a40c7da721dea36d0f3973",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sctp/input.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: Fix null-ptr-deref in reuseport_add_sock().\n\nsyzbot reported a null-ptr-deref while accessing sk2-\u003esk_reuseport_cb in\nreuseport_add_sock(). [0]\n\nThe repro first creates a listener with SO_REUSEPORT. Then, it creates\nanother listener on the same port and concurrently closes the first\nlistener.\n\nThe second listen() calls reuseport_add_sock() with the first listener as\nsk2, where sk2-\u003esk_reuseport_cb is not expected to be cleared concurrently,\nbut the close() does clear it by reuseport_detach_sock().\n\nThe problem is SCTP does not properly synchronise reuseport_alloc(),\nreuseport_add_sock(), and reuseport_detach_sock().\n\nThe caller of reuseport_alloc() and reuseport_{add,detach}_sock() must\nprovide synchronisation for sockets that are classified into the same\nreuseport group.\n\nOtherwise, such sockets form multiple identical reuseport groups, and\nall groups except one would be silently dead.\n\n 1. Two sockets call listen() concurrently\n 2. No socket in the same group found in sctp_ep_hashtable[]\n 3. Two sockets call reuseport_alloc() and form two reuseport groups\n 4. Only one group hit first in __sctp_rcv_lookup_endpoint() receives\n incoming packets\n\nAlso, the reported null-ptr-deref could occur.\n\nTCP/UDP guarantees that would not happen by holding the hash bucket lock.\n\nLet\u0027s apply the locking strategy to __sctp_hash_endpoint() and\n__sctp_unhash_endpoint().\n\n[0]:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 UID: 0 PID: 10230 Comm: syz-executor119 Not tainted 6.10.0-syzkaller-12585-g301927d2d2eb #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024\nRIP: 0010:reuseport_add_sock+0x27e/0x5e0 net/core/sock_reuseport.c:350\nCode: 00 0f b7 5d 00 bf 01 00 00 00 89 de e8 1b a4 ff f7 83 fb 01 0f 85 a3 01 00 00 e8 6d a0 ff f7 49 8d 7e 12 48 89 f8 48 c1 e8 03 \u003c42\u003e 0f b6 04 28 84 c0 0f 85 4b 02 00 00 41 0f b7 5e 12 49 8d 7e 14\nRSP: 0018:ffffc9000b947c98 EFLAGS: 00010202\nRAX: 0000000000000002 RBX: ffff8880252ddf98 RCX: ffff888079478000\nRDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000012\nRBP: 0000000000000001 R08: ffffffff8993e18d R09: 1ffffffff1fef385\nR10: dffffc0000000000 R11: fffffbfff1fef386 R12: ffff8880252ddac0\nR13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000\nFS: 00007f24e45b96c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffcced5f7b8 CR3: 00000000241be000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n __sctp_hash_endpoint net/sctp/input.c:762 [inline]\n sctp_hash_endpoint+0x52a/0x600 net/sctp/input.c:790\n sctp_listen_start net/sctp/socket.c:8570 [inline]\n sctp_inet_listen+0x767/0xa20 net/sctp/socket.c:8625\n __sys_listen_socket net/socket.c:1883 [inline]\n __sys_listen+0x1b7/0x230 net/socket.c:1894\n __do_sys_listen net/socket.c:1902 [inline]\n __se_sys_listen net/socket.c:1900 [inline]\n __x64_sys_listen+0x5a/0x70 net/socket.c:1900\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f24e46039b9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 1a 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f24e45b9228 EFLAGS: 00000246 ORIG_RAX: 0000000000000032\nRAX: ffffffffffffffda RBX: 00007f24e468e428 RCX: 00007f24e46039b9\nRDX: 00007f24e46039b9 RSI: 0000000000000003 RDI: 0000000000000004\nRBP: 00007f24e468e420 R08: 00007f24e45b96c0 R09: 00007f24e45b96c0\nR10: 00007f24e45b96c0 R11: 0000000000000246 R12: 00007f24e468e42c\nR13:\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:29:13.945Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c9b3fc4f157867e858734e31022ebee8a24f0de7"
},
{
"url": "https://git.kernel.org/stable/c/52319d9d2f522ed939af31af70f8c3a0f0f67e6c"
},
{
"url": "https://git.kernel.org/stable/c/54b303d8f9702b8ab618c5032fae886b16356928"
},
{
"url": "https://git.kernel.org/stable/c/05e4a0fa248240efd99a539853e844f0f0a9e6a5"
},
{
"url": "https://git.kernel.org/stable/c/1407be30fc17eff918a98e0a990c0e988f11dc84"
},
{
"url": "https://git.kernel.org/stable/c/e809a84c802377ef61525a298a1ec1728759b913"
},
{
"url": "https://git.kernel.org/stable/c/9ab0faa7f9ffe31296dbb9bbe6f76c72c14eea18"
}
],
"title": "sctp: Fix null-ptr-deref in reuseport_add_sock().",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-44935",
"datePublished": "2024-08-26T10:11:27.384Z",
"dateReserved": "2024-08-21T05:34:56.664Z",
"dateUpdated": "2025-11-03T22:13:41.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41042 (GCVE-0-2024-41042)
Vulnerability from cvelistv5 – Published: 2024-07-29 14:31 – Updated: 2025-11-03 21:59
VLAI?
EPSS
Title
netfilter: nf_tables: prefer nft_chain_validate
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nf_tables: prefer nft_chain_validate
nft_chain_validate already performs loop detection because a cycle will
result in a call stack overflow (ctx->level >= NFT_JUMP_STACK_SIZE).
It also follows maps via ->validate callback in nft_lookup, so there
appears no reason to iterate the maps again.
nf_tables_check_loops() and all its helper functions can be removed.
This improves ruleset load time significantly, from 23s down to 12s.
This also fixes a crash bug. Old loop detection code can result in
unbounded recursion:
BUG: TASK stack guard page was hit at ....
Oops: stack guard page: 0000 [#1] PREEMPT SMP KASAN
CPU: 4 PID: 1539 Comm: nft Not tainted 6.10.0-rc5+ #1
[..]
with a suitable ruleset during validation of register stores.
I can't see any actual reason to attempt to check for this from
nft_validate_register_store(), at this point the transaction is still in
progress, so we don't have a full picture of the rule graph.
For nf-next it might make sense to either remove it or make this depend
on table->validate_state in case we could catch an error earlier
(for improved error reporting to userspace).
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
20a69341f2d00cd042e81c82289fba8a13c05a25 , < 1947e4c3346faa8ac7e343652c0fd3b3e394202f
(git)
Affected: 20a69341f2d00cd042e81c82289fba8a13c05a25 , < cd4348e0a50286282c314ad6d2b0740e7c812c24 (git) Affected: 20a69341f2d00cd042e81c82289fba8a13c05a25 , < 31c35f9f89ef585f1edb53e17ac73a0ca4a9712b (git) Affected: 20a69341f2d00cd042e81c82289fba8a13c05a25 , < 8246b7466c8da49d0d9e85e26cbd69dd6d3e3d1e (git) Affected: 20a69341f2d00cd042e81c82289fba8a13c05a25 , < b6b6e430470e1c3c5513311cb35a15a205595abe (git) Affected: 20a69341f2d00cd042e81c82289fba8a13c05a25 , < 717c91c6ed73e248de6a15bc53adefb81446c9d0 (git) Affected: 20a69341f2d00cd042e81c82289fba8a13c05a25 , < 9df785aeb7dcc8efd1d4110bb27d26005298ebae (git) Affected: 20a69341f2d00cd042e81c82289fba8a13c05a25 , < cff3bd012a9512ac5ed858d38e6ed65f6391008c (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:59:42.488Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9df785aeb7dcc8efd1d4110bb27d26005298ebae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cff3bd012a9512ac5ed858d38e6ed65f6391008c"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:23:10.425038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:02.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1947e4c3346faa8ac7e343652c0fd3b3e394202f",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
},
{
"lessThan": "cd4348e0a50286282c314ad6d2b0740e7c812c24",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
},
{
"lessThan": "31c35f9f89ef585f1edb53e17ac73a0ca4a9712b",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
},
{
"lessThan": "8246b7466c8da49d0d9e85e26cbd69dd6d3e3d1e",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
},
{
"lessThan": "b6b6e430470e1c3c5513311cb35a15a205595abe",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
},
{
"lessThan": "717c91c6ed73e248de6a15bc53adefb81446c9d0",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
},
{
"lessThan": "9df785aeb7dcc8efd1d4110bb27d26005298ebae",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
},
{
"lessThan": "cff3bd012a9512ac5ed858d38e6ed65f6391008c",
"status": "affected",
"version": "20a69341f2d00cd042e81c82289fba8a13c05a25",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_tables_api.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.13"
},
{
"lessThan": "3.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.105",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.10",
"versionStartIncluding": "3.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "3.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: prefer nft_chain_validate\n\nnft_chain_validate already performs loop detection because a cycle will\nresult in a call stack overflow (ctx-\u003elevel \u003e= NFT_JUMP_STACK_SIZE).\n\nIt also follows maps via -\u003evalidate callback in nft_lookup, so there\nappears no reason to iterate the maps again.\n\nnf_tables_check_loops() and all its helper functions can be removed.\nThis improves ruleset load time significantly, from 23s down to 12s.\n\nThis also fixes a crash bug. Old loop detection code can result in\nunbounded recursion:\n\nBUG: TASK stack guard page was hit at ....\nOops: stack guard page: 0000 [#1] PREEMPT SMP KASAN\nCPU: 4 PID: 1539 Comm: nft Not tainted 6.10.0-rc5+ #1\n[..]\n\nwith a suitable ruleset during validation of register stores.\n\nI can\u0027t see any actual reason to attempt to check for this from\nnft_validate_register_store(), at this point the transaction is still in\nprogress, so we don\u0027t have a full picture of the rule graph.\n\nFor nf-next it might make sense to either remove it or make this depend\non table-\u003evalidate_state in case we could catch an error earlier\n(for improved error reporting to userspace)."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:20:46.322Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1947e4c3346faa8ac7e343652c0fd3b3e394202f"
},
{
"url": "https://git.kernel.org/stable/c/cd4348e0a50286282c314ad6d2b0740e7c812c24"
},
{
"url": "https://git.kernel.org/stable/c/31c35f9f89ef585f1edb53e17ac73a0ca4a9712b"
},
{
"url": "https://git.kernel.org/stable/c/8246b7466c8da49d0d9e85e26cbd69dd6d3e3d1e"
},
{
"url": "https://git.kernel.org/stable/c/b6b6e430470e1c3c5513311cb35a15a205595abe"
},
{
"url": "https://git.kernel.org/stable/c/717c91c6ed73e248de6a15bc53adefb81446c9d0"
},
{
"url": "https://git.kernel.org/stable/c/9df785aeb7dcc8efd1d4110bb27d26005298ebae"
},
{
"url": "https://git.kernel.org/stable/c/cff3bd012a9512ac5ed858d38e6ed65f6391008c"
}
],
"title": "netfilter: nf_tables: prefer nft_chain_validate",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41042",
"datePublished": "2024-07-29T14:31:55.530Z",
"dateReserved": "2024-07-12T12:17:45.624Z",
"dateUpdated": "2025-11-03T21:59:42.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-47668 (GCVE-0-2024-47668)
Vulnerability from cvelistv5 – Published: 2024-10-09 14:14 – Updated: 2026-01-05 10:53
VLAI?
EPSS
Title
lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
Summary
In the Linux kernel, the following vulnerability has been resolved:
lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
If we need to increase the tree depth, allocate a new node, and then
race with another thread that increased the tree depth before us, we'll
still have a preallocated node that might be used later.
If we then use that node for a new non-root node, it'll still have a
pointer to the old root instead of being zeroed - fix this by zeroing it
in the cmpxchg failure path.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
ba20ba2e3743bac786dff777954c11930256075e , < 0f27f4f445390cb7f73d4209cb2bf32834dc53da
(git)
Affected: ba20ba2e3743bac786dff777954c11930256075e , < 99418ec776a39609f50934720419e0b464ca2283 (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169 (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < ebeff038744c498a036e7a92eb8e433ae0a386d7 (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < d942e855324a60107025c116245095632476613e (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < 0f078f8ca93b28a34e20bd050f12cd4efeee7c0f (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < b2f11c6f3e1fc60742673b8675c95b78447f3dae (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-10T13:21:11.227741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T13:21:24.795Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:20:33.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"lib/generic-radix-tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0f27f4f445390cb7f73d4209cb2bf32834dc53da",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "99418ec776a39609f50934720419e0b464ca2283",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "ebeff038744c498a036e7a92eb8e433ae0a386d7",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "d942e855324a60107025c116245095632476613e",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "0f078f8ca93b28a34e20bd050f12cd4efeee7c0f",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
},
{
"lessThan": "b2f11c6f3e1fc60742673b8675c95b78447f3dae",
"status": "affected",
"version": "ba20ba2e3743bac786dff777954c11930256075e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"lib/generic-radix-tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.1"
},
{
"lessThan": "5.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.284",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.284",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "5.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()\n\nIf we need to increase the tree depth, allocate a new node, and then\nrace with another thread that increased the tree depth before us, we\u0027ll\nstill have a preallocated node that might be used later.\n\nIf we then use that node for a new non-root node, it\u0027ll still have a\npointer to the old root instead of being zeroed - fix this by zeroing it\nin the cmpxchg failure path."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:53:56.917Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da"
},
{
"url": "https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283"
},
{
"url": "https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169"
},
{
"url": "https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7"
},
{
"url": "https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e"
},
{
"url": "https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f"
},
{
"url": "https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae"
}
],
"title": "lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-47668",
"datePublished": "2024-10-09T14:14:00.189Z",
"dateReserved": "2024-09-30T16:00:12.936Z",
"dateUpdated": "2026-01-05T10:53:56.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38608 (GCVE-0-2024-38608)
Vulnerability from cvelistv5 – Published: 2024-06-19 13:56 – Updated: 2025-05-04 09:15
VLAI?
EPSS
Title
net/mlx5e: Fix netif state handling
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix netif state handling
mlx5e_suspend cleans resources only if netif_device_present() returns
true. However, mlx5e_resume changes the state of netif, via
mlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.
In the below case, the above leads to NULL-ptr Oops[1] and memory
leaks:
mlx5e_probe
_mlx5e_resume
mlx5e_attach_netdev
mlx5e_nic_enable <-- netdev not reg, not calling netif_device_attach()
register_netdev <-- failed for some reason.
ERROR_FLOW:
_mlx5e_suspend <-- netif_device_present return false, resources aren't freed :(
Hence, clean resources in this case as well.
[1]
BUG: kernel NULL pointer dereference, address: 0000000000000000
PGD 0 P4D 0
Oops: 0010 [#1] SMP
CPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
RIP: 0010:0x0
Code: Unable to access opcode bytes at0xffffffffffffffd6.
RSP: 0018:ffff888178aaf758 EFLAGS: 00010246
Call Trace:
<TASK>
? __die+0x20/0x60
? page_fault_oops+0x14c/0x3c0
? exc_page_fault+0x75/0x140
? asm_exc_page_fault+0x22/0x30
notifier_call_chain+0x35/0xb0
blocking_notifier_call_chain+0x3d/0x60
mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]
mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]
mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]
mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]
__mlx5_ib_add+0x34/0xd0 [mlx5_ib]
mlx5r_probe+0xe1/0x210 [mlx5_ib]
? auxiliary_match_id+0x6a/0x90
auxiliary_bus_probe+0x38/0x80
? driver_sysfs_add+0x51/0x80
really_probe+0xc9/0x3e0
? driver_probe_device+0x90/0x90
__driver_probe_device+0x80/0x160
driver_probe_device+0x1e/0x90
__device_attach_driver+0x7d/0x100
bus_for_each_drv+0x80/0xd0
__device_attach+0xbc/0x1f0
bus_probe_device+0x86/0xa0
device_add+0x637/0x840
__auxiliary_device_add+0x3b/0xa0
add_adev+0xc9/0x140 [mlx5_core]
mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]
mlx5_register_device+0x53/0xa0 [mlx5_core]
mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]
mlx5_init_one+0x3b/0x60 [mlx5_core]
probe_one+0x44c/0x730 [mlx5_core]
local_pci_probe+0x3e/0x90
pci_device_probe+0xbf/0x210
? kernfs_create_link+0x5d/0xa0
? sysfs_do_create_link_sd+0x60/0xc0
really_probe+0xc9/0x3e0
? driver_probe_device+0x90/0x90
__driver_probe_device+0x80/0x160
driver_probe_device+0x1e/0x90
__device_attach_driver+0x7d/0x100
bus_for_each_drv+0x80/0xd0
__device_attach+0xbc/0x1f0
pci_bus_add_device+0x54/0x80
pci_iov_add_virtfn+0x2e6/0x320
sriov_enable+0x208/0x420
mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]
sriov_numvfs_store+0xae/0x1a0
kernfs_fop_write_iter+0x10c/0x1a0
vfs_write+0x291/0x3c0
ksys_write+0x5f/0xe0
do_syscall_64+0x3d/0x90
entry_SYSCALL_64_after_hwframe+0x46/0xb0
CR2: 0000000000000000
---[ end trace 0000000000000000 ]---
Severity ?
No CVSS data available.
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38608",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T19:44:05.361644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T19:44:14.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.957Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f7e6cfb864a53af71c5cc904f1cc22215d68f5c6",
"status": "affected",
"version": "2c3b5beec46ab0d77c94828eb15170b333ae769a",
"versionType": "git"
},
{
"lessThan": "3d5918477f94e4c2f064567875c475468e264644",
"status": "affected",
"version": "2c3b5beec46ab0d77c94828eb15170b333ae769a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/mellanox/mlx5/core/en_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.12"
},
{
"lessThan": "4.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "4.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: Fix netif state handling\n\nmlx5e_suspend cleans resources only if netif_device_present() returns\ntrue. However, mlx5e_resume changes the state of netif, via\nmlx5e_nic_enable, only if reg_state == NETREG_REGISTERED.\nIn the below case, the above leads to NULL-ptr Oops[1] and memory\nleaks:\n\nmlx5e_probe\n _mlx5e_resume\n mlx5e_attach_netdev\n mlx5e_nic_enable \u003c-- netdev not reg, not calling netif_device_attach()\n register_netdev \u003c-- failed for some reason.\nERROR_FLOW:\n _mlx5e_suspend \u003c-- netif_device_present return false, resources aren\u0027t freed :(\n\nHence, clean resources in this case as well.\n\n[1]\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nPGD 0 P4D 0\nOops: 0010 [#1] SMP\nCPU: 2 PID: 9345 Comm: test-ovs-ct-gen Not tainted 6.5.0_for_upstream_min_debug_2023_09_05_16_01 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:0x0\nCode: Unable to access opcode bytes at0xffffffffffffffd6.\nRSP: 0018:ffff888178aaf758 EFLAGS: 00010246\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x20/0x60\n ? page_fault_oops+0x14c/0x3c0\n ? exc_page_fault+0x75/0x140\n ? asm_exc_page_fault+0x22/0x30\n notifier_call_chain+0x35/0xb0\n blocking_notifier_call_chain+0x3d/0x60\n mlx5_blocking_notifier_call_chain+0x22/0x30 [mlx5_core]\n mlx5_core_uplink_netdev_event_replay+0x3e/0x60 [mlx5_core]\n mlx5_mdev_netdev_track+0x53/0x60 [mlx5_ib]\n mlx5_ib_roce_init+0xc3/0x340 [mlx5_ib]\n __mlx5_ib_add+0x34/0xd0 [mlx5_ib]\n mlx5r_probe+0xe1/0x210 [mlx5_ib]\n ? auxiliary_match_id+0x6a/0x90\n auxiliary_bus_probe+0x38/0x80\n ? driver_sysfs_add+0x51/0x80\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n bus_probe_device+0x86/0xa0\n device_add+0x637/0x840\n __auxiliary_device_add+0x3b/0xa0\n add_adev+0xc9/0x140 [mlx5_core]\n mlx5_rescan_drivers_locked+0x22a/0x310 [mlx5_core]\n mlx5_register_device+0x53/0xa0 [mlx5_core]\n mlx5_init_one_devl_locked+0x5c4/0x9c0 [mlx5_core]\n mlx5_init_one+0x3b/0x60 [mlx5_core]\n probe_one+0x44c/0x730 [mlx5_core]\n local_pci_probe+0x3e/0x90\n pci_device_probe+0xbf/0x210\n ? kernfs_create_link+0x5d/0xa0\n ? sysfs_do_create_link_sd+0x60/0xc0\n really_probe+0xc9/0x3e0\n ? driver_probe_device+0x90/0x90\n __driver_probe_device+0x80/0x160\n driver_probe_device+0x1e/0x90\n __device_attach_driver+0x7d/0x100\n bus_for_each_drv+0x80/0xd0\n __device_attach+0xbc/0x1f0\n pci_bus_add_device+0x54/0x80\n pci_iov_add_virtfn+0x2e6/0x320\n sriov_enable+0x208/0x420\n mlx5_core_sriov_configure+0x9e/0x200 [mlx5_core]\n sriov_numvfs_store+0xae/0x1a0\n kernfs_fop_write_iter+0x10c/0x1a0\n vfs_write+0x291/0x3c0\n ksys_write+0x5f/0xe0\n do_syscall_64+0x3d/0x90\n entry_SYSCALL_64_after_hwframe+0x46/0xb0\n CR2: 0000000000000000\n ---[ end trace 0000000000000000 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:15:11.765Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f7e6cfb864a53af71c5cc904f1cc22215d68f5c6"
},
{
"url": "https://git.kernel.org/stable/c/3d5918477f94e4c2f064567875c475468e264644"
}
],
"title": "net/mlx5e: Fix netif state handling",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-38608",
"datePublished": "2024-06-19T13:56:10.614Z",
"dateReserved": "2024-06-18T19:36:34.941Z",
"dateUpdated": "2025-05-04T09:15:11.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-35939 (GCVE-0-2024-35939)
Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2026-01-05 10:35
VLAI?
EPSS
Title
dma-direct: Leak pages on dma_set_decrypted() failure
Summary
In the Linux kernel, the following vulnerability has been resolved:
dma-direct: Leak pages on dma_set_decrypted() failure
On TDX it is possible for the untrusted host to cause
set_memory_encrypted() or set_memory_decrypted() to fail such that an
error is returned and the resulting memory is shared. Callers need to
take care to handle these errors to avoid returning decrypted (shared)
memory to the page allocator, which could lead to functional or security
issues.
DMA could free decrypted/shared pages if dma_set_decrypted() fails. This
should be a rare case. Just leak the pages in this case instead of
freeing them.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
56fccf21d1961a06e2a0c96ce446ebf036651062 , < 4e0cfb25d49da2e6261ad582f58ffa5b5dd8c8e9
(git)
Affected: 56fccf21d1961a06e2a0c96ce446ebf036651062 , < 4031b72ca747a1e6e9ae4fa729e765b43363d66a (git) Affected: 56fccf21d1961a06e2a0c96ce446ebf036651062 , < b57326c96b7bc7638aa8c44e12afa2defe0c934c (git) Affected: 56fccf21d1961a06e2a0c96ce446ebf036651062 , < b9fa16949d18e06bdf728a560f5c8af56d2bdcaf (git) Affected: 91c7b0407ca6a62c095d265f76926b67bf66c026 (git) |
||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-35939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-20T14:32:53.392867Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:34:33.840Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:49.028Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e0cfb25d49da2e6261ad582f58ffa5b5dd8c8e9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4031b72ca747a1e6e9ae4fa729e765b43363d66a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b57326c96b7bc7638aa8c44e12afa2defe0c934c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b9fa16949d18e06bdf728a560f5c8af56d2bdcaf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/dma/direct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4e0cfb25d49da2e6261ad582f58ffa5b5dd8c8e9",
"status": "affected",
"version": "56fccf21d1961a06e2a0c96ce446ebf036651062",
"versionType": "git"
},
{
"lessThan": "4031b72ca747a1e6e9ae4fa729e765b43363d66a",
"status": "affected",
"version": "56fccf21d1961a06e2a0c96ce446ebf036651062",
"versionType": "git"
},
{
"lessThan": "b57326c96b7bc7638aa8c44e12afa2defe0c934c",
"status": "affected",
"version": "56fccf21d1961a06e2a0c96ce446ebf036651062",
"versionType": "git"
},
{
"lessThan": "b9fa16949d18e06bdf728a560f5c8af56d2bdcaf",
"status": "affected",
"version": "56fccf21d1961a06e2a0c96ce446ebf036651062",
"versionType": "git"
},
{
"status": "affected",
"version": "91c7b0407ca6a62c095d265f76926b67bf66c026",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/dma/direct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.8"
},
{
"lessThan": "5.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.86",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.27",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.6",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-direct: Leak pages on dma_set_decrypted() failure\n\nOn TDX it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nDMA could free decrypted/shared pages if dma_set_decrypted() fails. This\nshould be a rare case. Just leak the pages in this case instead of\nfreeing them."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-05T10:35:53.529Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4e0cfb25d49da2e6261ad582f58ffa5b5dd8c8e9"
},
{
"url": "https://git.kernel.org/stable/c/4031b72ca747a1e6e9ae4fa729e765b43363d66a"
},
{
"url": "https://git.kernel.org/stable/c/b57326c96b7bc7638aa8c44e12afa2defe0c934c"
},
{
"url": "https://git.kernel.org/stable/c/b9fa16949d18e06bdf728a560f5c8af56d2bdcaf"
}
],
"title": "dma-direct: Leak pages on dma_set_decrypted() failure",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35939",
"datePublished": "2024-05-19T10:10:44.931Z",
"dateReserved": "2024-05-17T13:50:33.131Z",
"dateUpdated": "2026-01-05T10:35:53.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-43892 (GCVE-0-2024-43892)
Vulnerability from cvelistv5 – Published: 2024-08-26 10:10 – Updated: 2025-11-03 22:06
VLAI?
EPSS
Title
memcg: protect concurrent access to mem_cgroup_idr
Summary
In the Linux kernel, the following vulnerability has been resolved:
memcg: protect concurrent access to mem_cgroup_idr
Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after
many small jobs") decoupled the memcg IDs from the CSS ID space to fix the
cgroup creation failures. It introduced IDR to maintain the memcg ID
space. The IDR depends on external synchronization mechanisms for
modifications. For the mem_cgroup_idr, the idr_alloc() and idr_replace()
happen within css callback and thus are protected through cgroup_mutex
from concurrent modifications. However idr_remove() for mem_cgroup_idr
was not protected against concurrency and can be run concurrently for
different memcgs when they hit their refcnt to zero. Fix that.
We have been seeing list_lru based kernel crashes at a low frequency in
our fleet for a long time. These crashes were in different part of
list_lru code including list_lru_add(), list_lru_del() and reparenting
code. Upon further inspection, it looked like for a given object (dentry
and inode), the super_block's list_lru didn't have list_lru_one for the
memcg of that object. The initial suspicions were either the object is
not allocated through kmem_cache_alloc_lru() or somehow
memcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but
returned success. No evidence were found for these cases.
Looking more deeply, we started seeing situations where valid memcg's id
is not present in mem_cgroup_idr and in some cases multiple valid memcgs
have same id and mem_cgroup_idr is pointing to one of them. So, the most
reasonable explanation is that these situations can happen due to race
between multiple idr_remove() calls or race between
idr_alloc()/idr_replace() and idr_remove(). These races are causing
multiple memcgs to acquire the same ID and then offlining of one of them
would cleanup list_lrus on the system for all of them. Later access from
other memcgs to the list_lru cause crashes due to missing list_lru_one.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
73f576c04b9410ed19660f74f97521bee6e1c546 , < 912736a0435ef40e6a4ae78197ccb5553cb80b05
(git)
Affected: 73f576c04b9410ed19660f74f97521bee6e1c546 , < e6cc9ff2ac0b5df9f25eb790934c3104f6710278 (git) Affected: 73f576c04b9410ed19660f74f97521bee6e1c546 , < 56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb (git) Affected: 73f576c04b9410ed19660f74f97521bee6e1c546 , < 37a060b64ae83b76600d187d76591ce488ab836b (git) Affected: 73f576c04b9410ed19660f74f97521bee6e1c546 , < 51c0b1bb7541f8893ec1accba59eb04361a70946 (git) Affected: 73f576c04b9410ed19660f74f97521bee6e1c546 , < 9972605a238339b85bd16b084eed5f18414d22db (git) Affected: 8627c7750a66a46d56d3564e1e881aa53764497c (git) Affected: db70cd18d3da727a3a59694de428a9e41c620de7 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:29:18.942187Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:32:57.970Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:06:51.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/memcontrol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "912736a0435ef40e6a4ae78197ccb5553cb80b05",
"status": "affected",
"version": "73f576c04b9410ed19660f74f97521bee6e1c546",
"versionType": "git"
},
{
"lessThan": "e6cc9ff2ac0b5df9f25eb790934c3104f6710278",
"status": "affected",
"version": "73f576c04b9410ed19660f74f97521bee6e1c546",
"versionType": "git"
},
{
"lessThan": "56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb",
"status": "affected",
"version": "73f576c04b9410ed19660f74f97521bee6e1c546",
"versionType": "git"
},
{
"lessThan": "37a060b64ae83b76600d187d76591ce488ab836b",
"status": "affected",
"version": "73f576c04b9410ed19660f74f97521bee6e1c546",
"versionType": "git"
},
{
"lessThan": "51c0b1bb7541f8893ec1accba59eb04361a70946",
"status": "affected",
"version": "73f576c04b9410ed19660f74f97521bee6e1c546",
"versionType": "git"
},
{
"lessThan": "9972605a238339b85bd16b084eed5f18414d22db",
"status": "affected",
"version": "73f576c04b9410ed19660f74f97521bee6e1c546",
"versionType": "git"
},
{
"status": "affected",
"version": "8627c7750a66a46d56d3564e1e881aa53764497c",
"versionType": "git"
},
{
"status": "affected",
"version": "db70cd18d3da727a3a59694de428a9e41c620de7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/memcontrol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.226",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.110",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.226",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.167",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.110",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.46",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.5",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmemcg: protect concurrent access to mem_cgroup_idr\n\nCommit 73f576c04b94 (\"mm: memcontrol: fix cgroup creation failure after\nmany small jobs\") decoupled the memcg IDs from the CSS ID space to fix the\ncgroup creation failures. It introduced IDR to maintain the memcg ID\nspace. The IDR depends on external synchronization mechanisms for\nmodifications. For the mem_cgroup_idr, the idr_alloc() and idr_replace()\nhappen within css callback and thus are protected through cgroup_mutex\nfrom concurrent modifications. However idr_remove() for mem_cgroup_idr\nwas not protected against concurrency and can be run concurrently for\ndifferent memcgs when they hit their refcnt to zero. Fix that.\n\nWe have been seeing list_lru based kernel crashes at a low frequency in\nour fleet for a long time. These crashes were in different part of\nlist_lru code including list_lru_add(), list_lru_del() and reparenting\ncode. Upon further inspection, it looked like for a given object (dentry\nand inode), the super_block\u0027s list_lru didn\u0027t have list_lru_one for the\nmemcg of that object. The initial suspicions were either the object is\nnot allocated through kmem_cache_alloc_lru() or somehow\nmemcg_list_lru_alloc() failed to allocate list_lru_one() for a memcg but\nreturned success. No evidence were found for these cases.\n\nLooking more deeply, we started seeing situations where valid memcg\u0027s id\nis not present in mem_cgroup_idr and in some cases multiple valid memcgs\nhave same id and mem_cgroup_idr is pointing to one of them. So, the most\nreasonable explanation is that these situations can happen due to race\nbetween multiple idr_remove() calls or race between\nidr_alloc()/idr_replace() and idr_remove(). These races are causing\nmultiple memcgs to acquire the same ID and then offlining of one of them\nwould cleanup list_lrus on the system for all of them. Later access from\nother memcgs to the list_lru cause crashes due to missing list_lru_one."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:58:18.607Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/912736a0435ef40e6a4ae78197ccb5553cb80b05"
},
{
"url": "https://git.kernel.org/stable/c/e6cc9ff2ac0b5df9f25eb790934c3104f6710278"
},
{
"url": "https://git.kernel.org/stable/c/56fd70f4aa8b82199dbe7e99366b1fd7a04d86fb"
},
{
"url": "https://git.kernel.org/stable/c/37a060b64ae83b76600d187d76591ce488ab836b"
},
{
"url": "https://git.kernel.org/stable/c/51c0b1bb7541f8893ec1accba59eb04361a70946"
},
{
"url": "https://git.kernel.org/stable/c/9972605a238339b85bd16b084eed5f18414d22db"
}
],
"title": "memcg: protect concurrent access to mem_cgroup_idr",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-43892",
"datePublished": "2024-08-26T10:10:46.612Z",
"dateReserved": "2024-08-17T09:11:59.290Z",
"dateUpdated": "2025-11-03T22:06:51.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45018 (GCVE-0-2024-45018)
Vulnerability from cvelistv5 – Published: 2024-09-11 15:13 – Updated: 2025-11-03 22:15
VLAI?
EPSS
Title
netfilter: flowtable: initialise extack before use
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: flowtable: initialise extack before use
Fix missing initialisation of extack in flow offload.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
c29f74e0df7a02b8303bcdce93a7c0132d62577a , < e5ceff2196dc633c995afb080f6f44a72cff6e1d
(git)
Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < 356beb911b63a8cff34cb57f755c2a2d2ee9dec7 (git) Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < 7eafeec6be68ebd6140a830ce9ae68ad5b67ec78 (git) Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < c7b760499f7791352b49b11667ed04b23d7f5b0f (git) Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < 119be227bc04f5035efa64cb823b8a5ca5e2d1c1 (git) Affected: c29f74e0df7a02b8303bcdce93a7c0132d62577a , < e9767137308daf906496613fd879808a07f006a2 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T15:48:48.250822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T15:49:02.005Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:15:25.362Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_flow_table_offload.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e5ceff2196dc633c995afb080f6f44a72cff6e1d",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
},
{
"lessThan": "356beb911b63a8cff34cb57f755c2a2d2ee9dec7",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
},
{
"lessThan": "7eafeec6be68ebd6140a830ce9ae68ad5b67ec78",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
},
{
"lessThan": "c7b760499f7791352b49b11667ed04b23d7f5b0f",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
},
{
"lessThan": "119be227bc04f5035efa64cb823b8a5ca5e2d1c1",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
},
{
"lessThan": "e9767137308daf906496613fd879808a07f006a2",
"status": "affected",
"version": "c29f74e0df7a02b8303bcdce93a7c0132d62577a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/netfilter/nf_flow_table_offload.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.225",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.166",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.107",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.48",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.225",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.166",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.107",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.48",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.7",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: flowtable: initialise extack before use\n\nFix missing initialisation of extack in flow offload."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:31:07.596Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e5ceff2196dc633c995afb080f6f44a72cff6e1d"
},
{
"url": "https://git.kernel.org/stable/c/356beb911b63a8cff34cb57f755c2a2d2ee9dec7"
},
{
"url": "https://git.kernel.org/stable/c/7eafeec6be68ebd6140a830ce9ae68ad5b67ec78"
},
{
"url": "https://git.kernel.org/stable/c/c7b760499f7791352b49b11667ed04b23d7f5b0f"
},
{
"url": "https://git.kernel.org/stable/c/119be227bc04f5035efa64cb823b8a5ca5e2d1c1"
},
{
"url": "https://git.kernel.org/stable/c/e9767137308daf906496613fd879808a07f006a2"
}
],
"title": "netfilter: flowtable: initialise extack before use",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-45018",
"datePublished": "2024-09-11T15:13:53.297Z",
"dateReserved": "2024-08-21T05:34:56.683Z",
"dateUpdated": "2025-11-03T22:15:25.362Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27017 (GCVE-0-2024-27017)
Vulnerability from cvelistv5 – Published: 2024-05-01 05:30 – Updated: 2025-11-04 17:17
VLAI?
EPSS
Title
netfilter: nft_set_pipapo: walk over current view on netlink dump
Summary
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_set_pipapo: walk over current view on netlink dump
The generation mask can be updated while netlink dump is in progress.
The pipapo set backend walk iterator cannot rely on it to infer what
view of the datastructure is to be used. Add notation to specify if user
wants to read/update the set.
Based on patch from Florian Westphal.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
2a90da8e0dd50f42e577988f4219f4f4cd3616b7 , < ff89db14c63a827066446460e39226c0688ef786
(git)
Affected: 45eb6944d0f55102229115de040ef3a48841434a , < ce9fef54c5ec9912a0c9a47bac3195cc41b14679 (git) Affected: 0d836f917520300a8725a5dbdad4406438d0cead , < 52735a010f37580b3a569a996f878fdd87425650 (git) Affected: 2b84e215f87443c74ac0aa7f76bb172d43a87033 , < f24d8abc2bb8cbf31ec713336e402eafa8f42f60 (git) Affected: 2b84e215f87443c74ac0aa7f76bb172d43a87033 , < 721715655c72640567e8742567520c99801148ed (git) Affected: 2b84e215f87443c74ac0aa7f76bb172d43a87033 , < 29b359cf6d95fd60730533f7f10464e95bd17c73 (git) Affected: f661383b5f1aaac3fe121b91e04332944bc90193 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-28T16:20:37.656440Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:29.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:17:24.217Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/721715655c72640567e8742567520c99801148ed"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29b359cf6d95fd60730533f7f10464e95bd17c73"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c",
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ff89db14c63a827066446460e39226c0688ef786",
"status": "affected",
"version": "2a90da8e0dd50f42e577988f4219f4f4cd3616b7",
"versionType": "git"
},
{
"lessThan": "ce9fef54c5ec9912a0c9a47bac3195cc41b14679",
"status": "affected",
"version": "45eb6944d0f55102229115de040ef3a48841434a",
"versionType": "git"
},
{
"lessThan": "52735a010f37580b3a569a996f878fdd87425650",
"status": "affected",
"version": "0d836f917520300a8725a5dbdad4406438d0cead",
"versionType": "git"
},
{
"lessThan": "f24d8abc2bb8cbf31ec713336e402eafa8f42f60",
"status": "affected",
"version": "2b84e215f87443c74ac0aa7f76bb172d43a87033",
"versionType": "git"
},
{
"lessThan": "721715655c72640567e8742567520c99801148ed",
"status": "affected",
"version": "2b84e215f87443c74ac0aa7f76bb172d43a87033",
"versionType": "git"
},
{
"lessThan": "29b359cf6d95fd60730533f7f10464e95bd17c73",
"status": "affected",
"version": "2b84e215f87443c74ac0aa7f76bb172d43a87033",
"versionType": "git"
},
{
"status": "affected",
"version": "f661383b5f1aaac3fe121b91e04332944bc90193",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/net/netfilter/nf_tables.h",
"net/netfilter/nf_tables_api.c",
"net/netfilter/nft_set_pipapo.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.112",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.53",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "5.10.186",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "5.15.119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.112",
"versionStartIncluding": "6.1.36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.53",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.8",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "6.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: walk over current view on netlink dump\n\nThe generation mask can be updated while netlink dump is in progress.\nThe pipapo set backend walk iterator cannot rely on it to infer what\nview of the datastructure is to be used. Add notation to specify if user\nwants to read/update the set.\n\nBased on patch from Florian Westphal."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T12:55:22.853Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ff89db14c63a827066446460e39226c0688ef786"
},
{
"url": "https://git.kernel.org/stable/c/ce9fef54c5ec9912a0c9a47bac3195cc41b14679"
},
{
"url": "https://git.kernel.org/stable/c/52735a010f37580b3a569a996f878fdd87425650"
},
{
"url": "https://git.kernel.org/stable/c/f24d8abc2bb8cbf31ec713336e402eafa8f42f60"
},
{
"url": "https://git.kernel.org/stable/c/721715655c72640567e8742567520c99801148ed"
},
{
"url": "https://git.kernel.org/stable/c/29b359cf6d95fd60730533f7f10464e95bd17c73"
}
],
"title": "netfilter: nft_set_pipapo: walk over current view on netlink dump",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27017",
"datePublished": "2024-05-01T05:30:01.888Z",
"dateReserved": "2024-02-19T14:20:24.209Z",
"dateUpdated": "2025-11-04T17:17:24.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-41093 (GCVE-0-2024-41093)
Vulnerability from cvelistv5 – Published: 2024-07-29 15:48 – Updated: 2025-11-03 22:00
VLAI?
EPSS
Title
drm/amdgpu: avoid using null object of framebuffer
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: avoid using null object of framebuffer
Instead of using state->fb->obj[0] directly, get object from framebuffer
by calling drm_gem_fb_get_obj() and return error code when object is
null to avoid using null object of framebuffer.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc
(git)
Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 6ce0544cabaa608018d5922ab404dc656a9d8447 (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < 330c8c1453848c04d335bad81371a66710210800 (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46 (git) Affected: d38ceaf99ed015f2a0b9af3499791bd3a3daae21 , < bcfa48ff785bd121316592b131ff6531e3e696bb (git) |
||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:00:50.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ce0544cabaa608018d5922ab404dc656a9d8447"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/330c8c1453848c04d335bad81371a66710210800"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcfa48ff785bd121316592b131ff6531e3e696bb"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41093",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:20:32.237829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:55.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "6ce0544cabaa608018d5922ab404dc656a9d8447",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "330c8c1453848c04d335bad81371a66710210800",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
},
{
"lessThan": "bcfa48ff785bd121316592b131ff6531e3e696bb",
"status": "affected",
"version": "d38ceaf99ed015f2a0b9af3499791bd3a3daae21",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.97",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.37",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.162",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.97",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.37",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.8",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: avoid using null object of framebuffer\n\nInstead of using state-\u003efb-\u003eobj[0] directly, get object from framebuffer\nby calling drm_gem_fb_get_obj() and return error code when object is\nnull to avoid using null object of framebuffer."
}
],
"providerMetadata": {
"dateUpdated": "2025-09-16T08:02:40.601Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc"
},
{
"url": "https://git.kernel.org/stable/c/6ce0544cabaa608018d5922ab404dc656a9d8447"
},
{
"url": "https://git.kernel.org/stable/c/330c8c1453848c04d335bad81371a66710210800"
},
{
"url": "https://git.kernel.org/stable/c/dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46"
},
{
"url": "https://git.kernel.org/stable/c/bcfa48ff785bd121316592b131ff6531e3e696bb"
}
],
"title": "drm/amdgpu: avoid using null object of framebuffer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-41093",
"datePublished": "2024-07-29T15:48:06.686Z",
"dateReserved": "2024-07-12T12:17:45.636Z",
"dateUpdated": "2025-11-03T22:00:50.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-42284 (GCVE-0-2024-42284)
Vulnerability from cvelistv5 – Published: 2024-08-17 09:08 – Updated: 2025-11-03 22:03
VLAI?
EPSS
Title
tipc: Return non-zero value from tipc_udp_addr2str() on error
Summary
In the Linux kernel, the following vulnerability has been resolved:
tipc: Return non-zero value from tipc_udp_addr2str() on error
tipc_udp_addr2str() should return non-zero value if the UDP media
address is invalid. Otherwise, a buffer overflow access can occur in
tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP
media address.
Severity ?
No CVSS data available.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
d0f91938bede204a343473792529e0db7d599836 , < 7ec3335dd89c8d169e9650e4bac64fde71fdf15b
(git)
Affected: d0f91938bede204a343473792529e0db7d599836 , < 253405541be2f15ffebdeac2f4cf4b7e9144d12f (git) Affected: d0f91938bede204a343473792529e0db7d599836 , < aa38bf74899de07cf70b50cd17f8ad45fb6654c8 (git) Affected: d0f91938bede204a343473792529e0db7d599836 , < 5eea127675450583680c8170358bcba43227bd69 (git) Affected: d0f91938bede204a343473792529e0db7d599836 , < 728734352743a78b4c5a7285b282127696a4a813 (git) Affected: d0f91938bede204a343473792529e0db7d599836 , < 76ddf84a52f0d8ec3f5db6ccce08faf202a17d28 (git) Affected: d0f91938bede204a343473792529e0db7d599836 , < 2abe350db1aa599eeebc6892237d0bce0f1de62a (git) Affected: d0f91938bede204a343473792529e0db7d599836 , < fa96c6baef1b5385e2f0c0677b32b3839e716076 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-42284",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:11:26.639456Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T17:33:30.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:03:29.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/udp_media.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7ec3335dd89c8d169e9650e4bac64fde71fdf15b",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "253405541be2f15ffebdeac2f4cf4b7e9144d12f",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "aa38bf74899de07cf70b50cd17f8ad45fb6654c8",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "5eea127675450583680c8170358bcba43227bd69",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "728734352743a78b4c5a7285b282127696a4a813",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "76ddf84a52f0d8ec3f5db6ccce08faf202a17d28",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "2abe350db1aa599eeebc6892237d0bce0f1de62a",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
},
{
"lessThan": "fa96c6baef1b5385e2f0c0677b32b3839e716076",
"status": "affected",
"version": "d0f91938bede204a343473792529e0db7d599836",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/udp_media.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.1"
},
{
"lessThan": "4.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.320",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.282",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.224",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.103",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.44",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.320",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.282",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.224",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.165",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.103",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.44",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.3",
"versionStartIncluding": "4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "4.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: Return non-zero value from tipc_udp_addr2str() on error\n\ntipc_udp_addr2str() should return non-zero value if the UDP media\naddress is invalid. Otherwise, a buffer overflow access can occur in\ntipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP\nmedia address."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T09:25:55.793Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b"
},
{
"url": "https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f"
},
{
"url": "https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8"
},
{
"url": "https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69"
},
{
"url": "https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813"
},
{
"url": "https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28"
},
{
"url": "https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0f1de62a"
},
{
"url": "https://git.kernel.org/stable/c/fa96c6baef1b5385e2f0c0677b32b3839e716076"
}
],
"title": "tipc: Return non-zero value from tipc_udp_addr2str() on error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-42284",
"datePublished": "2024-08-17T09:08:50.576Z",
"dateReserved": "2024-07-30T07:40:12.262Z",
"dateUpdated": "2025-11-03T22:03:29.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
BDU:2025-02535
Vulnerability from fstec - Published: 26.06.2024
VLAI Severity ?
Title
Уязвимость функций nft_lookup_init(), nf_tables_fill_setelem() и nft_validate_register_store() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функций nft_lookup_init(), nf_tables_fill_setelem() и nft_validate_register_store() ядра операционной системы Linux связана с ошибками смешения типов данных. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании
Severity ?
Vendor
Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», АО «ИВК», Almalinux OS Foundation, АО «НТЦ ИТ РОСА», АО "НППКТ"
Software Name
Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), АЛЬТ СП 10, AlmaLinux, Linux, ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
8 (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 18.04 ESM (Ubuntu), - (АЛЬТ СП 10), 24.04 LTS (Ubuntu), 1.8 (Astra Linux Special Edition), 8 (AlmaLinux), от 5.10 до 5.10.221 (Linux), от 5.15 до 5.15.162 (Linux), от 5.4 до 5.4.279 (Linux), от 6.1 до 6.1.97 (Linux), от 6.6 до 6.6.37 (Linux), от 6.9 до 6.9.8 (Linux), от 3.13 до 4.19.317 (Linux), от 6.10 до 6.10 rc6 (Linux), 3.0 (ROSA Virtualization 3.0), до 2.12 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
Для Linux:
https://lore.kernel.org/linux-cve-announce/2024072952-CVE-2024-42070-b271@gregkh/
https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f
https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4
https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf
https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8
https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007
https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564
https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f
https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c
Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-42070
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2024-42070
Для Ubuntu:
https://ubuntu.com/security/CVE-2024-42070
Для AlmaLinux:
https://errata.almalinux.org/8/ALSA-2024-8856.html
https://errata.almalinux.org/8/ALSA-2024-8870.html
Для ОС Альт СП 10:
установка обновления из публичного репозитория программного средства
Компенсирующие меры:
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Обновление программного обеспечения linux до версии 6.6.66-0.osnova2u1
Для ОС Astra Linux:
- обновить пакет linux до 5.4.0-202.astra1+ci4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17
- обновить пакет linux-5.10 до 5.10.233-1.astra1+ci1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17
- обновить пакет linux-5.15 до 5.15.0-127.astra1+ci4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17
- обновить пакет linux-6.1 до 6.1.124-1.astra1+ci7 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17
Для ОС Альт 8 СП (релиз 10): установка обновления из публичного репозитория программного средства: https://altsp.su/obnovleniya-bezopasnosti/
Для ОС Astra Linux:
- обновить пакет linux-6.1 до 6.1.124-1.astra1+ci29 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18
- обновить пакет linux-6.6 до 6.12.11-1.astra1+ci18 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18
Для ОС Astra Linux:
- обновить пакет linux до 5.4.0-202.astra1+ci5 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47
- обновить пакет linux-5.10 до 5.10.233-1.astra1+ci2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47
- обновить пакет linux-5.15 до 5.15.0-127.astra1+ci5 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47
- обновить пакет linux-6.1 до 6.1.124-1.astra2+ci4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2863
Reference
https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4
https://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f
https://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f
https://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8
https://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf
https://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c
https://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564
https://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007
https://lore.kernel.org/linux-cve-announce/2024072952-CVE-2024-42070-b271@gregkh/
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-kernel-lt-230125/?sphrase_id=784359
https://security-tracker.debian.org/tracker/CVE-2024-42070
https://access.redhat.com/security/cve/CVE-2024-42070
https://ubuntu.com/security/CVE-2024-42070
https://errata.almalinux.org/8/ALSA-2024-8856.html
https://errata.almalinux.org/8/ALSA-2024-8870.html
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.12/
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17
https://altsp.su/obnovleniya-bezopasnosti/
https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47
https://abf.rosa.ru/advisories/ROSA-SA-2025-2863
CWE
CWE-401, CWE-843
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Almalinux OS Foundation, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 18.04 ESM (Ubuntu), - (\u0410\u041b\u042c\u0422 \u0421\u041f 10), 24.04 LTS (Ubuntu), 1.8 (Astra Linux Special Edition), 8 (AlmaLinux), \u043e\u0442 5.10 \u0434\u043e 5.10.221 (Linux), \u043e\u0442 5.15 \u0434\u043e 5.15.162 (Linux), \u043e\u0442 5.4 \u0434\u043e 5.4.279 (Linux), \u043e\u0442 6.1 \u0434\u043e 6.1.97 (Linux), \u043e\u0442 6.6 \u0434\u043e 6.6.37 (Linux), \u043e\u0442 6.9 \u0434\u043e 6.9.8 (Linux), \u043e\u0442 3.13 \u0434\u043e 4.19.317 (Linux), \u043e\u0442 6.10 \u0434\u043e 6.10 rc6 (Linux), 3.0 (ROSA Virtualization 3.0), \u0434\u043e 2.12 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://lore.kernel.org/linux-cve-announce/2024072952-CVE-2024-42070-b271@gregkh/\nhttps://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f\nhttps://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4\nhttps://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf\nhttps://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8\nhttps://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007\nhttps://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564\nhttps://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f\nhttps://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-42070\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2024-42070\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2024-42070\n\n\u0414\u043b\u044f AlmaLinux:\nhttps://errata.almalinux.org/8/ALSA-2024-8856.html\nhttps://errata.almalinux.org/8/ALSA-2024-8870.html\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 \u0421\u041f 10: \n\u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f linux \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 6.6.66-0.osnova2u1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux \u0434\u043e 5.4.0-202.astra1+ci4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.10 \u0434\u043e 5.10.233-1.astra1+ci1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.15 \u0434\u043e 5.15.0-127.astra1+ci4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-6.1 \u0434\u043e 6.1.124-1.astra1+ci7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0440\u0435\u043b\u0438\u0437 10): \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430: https://altsp.su/obnovleniya-bezopasnosti/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-6.1 \u0434\u043e 6.1.124-1.astra1+ci29 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-6.6 \u0434\u043e 6.12.11-1.astra1+ci18 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux \u0434\u043e 5.4.0-202.astra1+ci5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.10 \u0434\u043e 5.10.233-1.astra1+ci2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.15 \u0434\u043e 5.15.0-127.astra1+ci5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-6.1 \u0434\u043e 6.1.124-1.astra2+ci4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2863",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "26.06.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.08.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.03.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-02535",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-42070, ROS-20250123-01, ALSA-2024:8856, ALSA-2024:8870",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041b\u042c\u0422 \u0421\u041f 10, AlmaLinux, Linux, ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 9 , Canonical Ltd. Ubuntu 18.04 ESM , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u041b\u042c\u0422 \u0421\u041f 10 - , Canonical Ltd. Ubuntu 24.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Almalinux OS Foundation AlmaLinux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.10 \u0434\u043e 5.10.221 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.15 \u0434\u043e 5.15.162 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 5.4 \u0434\u043e 5.4.279 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.1 \u0434\u043e 6.1.97 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.6 \u0434\u043e 6.6.37 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.9 \u0434\u043e 6.9.8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 3.13 \u0434\u043e 4.19.317 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.10 \u0434\u043e 6.10 rc6 , \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.12 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 nft_lookup_init(), nf_tables_fill_setelem() \u0438 nft_validate_register_store() \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u0435\u0440\u0435\u0434 \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0441\u0441\u044b\u043b\u043a\u0438 (\u00ab\u0443\u0442\u0435\u0447\u043a\u0430 \u043f\u0430\u043c\u044f\u0442\u0438\u00bb) (CWE-401), \u0414\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u0441\u0443\u0440\u0441\u0443 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u044b\u0435 \u0442\u0438\u043f\u044b (CWE-843)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 nft_lookup_init(), nf_tables_fill_setelem() \u0438 nft_validate_register_store() \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0441\u043c\u0435\u0448\u0435\u043d\u0438\u044f \u0442\u0438\u043f\u043e\u0432 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445, \u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.kernel.org/stable/c/23752737c6a618e994f9a310ec2568881a6b49c4\nhttps://git.kernel.org/stable/c/40188a25a9847dbeb7ec67517174a835a677752f\nhttps://git.kernel.org/stable/c/41a6375d48deaf7f730304b5153848bfa1c2980f\nhttps://git.kernel.org/stable/c/461302e07f49687ffe7d105fa0a330c07c7646d8\nhttps://git.kernel.org/stable/c/5d43d789b57943720dca4181a05f6477362b94cf\nhttps://git.kernel.org/stable/c/7931d32955e09d0a11b1fe0b6aac1bfa061c005c\nhttps://git.kernel.org/stable/c/952bf8df222599baadbd4f838a49c4fef81d2564\nhttps://git.kernel.org/stable/c/efb27ad05949403848f487823b597ed67060e007\nhttps://lore.kernel.org/linux-cve-announce/2024072952-CVE-2024-42070-b271@gregkh/\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-kernel-lt-230125/?sphrase_id=784359\nhttps://security-tracker.debian.org/tracker/CVE-2024-42070\nhttps://access.redhat.com/security/cve/CVE-2024-42070\nhttps://ubuntu.com/security/CVE-2024-42070\nhttps://errata.almalinux.org/8/ALSA-2024-8856.html\nhttps://errata.almalinux.org/8/ALSA-2024-8870.html\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.12/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2863",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-401, CWE-843",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}
BDU:2025-01333
Vulnerability from fstec - Published: 11.07.2024
VLAI Severity ?
Title
Уязвимость функций nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() и nft_validate_register_store() (net/netfilter/nf_tables_api.c) компонента netfilter ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании.
Description
Уязвимость функций nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() и nft_validate_register_store() (net/netfilter/nf_tables_api.c) компонента netfilter ядра операционной системы Linux связана с недостаточной проверкой входных данных. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании.
Severity ?
Vendor
Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», Almalinux OS Foundation, АО «НТЦ ИТ РОСА»
Software Name
Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Linux, AlmaLinux, ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308)
Software Version
8 (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 18.04 ESM (Ubuntu), 24.04 LTS (Ubuntu), 1.8 (Astra Linux Special Edition), от 6.7 до 6.9.9 включительно (Linux), от 5.16 до 6.1.104 включительно (Linux), от 6.2 до 6.6.45 включительно (Linux), от 5.5 до 5.10.223 включительно (Linux), от 5.11 до 5.15.164 включительно (Linux), от 4.20 до 5.4.281 включительно (Linux), 8 (AlmaLinux), от 3.13 до 4.19.319 включительно (Linux), 3.0 (ROSA Virtualization 3.0)
Possible Mitigations
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций:
Для Linux:
https://lore.kernel.org/linux-cve-announce/2024072924-CVE-2024-41042-c338@gregkh/
https://git.kernel.org/stable/c/1947e4c3346faa8ac7e343652c0fd3b3e394202f
https://git.kernel.org/stable/c/31c35f9f89ef585f1edb53e17ac73a0ca4a9712b
https://git.kernel.org/stable/c/717c91c6ed73e248de6a15bc53adefb81446c9d0
https://git.kernel.org/stable/c/8246b7466c8da49d0d9e85e26cbd69dd6d3e3d1e
https://git.kernel.org/stable/c/9df785aeb7dcc8efd1d4110bb27d26005298ebae
https://git.kernel.org/stable/c/b6b6e430470e1c3c5513311cb35a15a205595abe
https://git.kernel.org/stable/c/cd4348e0a50286282c314ad6d2b0740e7c812c24
https://git.kernel.org/stable/c/cff3bd012a9512ac5ed858d38e6ed65f6391008c
Для РЕД ОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-41042
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2024-41042
Для Ubuntu:
https://ubuntu.com/security/CVE-2024-41042
Для AlmaLinux:
https://errata.almalinux.org/8/ALSA-2024-8856.html
https://errata.almalinux.org/8/ALSA-2024-8870.html
Для ОС Astra Linux:
- обновить пакет linux до 5.4.0-202.astra1+ci4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17
- обновить пакет linux-5.10 до 5.10.233-1.astra1+ci1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17
- обновить пакет linux-5.15 до 5.15.0-127.astra1+ci4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17
- обновить пакет linux-6.1 до 6.1.124-1.astra1+ci7 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17
Для ОС Astra Linux:
- обновить пакет linux-6.1 до 6.1.124-1.astra1+ci29 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18
Для ОС Astra Linux:
- обновить пакет linux до 5.4.0-202.astra1+ci5 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47
- обновить пакет linux-5.10 до 5.10.233-1.astra1+ci2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47
- обновить пакет linux-5.15 до 5.15.0-127.astra1+ci5 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47
- обновить пакет linux-6.1 до 6.1.124-1.astra2+ci4 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2863
Reference
https://access.redhat.com/security/cve/CVE-2024-41042
https://errata.almalinux.org/8/ALSA-2024-8856.html
https://errata.almalinux.org/8/ALSA-2024-8870.html
https://git.kernel.org/linus/cff3bd012a9512ac5ed858d38e6ed65f6391008c
https://git.kernel.org/stable/c/1947e4c3346faa8ac7e343652c0fd3b3e394202f
https://git.kernel.org/stable/c/31c35f9f89ef585f1edb53e17ac73a0ca4a9712b
https://git.kernel.org/stable/c/717c91c6ed73e248de6a15bc53adefb81446c9d0
https://git.kernel.org/stable/c/8246b7466c8da49d0d9e85e26cbd69dd6d3e3d1e
https://git.kernel.org/stable/c/9df785aeb7dcc8efd1d4110bb27d26005298ebae
https://git.kernel.org/stable/c/b6b6e430470e1c3c5513311cb35a15a205595abe
https://git.kernel.org/stable/c/cd4348e0a50286282c314ad6d2b0740e7c812c24
https://git.kernel.org/stable/c/cff3bd012a9512ac5ed858d38e6ed65f6391008c
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.320
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.224
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.165
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.282
https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.105
https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.46
https://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9.10
https://lore.kernel.org/linux-cve-announce/2024072924-CVE-2024-41042-c338@gregkh/
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-kernel-lt-220125/?sphrase_id=690326
https://security-tracker.debian.org/tracker/CVE-2024-41042
https://ubuntu.com/security/CVE-2024-41042
https://ubuntu.com/security/notices/USN-7088-1
https://ubuntu.com/security/notices/USN-7088-2
https://ubuntu.com/security/notices/USN-7088-3
https://ubuntu.com/security/notices/USN-7088-4
https://ubuntu.com/security/notices/USN-7088-5
https://ubuntu.com/security/notices/USN-7089-1
https://ubuntu.com/security/notices/USN-7089-2
https://ubuntu.com/security/notices/USN-7089-3
https://ubuntu.com/security/notices/USN-7089-4
https://ubuntu.com/security/notices/USN-7089-5
https://ubuntu.com/security/notices/USN-7089-6
https://ubuntu.com/security/notices/USN-7089-7
https://ubuntu.com/security/notices/USN-7090-1
https://ubuntu.com/security/notices/USN-7095-1
https://ubuntu.com/security/notices/USN-7100-1
https://ubuntu.com/security/notices/USN-7100-2
https://ubuntu.com/security/notices/USN-7119-1
https://ubuntu.com/security/notices/USN-7123-1
https://ubuntu.com/security/notices/USN-7144-1
https://ubuntu.com/security/notices/USN-7156-1
https://ubuntu.com/security/notices/USN-7194-1
https://www.cve.org/CVERecord?id=CVE-2024-41042
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17
https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47
https://abf.rosa.ru/advisories/ROSA-SA-2025-2863
CWE
CWE-20, CWE-121
{
"CVSS 2.0": "AV:L/AC:H/Au:M/C:N/I:N/A:C",
"CVSS 3.0": "AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Almalinux OS Foundation, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 18.04 ESM (Ubuntu), 24.04 LTS (Ubuntu), 1.8 (Astra Linux Special Edition), \u043e\u0442 6.7 \u0434\u043e 6.9.9 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.16 \u0434\u043e 6.1.104 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 6.2 \u0434\u043e 6.6.45 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.5 \u0434\u043e 5.10.223 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.11 \u0434\u043e 5.15.164 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.4.281 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), 8 (AlmaLinux), \u043e\u0442 3.13 \u0434\u043e 4.19.319 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), 3.0 (ROSA Virtualization 3.0)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://lore.kernel.org/linux-cve-announce/2024072924-CVE-2024-41042-c338@gregkh/\nhttps://git.kernel.org/stable/c/1947e4c3346faa8ac7e343652c0fd3b3e394202f\nhttps://git.kernel.org/stable/c/31c35f9f89ef585f1edb53e17ac73a0ca4a9712b\t\nhttps://git.kernel.org/stable/c/717c91c6ed73e248de6a15bc53adefb81446c9d0\t\nhttps://git.kernel.org/stable/c/8246b7466c8da49d0d9e85e26cbd69dd6d3e3d1e\t\nhttps://git.kernel.org/stable/c/9df785aeb7dcc8efd1d4110bb27d26005298ebae\nhttps://git.kernel.org/stable/c/b6b6e430470e1c3c5513311cb35a15a205595abe\t\nhttps://git.kernel.org/stable/c/cd4348e0a50286282c314ad6d2b0740e7c812c24\t\nhttps://git.kernel.org/stable/c/cff3bd012a9512ac5ed858d38e6ed65f6391008c\n\n\u0414\u043b\u044f \u0420\u0415\u0414 \u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-41042\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2024-41042\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2024-41042\n\n\u0414\u043b\u044f AlmaLinux:\nhttps://errata.almalinux.org/8/ALSA-2024-8856.html\nhttps://errata.almalinux.org/8/ALSA-2024-8870.html\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux \u0434\u043e 5.4.0-202.astra1+ci4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.10 \u0434\u043e 5.10.233-1.astra1+ci1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.15 \u0434\u043e 5.15.0-127.astra1+ci4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-6.1 \u0434\u043e 6.1.124-1.astra1+ci7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17\n\n\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-6.1 \u0434\u043e 6.1.124-1.astra1+ci29 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux \u0434\u043e 5.4.0-202.astra1+ci5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.10 \u0434\u043e 5.10.233-1.astra1+ci2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-5.15 \u0434\u043e 5.15.0-127.astra1+ci5 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-6.1 \u0434\u043e 6.1.124-1.astra2+ci4 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2863",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.07.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.08.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.02.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-01333",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-41042, ROS-20250122-02, ALSA-2024:8856, ALSA-2024:8870",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Linux, AlmaLinux, ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 9 , Canonical Ltd. Ubuntu 18.04 ESM , Canonical Ltd. Ubuntu 24.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Almalinux OS Foundation AlmaLinux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 6.10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 3.13 \u0434\u043e 6.9.10 , \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() \u0438 nft_validate_register_store() (net/netfilter/nf_tables_api.c) \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 netfilter \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-20), \u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0441\u0442\u0435\u043a\u0435 (CWE-121)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 nf_tables_rule_release(), nft_chain_validate(), nft_chain_validate_hooks() \u0438 nft_validate_register_store() (net/netfilter/nf_tables_api.c) \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 netfilter \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438.",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438, \u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/CVE-2024-41042\nhttps://errata.almalinux.org/8/ALSA-2024-8856.html\nhttps://errata.almalinux.org/8/ALSA-2024-8870.html\nhttps://git.kernel.org/linus/cff3bd012a9512ac5ed858d38e6ed65f6391008c\nhttps://git.kernel.org/stable/c/1947e4c3346faa8ac7e343652c0fd3b3e394202f\nhttps://git.kernel.org/stable/c/31c35f9f89ef585f1edb53e17ac73a0ca4a9712b\nhttps://git.kernel.org/stable/c/717c91c6ed73e248de6a15bc53adefb81446c9d0\nhttps://git.kernel.org/stable/c/8246b7466c8da49d0d9e85e26cbd69dd6d3e3d1e\nhttps://git.kernel.org/stable/c/9df785aeb7dcc8efd1d4110bb27d26005298ebae\nhttps://git.kernel.org/stable/c/b6b6e430470e1c3c5513311cb35a15a205595abe\nhttps://git.kernel.org/stable/c/cd4348e0a50286282c314ad6d2b0740e7c812c24\nhttps://git.kernel.org/stable/c/cff3bd012a9512ac5ed858d38e6ed65f6391008c\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.320\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.224\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.165\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.282\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.105\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.46\nhttps://kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9.10\nhttps://lore.kernel.org/linux-cve-announce/2024072924-CVE-2024-41042-c338@gregkh/\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-kernel-lt-220125/?sphrase_id=690326\nhttps://security-tracker.debian.org/tracker/CVE-2024-41042\nhttps://ubuntu.com/security/CVE-2024-41042\nhttps://ubuntu.com/security/notices/USN-7088-1\nhttps://ubuntu.com/security/notices/USN-7088-2\nhttps://ubuntu.com/security/notices/USN-7088-3\nhttps://ubuntu.com/security/notices/USN-7088-4\nhttps://ubuntu.com/security/notices/USN-7088-5\nhttps://ubuntu.com/security/notices/USN-7089-1\nhttps://ubuntu.com/security/notices/USN-7089-2\nhttps://ubuntu.com/security/notices/USN-7089-3\nhttps://ubuntu.com/security/notices/USN-7089-4\nhttps://ubuntu.com/security/notices/USN-7089-5\nhttps://ubuntu.com/security/notices/USN-7089-6\nhttps://ubuntu.com/security/notices/USN-7089-7\nhttps://ubuntu.com/security/notices/USN-7090-1\nhttps://ubuntu.com/security/notices/USN-7095-1\nhttps://ubuntu.com/security/notices/USN-7100-1\nhttps://ubuntu.com/security/notices/USN-7100-2\nhttps://ubuntu.com/security/notices/USN-7119-1\nhttps://ubuntu.com/security/notices/USN-7123-1\nhttps://ubuntu.com/security/notices/USN-7144-1\nhttps://ubuntu.com/security/notices/USN-7156-1\nhttps://ubuntu.com/security/notices/USN-7194-1\nhttps://www.cve.org/CVERecord?id=CVE-2024-41042\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-0319SE17\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-0422SE47\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2863",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-20, CWE-121",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,7)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,1)"
}
BDU:2025-02069
Vulnerability from fstec - Published: 03.06.2024
VLAI Severity ?
Title
Уязвимость функций amdgpu_vkms_prepare_fb() и amdgpu_vkms_cleanup_fb() (drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функций amdgpu_vkms_prepare_fb() и amdgpu_vkms_cleanup_fb() (drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c) ядра операционной системы Linux связана с разыменованием указателей. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании
Severity ?
Vendor
Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», Almalinux OS Foundation, АО «НТЦ ИТ РОСА», АО "НППКТ"
Software Name
Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), AlmaLinux, Linux, ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
8 (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 8.8 Extended Update Support (Red Hat Enterprise Linux), 9.2 Extended Update Support (Red Hat Enterprise Linux), 24.04 LTS (Ubuntu), 1.8 (Astra Linux Special Edition), 8 (AlmaLinux), 9.4 Extended Update Support (Red Hat Enterprise Linux), до 5.15.162 (Linux), до 6.1.97 (Linux), до 6.6.37 (Linux), до 6.9.8 (Linux), от 6.10 до 6.10 rc6 (Linux), 3.0 (ROSA Virtualization 3.0), до 2.14 (ОСОН ОСнова Оnyx)
Possible Mitigations
Использование рекомендаций:
Для Linux:
https://lore.kernel.org/linux-cve-announce/2024072953-CVE-2024-41093-9d6c@gregkh/
https://git.kernel.org/stable/c/7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc
https://git.kernel.org/stable/c/6ce0544cabaa608018d5922ab404dc656a9d8447
https://git.kernel.org/stable/c/330c8c1453848c04d335bad81371a66710210800
https://git.kernel.org/stable/c/dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46
https://git.kernel.org/stable/c/bcfa48ff785bd121316592b131ff6531e3e696bb
Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-41093
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2024-41093
Для Ubuntu:
https://ubuntu.com/security/CVE-2024-41093
Для AlmaLinux:
https://errata.almalinux.org/8/ALSA-2024-8856.html
https://errata.almalinux.org/8/ALSA-2024-8870.html
Компенсирующие меры:
В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2774
Для ОС Astra Linux:
- обновить пакет linux-6.1 до 6.1.124-1.astra1+ci29 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18
- обновить пакет linux-6.6 до 6.12.11-1.astra1+ci18 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2863
Обновление программного обеспечения linux до версии 6.6.108-0.osnova2u1
Reference
https://git.kernel.org/stable/c/330c8c1453848c04d335bad81371a66710210800
https://git.kernel.org/stable/c/6ce0544cabaa608018d5922ab404dc656a9d8447
https://git.kernel.org/stable/c/7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc
https://git.kernel.org/stable/c/bcfa48ff785bd121316592b131ff6531e3e696bb
https://git.kernel.org/stable/c/dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46
https://lore.kernel.org/linux-cve-announce/2024072953-CVE-2024-41093-9d6c@gregkh/
https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-kernel-lt-230125/?sphrase_id=742902
https://security-tracker.debian.org/tracker/CVE-2024-41093
https://access.redhat.com/security/cve/CVE-2024-41093
https://errata.almalinux.org/8/ALSA-2024-8856.html
https://errata.almalinux.org/8/ALSA-2024-8870.html
https://ubuntu.com/security/CVE-2024-41093
https://abf.rosa.ru/advisories/ROSA-SA-2025-2774
https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18
https://abf.rosa.ru/advisories/ROSA-SA-2025-2863
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.14/
CWE
CWE-388, CWE-476
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Almalinux OS Foundation, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "8 (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 22.04 LTS (Ubuntu), 9 (Red Hat Enterprise Linux), 8.8 Extended Update Support (Red Hat Enterprise Linux), 9.2 Extended Update Support (Red Hat Enterprise Linux), 24.04 LTS (Ubuntu), 1.8 (Astra Linux Special Edition), 8 (AlmaLinux), 9.4 Extended Update Support (Red Hat Enterprise Linux), \u0434\u043e 5.15.162 (Linux), \u0434\u043e 6.1.97 (Linux), \u0434\u043e 6.6.37 (Linux), \u0434\u043e 6.9.8 (Linux), \u043e\u0442 6.10 \u0434\u043e 6.10 rc6 (Linux), 3.0 (ROSA Virtualization 3.0), \u0434\u043e 2.14 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://lore.kernel.org/linux-cve-announce/2024072953-CVE-2024-41093-9d6c@gregkh/\nhttps://git.kernel.org/stable/c/7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc\nhttps://git.kernel.org/stable/c/6ce0544cabaa608018d5922ab404dc656a9d8447\nhttps://git.kernel.org/stable/c/330c8c1453848c04d335bad81371a66710210800\nhttps://git.kernel.org/stable/c/dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46\nhttps://git.kernel.org/stable/c/bcfa48ff785bd121316592b131ff6531e3e696bb\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-41093\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2024-41093\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2024-41093\n\n\u0414\u043b\u044f AlmaLinux:\nhttps://errata.almalinux.org/8/ALSA-2024-8856.html\nhttps://errata.almalinux.org/8/ALSA-2024-8870.html\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n\u0412 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u0438\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0442\u044c\u0441\u044f \"\u0420\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c LINUX\", \u0438\u0437\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u0432 \u043c\u0435\u0442\u043e\u0434\u0438\u0447\u0435\u0441\u043a\u043e\u043c \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0435 \u0424\u0421\u0422\u042d\u041a \u0420\u043e\u0441\u0441\u0438\u0438, \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u043e\u043c 25 \u0434\u0435\u043a\u0430\u0431\u0440\u044f 2022 \u0433\u043e\u0434\u0430.\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2774\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-6.1 \u0434\u043e 6.1.124-1.astra1+ci29 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18\n- \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 linux-6.6 \u0434\u043e 6.12.11-1.astra1+ci18 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2863\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f linux \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 6.6.108-0.osnova2u1",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.06.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.10.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "26.02.2025",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-02069",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-41093, ROS-20250123-01, ALSA-2024:8856, ALSA-2024:8870",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), AlmaLinux, Linux, ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , Canonical Ltd. Ubuntu 20.04 LTS , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Canonical Ltd. Ubuntu 22.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 9 , Red Hat Inc. Red Hat Enterprise Linux 8.8 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 9.2 Extended Update Support , Canonical Ltd. Ubuntu 24.04 LTS , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Almalinux OS Foundation AlmaLinux 8 , Red Hat Inc. Red Hat Enterprise Linux 9.4 Extended Update Support , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 5.15.162 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 6.1.97 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 6.6.37 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 6.9.8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u043e\u0442 6.10 \u0434\u043e 6.10 rc6 , \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.14 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 amdgpu_vkms_prepare_fb() \u0438 amdgpu_vkms_cleanup_fb() (drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u043e\u0448\u0438\u0431\u043e\u043a (CWE-388), \u0420\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u044f NULL (CWE-476)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 amdgpu_vkms_prepare_fb() \u0438 amdgpu_vkms_cleanup_fb() (drivers/gpu/drm/amd/amdgpu/amdgpu_vkms.c) \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0440\u0430\u0437\u044b\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0443\u043a\u0430\u0437\u0430\u0442\u0435\u043b\u0435\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438, \u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://git.kernel.org/stable/c/330c8c1453848c04d335bad81371a66710210800\nhttps://git.kernel.org/stable/c/6ce0544cabaa608018d5922ab404dc656a9d8447\nhttps://git.kernel.org/stable/c/7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc\nhttps://git.kernel.org/stable/c/bcfa48ff785bd121316592b131ff6531e3e696bb\nhttps://git.kernel.org/stable/c/dd9ec0ea4cdde0fc48116e63969fc83e81d7ef46\nhttps://lore.kernel.org/linux-cve-announce/2024072953-CVE-2024-41093-9d6c@gregkh/\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-kernel-lt-230125/?sphrase_id=742902\nhttps://security-tracker.debian.org/tracker/CVE-2024-41093\nhttps://access.redhat.com/security/cve/CVE-2024-41093\nhttps://errata.almalinux.org/8/ALSA-2024-8856.html\nhttps://errata.almalinux.org/8/ALSA-2024-8870.html\nhttps://ubuntu.com/security/CVE-2024-41093\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2774\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0411SE18\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2863\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.14/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-388, CWE-476",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…