Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0106
Vulnerability from certfr_avis - Published: 2026-01-30 - Updated: 2026-01-30
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 24.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 22.04 LTS",
"product": {
"name": "Ubuntu",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-47485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47485"
},
{
"name": "CVE-2025-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22036"
},
{
"name": "CVE-2024-50195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50195"
},
{
"name": "CVE-2024-56606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56606"
},
{
"name": "CVE-2022-48986",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48986"
},
{
"name": "CVE-2024-27078",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27078"
},
{
"name": "CVE-2024-56756",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56756"
},
{
"name": "CVE-2025-21647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21647"
},
{
"name": "CVE-2024-49959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49959"
},
{
"name": "CVE-2025-21715",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21715"
},
{
"name": "CVE-2024-46827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46827"
},
{
"name": "CVE-2022-49390",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49390"
},
{
"name": "CVE-2024-57850",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57850"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2025-21704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21704"
},
{
"name": "CVE-2024-53164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53164"
},
{
"name": "CVE-2024-53217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53217"
},
{
"name": "CVE-2022-49026",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49026"
},
{
"name": "CVE-2025-21692",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21692"
},
{
"name": "CVE-2025-39993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39993"
},
{
"name": "CVE-2025-38352",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38352"
},
{
"name": "CVE-2024-26689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26689"
},
{
"name": "CVE-2024-50090",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50090"
},
{
"name": "CVE-2024-58083",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-58083"
}
],
"initial_release_date": "2026-01-30T00:00:00",
"last_revision_date": "2026-01-30T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0106",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7986-1",
"url": "https://ubuntu.com/security/notices/USN-7986-1"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7987-2",
"url": "https://ubuntu.com/security/notices/USN-7987-2"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7988-1",
"url": "https://ubuntu.com/security/notices/USN-7988-1"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7987-1",
"url": "https://ubuntu.com/security/notices/USN-7987-1"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-7988-2",
"url": "https://ubuntu.com/security/notices/USN-7988-2"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu LSN-0117-1",
"url": "https://ubuntu.com/security/notices/LSN-0117-1"
}
]
}
CVE-2021-47485 (GCVE-0-2021-47485)
Vulnerability from cvelistv5 – Published: 2024-05-22 08:19 – Updated: 2026-05-11 13:55
VLAI
EPSS
Title
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
Summary
In the Linux kernel, the following vulnerability has been resolved:
IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields
Overflowing either addrlimit or bytes_togo can allow userspace to trigger
a buffer overflow of kernel memory. Check for overflows in all the places
doing math on user controlled buffers.
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
f931551bafe1f10ded7f5282e2aa162c267a2e5d , < bda41654b6e0c125a624ca35d6d20beb8015b5d0
(git)
Affected: f931551bafe1f10ded7f5282e2aa162c267a2e5d , < 3f57c3f67fd93b4da86aeffea1ca32c484d054ad (git) Affected: f931551bafe1f10ded7f5282e2aa162c267a2e5d , < 60833707b968d5ae02a75edb7886dcd4a957cf0d (git) Affected: f931551bafe1f10ded7f5282e2aa162c267a2e5d , < 73d2892148aa4397a885b4f4afcfc5b27a325c42 (git) Affected: f931551bafe1f10ded7f5282e2aa162c267a2e5d , < 0f8cdfff06829a0b0348b6debc29ff6a61967724 (git) Affected: f931551bafe1f10ded7f5282e2aa162c267a2e5d , < c3e17e58f571f34c51aeb17274ed02c2ed5cf780 (git) Affected: f931551bafe1f10ded7f5282e2aa162c267a2e5d , < 0d4395477741608d123dad51def9fe50b7ebe952 (git) Affected: f931551bafe1f10ded7f5282e2aa162c267a2e5d , < d39bf40e55e666b5905fdbd46a0dced030ce87be (git) |
|
| Linux | Linux |
Affected:
2.6.35
Unaffected: 0 , < 2.6.35 (semver) Unaffected: 4.4.292 , ≤ 4.4.* (semver) Unaffected: 4.9.290 , ≤ 4.9.* (semver) Unaffected: 4.14.255 , ≤ 4.14.* (semver) Unaffected: 4.19.216 , ≤ 4.19.* (semver) Unaffected: 5.4.157 , ≤ 5.4.* (semver) Unaffected: 5.10.77 , ≤ 5.10.* (semver) Unaffected: 5.14.16 , ≤ 5.14.* (semver) Unaffected: 5.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:45:08.968768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:14:26.389Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:39:59.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bda41654b6e0c125a624ca35d6d20beb8015b5d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f57c3f67fd93b4da86aeffea1ca32c484d054ad"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/60833707b968d5ae02a75edb7886dcd4a957cf0d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/73d2892148aa4397a885b4f4afcfc5b27a325c42"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f8cdfff06829a0b0348b6debc29ff6a61967724"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c3e17e58f571f34c51aeb17274ed02c2ed5cf780"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d4395477741608d123dad51def9fe50b7ebe952"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d39bf40e55e666b5905fdbd46a0dced030ce87be"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/qib/qib_user_sdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bda41654b6e0c125a624ca35d6d20beb8015b5d0",
"status": "affected",
"version": "f931551bafe1f10ded7f5282e2aa162c267a2e5d",
"versionType": "git"
},
{
"lessThan": "3f57c3f67fd93b4da86aeffea1ca32c484d054ad",
"status": "affected",
"version": "f931551bafe1f10ded7f5282e2aa162c267a2e5d",
"versionType": "git"
},
{
"lessThan": "60833707b968d5ae02a75edb7886dcd4a957cf0d",
"status": "affected",
"version": "f931551bafe1f10ded7f5282e2aa162c267a2e5d",
"versionType": "git"
},
{
"lessThan": "73d2892148aa4397a885b4f4afcfc5b27a325c42",
"status": "affected",
"version": "f931551bafe1f10ded7f5282e2aa162c267a2e5d",
"versionType": "git"
},
{
"lessThan": "0f8cdfff06829a0b0348b6debc29ff6a61967724",
"status": "affected",
"version": "f931551bafe1f10ded7f5282e2aa162c267a2e5d",
"versionType": "git"
},
{
"lessThan": "c3e17e58f571f34c51aeb17274ed02c2ed5cf780",
"status": "affected",
"version": "f931551bafe1f10ded7f5282e2aa162c267a2e5d",
"versionType": "git"
},
{
"lessThan": "0d4395477741608d123dad51def9fe50b7ebe952",
"status": "affected",
"version": "f931551bafe1f10ded7f5282e2aa162c267a2e5d",
"versionType": "git"
},
{
"lessThan": "d39bf40e55e666b5905fdbd46a0dced030ce87be",
"status": "affected",
"version": "f931551bafe1f10ded7f5282e2aa162c267a2e5d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/qib/qib_user_sdma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.292",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.290",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.255",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.216",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.157",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.14.*",
"status": "unaffected",
"version": "5.14.16",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.292",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.290",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.255",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.216",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.157",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.77",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14.16",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields\n\nOverflowing either addrlimit or bytes_togo can allow userspace to trigger\na buffer overflow of kernel memory. Check for overflows in all the places\ndoing math on user controlled buffers."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:55:35.903Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bda41654b6e0c125a624ca35d6d20beb8015b5d0"
},
{
"url": "https://git.kernel.org/stable/c/3f57c3f67fd93b4da86aeffea1ca32c484d054ad"
},
{
"url": "https://git.kernel.org/stable/c/60833707b968d5ae02a75edb7886dcd4a957cf0d"
},
{
"url": "https://git.kernel.org/stable/c/73d2892148aa4397a885b4f4afcfc5b27a325c42"
},
{
"url": "https://git.kernel.org/stable/c/0f8cdfff06829a0b0348b6debc29ff6a61967724"
},
{
"url": "https://git.kernel.org/stable/c/c3e17e58f571f34c51aeb17274ed02c2ed5cf780"
},
{
"url": "https://git.kernel.org/stable/c/0d4395477741608d123dad51def9fe50b7ebe952"
},
{
"url": "https://git.kernel.org/stable/c/d39bf40e55e666b5905fdbd46a0dced030ce87be"
}
],
"title": "IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47485",
"datePublished": "2024-05-22T08:19:36.158Z",
"dateReserved": "2024-05-22T06:20:56.201Z",
"dateUpdated": "2026-05-11T13:55:35.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48986 (GCVE-0-2022-48986)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2026-05-23 15:21
VLAI
EPSS
Title
mm/gup: fix gup_pud_range() for dax
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm/gup: fix gup_pud_range() for dax
For dax pud, pud_huge() returns true on x86. So the function works as long
as hugetlb is configured. However, dax doesn't depend on hugetlb.
Commit 414fd080d125 ("mm/gup: fix gup_pmd_range() for dax") fixed
devmap-backed huge PMDs, but missed devmap-backed huge PUDs. Fix this as
well.
This fixes the below kernel panic:
general protection fault, probably for non-canonical address 0x69e7c000cc478: 0000 [#1] SMP
< snip >
Call Trace:
<TASK>
get_user_pages_fast+0x1f/0x40
iov_iter_get_pages+0xc6/0x3b0
? mempool_alloc+0x5d/0x170
bio_iov_iter_get_pages+0x82/0x4e0
? bvec_alloc+0x91/0xc0
? bio_alloc_bioset+0x19a/0x2a0
blkdev_direct_IO+0x282/0x480
? __io_complete_rw_common+0xc0/0xc0
? filemap_range_has_page+0x82/0xc0
generic_file_direct_write+0x9d/0x1a0
? inode_update_time+0x24/0x30
__generic_file_write_iter+0xbd/0x1e0
blkdev_write_iter+0xb4/0x150
? io_import_iovec+0x8d/0x340
io_write+0xf9/0x300
io_issue_sqe+0x3c3/0x1d30
? sysvec_reschedule_ipi+0x6c/0x80
__io_queue_sqe+0x33/0x240
? fget+0x76/0xa0
io_submit_sqes+0xe6a/0x18d0
? __fget_light+0xd1/0x100
__x64_sys_io_uring_enter+0x199/0x880
? __context_tracking_enter+0x1f/0x70
? irqentry_exit_to_user_mode+0x24/0x30
? irqentry_exit+0x1d/0x30
? __context_tracking_exit+0xe/0x70
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7fc97c11a7be
< snip >
</TASK>
---[ end trace 48b2e0e67debcaeb ]---
RIP: 0010:internal_get_user_pages_fast+0x340/0x990
< snip >
Kernel panic - not syncing: Fatal exception
Kernel Offset: disabled
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
414fd080d125408cb15d04ff4907e1dd8145c8c7 , < 04edfa3dc06ecfc6133a33bc7271298782dee875
(git)
Affected: 414fd080d125408cb15d04ff4907e1dd8145c8c7 , < f1cf856123ceb766c49967ec79b841030fa1741f (git) Affected: 414fd080d125408cb15d04ff4907e1dd8145c8c7 , < 3ac29732a2ffa64c7de13a072b0f2848b9c11037 (git) Affected: 414fd080d125408cb15d04ff4907e1dd8145c8c7 , < e06d13c36ded750c72521b600293befebb4e56c5 (git) Affected: 414fd080d125408cb15d04ff4907e1dd8145c8c7 , < fcd0ccd836ffad73d98a66f6fea7b16f735ea920 (git) Affected: c133d8eb894cb280f331608c6f1962ba9fbfe6b0 (git) Affected: 538162d21ac877b060dc057c89f13718f5caffc5 (git) Affected: 8b1a7762e0dac5db42a003009fdcb425f10baa07 (git) Affected: 4.9.165 , < 4.10 (semver) Affected: 4.14.108 , < 4.15 (semver) Affected: 4.19.31 , < 4.20 (semver) |
|
| Linux | Linux |
Affected:
5.0
Unaffected: 0 , < 5.0 (semver) Unaffected: 5.4.227 , ≤ 5.4.* (semver) Unaffected: 5.10.159 , ≤ 5.10.* (semver) Unaffected: 5.15.83 , ≤ 5.15.* (semver) Unaffected: 6.0.13 , ≤ 6.0.* (semver) Unaffected: 6.1 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48986",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:17:13.077740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:42.957Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/gup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "04edfa3dc06ecfc6133a33bc7271298782dee875",
"status": "affected",
"version": "414fd080d125408cb15d04ff4907e1dd8145c8c7",
"versionType": "git"
},
{
"lessThan": "f1cf856123ceb766c49967ec79b841030fa1741f",
"status": "affected",
"version": "414fd080d125408cb15d04ff4907e1dd8145c8c7",
"versionType": "git"
},
{
"lessThan": "3ac29732a2ffa64c7de13a072b0f2848b9c11037",
"status": "affected",
"version": "414fd080d125408cb15d04ff4907e1dd8145c8c7",
"versionType": "git"
},
{
"lessThan": "e06d13c36ded750c72521b600293befebb4e56c5",
"status": "affected",
"version": "414fd080d125408cb15d04ff4907e1dd8145c8c7",
"versionType": "git"
},
{
"lessThan": "fcd0ccd836ffad73d98a66f6fea7b16f735ea920",
"status": "affected",
"version": "414fd080d125408cb15d04ff4907e1dd8145c8c7",
"versionType": "git"
},
{
"status": "affected",
"version": "c133d8eb894cb280f331608c6f1962ba9fbfe6b0",
"versionType": "git"
},
{
"status": "affected",
"version": "538162d21ac877b060dc057c89f13718f5caffc5",
"versionType": "git"
},
{
"status": "affected",
"version": "8b1a7762e0dac5db42a003009fdcb425f10baa07",
"versionType": "git"
},
{
"lessThan": "4.10",
"status": "affected",
"version": "4.9.165",
"versionType": "semver"
},
{
"lessThan": "4.15",
"status": "affected",
"version": "4.14.108",
"versionType": "semver"
},
{
"lessThan": "4.20",
"status": "affected",
"version": "4.19.31",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/gup.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.0"
},
{
"lessThan": "5.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.159",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.227",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.159",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.83",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.13",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9.165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.108",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/gup: fix gup_pud_range() for dax\n\nFor dax pud, pud_huge() returns true on x86. So the function works as long\nas hugetlb is configured. However, dax doesn\u0027t depend on hugetlb.\nCommit 414fd080d125 (\"mm/gup: fix gup_pmd_range() for dax\") fixed\ndevmap-backed huge PMDs, but missed devmap-backed huge PUDs. Fix this as\nwell.\n\nThis fixes the below kernel panic:\n\ngeneral protection fault, probably for non-canonical address 0x69e7c000cc478: 0000 [#1] SMP\n\t\u003c snip \u003e\nCall Trace:\n\u003cTASK\u003e\nget_user_pages_fast+0x1f/0x40\niov_iter_get_pages+0xc6/0x3b0\n? mempool_alloc+0x5d/0x170\nbio_iov_iter_get_pages+0x82/0x4e0\n? bvec_alloc+0x91/0xc0\n? bio_alloc_bioset+0x19a/0x2a0\nblkdev_direct_IO+0x282/0x480\n? __io_complete_rw_common+0xc0/0xc0\n? filemap_range_has_page+0x82/0xc0\ngeneric_file_direct_write+0x9d/0x1a0\n? inode_update_time+0x24/0x30\n__generic_file_write_iter+0xbd/0x1e0\nblkdev_write_iter+0xb4/0x150\n? io_import_iovec+0x8d/0x340\nio_write+0xf9/0x300\nio_issue_sqe+0x3c3/0x1d30\n? sysvec_reschedule_ipi+0x6c/0x80\n__io_queue_sqe+0x33/0x240\n? fget+0x76/0xa0\nio_submit_sqes+0xe6a/0x18d0\n? __fget_light+0xd1/0x100\n__x64_sys_io_uring_enter+0x199/0x880\n? __context_tracking_enter+0x1f/0x70\n? irqentry_exit_to_user_mode+0x24/0x30\n? irqentry_exit+0x1d/0x30\n? __context_tracking_exit+0xe/0x70\ndo_syscall_64+0x3b/0x90\nentry_SYSCALL_64_after_hwframe+0x61/0xcb\nRIP: 0033:0x7fc97c11a7be\n\t\u003c snip \u003e\n\u003c/TASK\u003e\n---[ end trace 48b2e0e67debcaeb ]---\nRIP: 0010:internal_get_user_pages_fast+0x340/0x990\n\t\u003c snip \u003e\nKernel panic - not syncing: Fatal exception\nKernel Offset: disabled"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:21:16.864Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/04edfa3dc06ecfc6133a33bc7271298782dee875"
},
{
"url": "https://git.kernel.org/stable/c/f1cf856123ceb766c49967ec79b841030fa1741f"
},
{
"url": "https://git.kernel.org/stable/c/3ac29732a2ffa64c7de13a072b0f2848b9c11037"
},
{
"url": "https://git.kernel.org/stable/c/e06d13c36ded750c72521b600293befebb4e56c5"
},
{
"url": "https://git.kernel.org/stable/c/fcd0ccd836ffad73d98a66f6fea7b16f735ea920"
}
],
"title": "mm/gup: fix gup_pud_range() for dax",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48986",
"datePublished": "2024-10-21T20:06:02.502Z",
"dateReserved": "2024-08-22T01:27:53.634Z",
"dateUpdated": "2026-05-23T15:21:16.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49026 (GCVE-0-2022-49026)
Vulnerability from cvelistv5 – Published: 2024-10-21 20:06 – Updated: 2026-05-11 18:51
VLAI
EPSS
Title
e100: Fix possible use after free in e100_xmit_prepare
Summary
In the Linux kernel, the following vulnerability has been resolved:
e100: Fix possible use after free in e100_xmit_prepare
In e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so
e100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will
resend the skb. But the skb is already freed, which will cause UAF bug
when the upper layer resends the skb.
Remove the harmful free.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
5e5d49422dfb035ca9e280cd61d434095c151272 , < b775f37d943966f6f77dca402f5a9dedce502c25
(git)
Affected: 5e5d49422dfb035ca9e280cd61d434095c151272 , < 9fc27d22cdb9b1fcd754599d216a8992fed280cd (git) Affected: 5e5d49422dfb035ca9e280cd61d434095c151272 , < b46f6144ab89d3d757ead940759c505091626a7d (git) Affected: 5e5d49422dfb035ca9e280cd61d434095c151272 , < 45605c75c52c7ae7bfe902214343aabcfe5ba0ff (git) |
|
| Linux | Linux |
Affected:
4.3
Unaffected: 0 , < 4.3 (semver) Unaffected: 5.10.158 , ≤ 5.10.* (semver) Unaffected: 5.15.82 , ≤ 5.15.* (semver) Unaffected: 6.0.12 , ≤ 6.0.* (semver) Unaffected: 6.1 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-49026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:11:54.975076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:18:36.450Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/e100.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b775f37d943966f6f77dca402f5a9dedce502c25",
"status": "affected",
"version": "5e5d49422dfb035ca9e280cd61d434095c151272",
"versionType": "git"
},
{
"lessThan": "9fc27d22cdb9b1fcd754599d216a8992fed280cd",
"status": "affected",
"version": "5e5d49422dfb035ca9e280cd61d434095c151272",
"versionType": "git"
},
{
"lessThan": "b46f6144ab89d3d757ead940759c505091626a7d",
"status": "affected",
"version": "5e5d49422dfb035ca9e280cd61d434095c151272",
"versionType": "git"
},
{
"lessThan": "45605c75c52c7ae7bfe902214343aabcfe5ba0ff",
"status": "affected",
"version": "5e5d49422dfb035ca9e280cd61d434095c151272",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/e100.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.158",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.82",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.0.*",
"status": "unaffected",
"version": "6.0.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.158",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.82",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.12",
"versionStartIncluding": "4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1",
"versionStartIncluding": "4.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ne100: Fix possible use after free in e100_xmit_prepare\n\nIn e100_xmit_prepare(), if we can\u0027t map the skb, then return -ENOMEM, so\ne100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will\nresend the skb. But the skb is already freed, which will cause UAF bug\nwhen the upper layer resends the skb.\n\nRemove the harmful free."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T18:51:46.426Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b775f37d943966f6f77dca402f5a9dedce502c25"
},
{
"url": "https://git.kernel.org/stable/c/9fc27d22cdb9b1fcd754599d216a8992fed280cd"
},
{
"url": "https://git.kernel.org/stable/c/b46f6144ab89d3d757ead940759c505091626a7d"
},
{
"url": "https://git.kernel.org/stable/c/45605c75c52c7ae7bfe902214343aabcfe5ba0ff"
}
],
"title": "e100: Fix possible use after free in e100_xmit_prepare",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49026",
"datePublished": "2024-10-21T20:06:31.876Z",
"dateReserved": "2024-08-22T01:27:53.651Z",
"dateUpdated": "2026-05-11T18:51:46.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-49390 (GCVE-0-2022-49390)
Vulnerability from cvelistv5 – Published: 2025-02-26 02:11 – Updated: 2026-05-23 15:22
VLAI
EPSS
Title
macsec: fix UAF bug for real_dev
Summary
In the Linux kernel, the following vulnerability has been resolved:
macsec: fix UAF bug for real_dev
Create a new macsec device but not get reference to real_dev. That can
not ensure that real_dev is freed after macsec. That will trigger the
UAF bug for real_dev as following:
==================================================================
BUG: KASAN: use-after-free in macsec_get_iflink+0x5f/0x70 drivers/net/macsec.c:3662
Call Trace:
...
macsec_get_iflink+0x5f/0x70 drivers/net/macsec.c:3662
dev_get_iflink+0x73/0xe0 net/core/dev.c:637
default_operstate net/core/link_watch.c:42 [inline]
rfc2863_policy+0x233/0x2d0 net/core/link_watch.c:54
linkwatch_do_dev+0x2a/0x150 net/core/link_watch.c:161
Allocated by task 22209:
...
alloc_netdev_mqs+0x98/0x1100 net/core/dev.c:10549
rtnl_create_link+0x9d7/0xc00 net/core/rtnetlink.c:3235
veth_newlink+0x20e/0xa90 drivers/net/veth.c:1748
Freed by task 8:
...
kfree+0xd6/0x4d0 mm/slub.c:4552
kvfree+0x42/0x50 mm/util.c:615
device_release+0x9f/0x240 drivers/base/core.c:2229
kobject_cleanup lib/kobject.c:673 [inline]
kobject_release lib/kobject.c:704 [inline]
kref_put include/linux/kref.h:65 [inline]
kobject_put+0x1c8/0x540 lib/kobject.c:721
netdev_run_todo+0x72e/0x10b0 net/core/dev.c:10327
After commit faab39f63c1f ("net: allow out-of-order netdev unregistration")
and commit e5f80fcf869a ("ipv6: give an IPv6 dev to blackhole_netdev"), we
can add dev_hold_track() in macsec_dev_init() and dev_put_track() in
macsec_free_netdev() to fix the problem.
Severity
7.8 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
2bce1ebed17da54c65042ec2b962e3234bad5b47 , < 78933cbc143b82d02330e00900d2fd08f2682f4e
(git)
Affected: 2bce1ebed17da54c65042ec2b962e3234bad5b47 , < d130282179aa6051449ac8f8df1115769998a665 (git) Affected: 2bce1ebed17da54c65042ec2b962e3234bad5b47 , < 196a888ca6571deb344468e1d7138e3273206335 (git) Affected: 1861904a6092ed411203c6a02c75bfc45b27cc3c (git) Affected: 3a2675a2d97a68332fa5c33043038bfeb31455a8 (git) Affected: b0add6db3d5ec4561cab257358871a9d3df7f0a3 (git) Affected: 4.14.154 , < 4.15 (semver) Affected: 4.19.84 , < 4.20 (semver) Affected: 5.3.11 , < 5.4 (semver) |
|
| Linux | Linux |
Affected:
5.4
Unaffected: 0 , < 5.4 (semver) Unaffected: 5.17.15 , ≤ 5.17.* (semver) Unaffected: 5.18.3 , ≤ 5.18.* (semver) Unaffected: 5.19 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-49390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-27T17:58:33.560218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T18:02:28.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/macsec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "78933cbc143b82d02330e00900d2fd08f2682f4e",
"status": "affected",
"version": "2bce1ebed17da54c65042ec2b962e3234bad5b47",
"versionType": "git"
},
{
"lessThan": "d130282179aa6051449ac8f8df1115769998a665",
"status": "affected",
"version": "2bce1ebed17da54c65042ec2b962e3234bad5b47",
"versionType": "git"
},
{
"lessThan": "196a888ca6571deb344468e1d7138e3273206335",
"status": "affected",
"version": "2bce1ebed17da54c65042ec2b962e3234bad5b47",
"versionType": "git"
},
{
"status": "affected",
"version": "1861904a6092ed411203c6a02c75bfc45b27cc3c",
"versionType": "git"
},
{
"status": "affected",
"version": "3a2675a2d97a68332fa5c33043038bfeb31455a8",
"versionType": "git"
},
{
"status": "affected",
"version": "b0add6db3d5ec4561cab257358871a9d3df7f0a3",
"versionType": "git"
},
{
"lessThan": "4.15",
"status": "affected",
"version": "4.14.154",
"versionType": "semver"
},
{
"lessThan": "4.20",
"status": "affected",
"version": "4.19.84",
"versionType": "semver"
},
{
"lessThan": "5.4",
"status": "affected",
"version": "5.3.11",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/macsec.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.4"
},
{
"lessThan": "5.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.17.*",
"status": "unaffected",
"version": "5.17.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.18.*",
"status": "unaffected",
"version": "5.18.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.19",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17.15",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.18.3",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacsec: fix UAF bug for real_dev\n\nCreate a new macsec device but not get reference to real_dev. That can\nnot ensure that real_dev is freed after macsec. That will trigger the\nUAF bug for real_dev as following:\n\n==================================================================\nBUG: KASAN: use-after-free in macsec_get_iflink+0x5f/0x70 drivers/net/macsec.c:3662\nCall Trace:\n ...\n macsec_get_iflink+0x5f/0x70 drivers/net/macsec.c:3662\n dev_get_iflink+0x73/0xe0 net/core/dev.c:637\n default_operstate net/core/link_watch.c:42 [inline]\n rfc2863_policy+0x233/0x2d0 net/core/link_watch.c:54\n linkwatch_do_dev+0x2a/0x150 net/core/link_watch.c:161\n\nAllocated by task 22209:\n ...\n alloc_netdev_mqs+0x98/0x1100 net/core/dev.c:10549\n rtnl_create_link+0x9d7/0xc00 net/core/rtnetlink.c:3235\n veth_newlink+0x20e/0xa90 drivers/net/veth.c:1748\n\nFreed by task 8:\n ...\n kfree+0xd6/0x4d0 mm/slub.c:4552\n kvfree+0x42/0x50 mm/util.c:615\n device_release+0x9f/0x240 drivers/base/core.c:2229\n kobject_cleanup lib/kobject.c:673 [inline]\n kobject_release lib/kobject.c:704 [inline]\n kref_put include/linux/kref.h:65 [inline]\n kobject_put+0x1c8/0x540 lib/kobject.c:721\n netdev_run_todo+0x72e/0x10b0 net/core/dev.c:10327\n\nAfter commit faab39f63c1f (\"net: allow out-of-order netdev unregistration\")\nand commit e5f80fcf869a (\"ipv6: give an IPv6 dev to blackhole_netdev\"), we\ncan add dev_hold_track() in macsec_dev_init() and dev_put_track() in\nmacsec_free_netdev() to fix the problem."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T15:22:03.515Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/78933cbc143b82d02330e00900d2fd08f2682f4e"
},
{
"url": "https://git.kernel.org/stable/c/d130282179aa6051449ac8f8df1115769998a665"
},
{
"url": "https://git.kernel.org/stable/c/196a888ca6571deb344468e1d7138e3273206335"
}
],
"title": "macsec: fix UAF bug for real_dev",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-49390",
"datePublished": "2025-02-26T02:11:23.327Z",
"dateReserved": "2025-02-26T02:08:31.561Z",
"dateUpdated": "2026-05-23T15:22:03.515Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26689 (GCVE-0-2024-26689)
Vulnerability from cvelistv5 – Published: 2024-04-03 14:54 – Updated: 2026-05-11 20:02
VLAI
EPSS
Title
ceph: prevent use-after-free in encode_cap_msg()
Summary
In the Linux kernel, the following vulnerability has been resolved:
ceph: prevent use-after-free in encode_cap_msg()
In fs/ceph/caps.c, in encode_cap_msg(), "use after free" error was
caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This
implies before the refcount could be increment here, it was freed.
In same file, in "handle_cap_grant()" refcount is decremented by this
line - 'ceph_buffer_put(ci->i_xattrs.blob);'. It appears that a race
occurred and resource was freed by the latter line before the former
line could increment it.
encode_cap_msg() is called by __send_cap() and __send_cap() is called by
ceph_check_caps() after calling __prep_cap(). __prep_cap() is where
arg->xattr_buf is assigned to ci->i_xattrs.blob. This is the spot where
the refcount must be increased to prevent "use after free" error.
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
9030aaf9bf0a1eee47a154c316c789e959638b0f , < 8180d0c27b93a6eb60da1b08ea079e3926328214
(git)
Affected: 9030aaf9bf0a1eee47a154c316c789e959638b0f , < 70e329b440762390258a6fe8c0de93c9fdd56c77 (git) Affected: 9030aaf9bf0a1eee47a154c316c789e959638b0f , < f3f98d7d84b31828004545e29fd7262b9f444139 (git) Affected: 9030aaf9bf0a1eee47a154c316c789e959638b0f , < ae20db45e482303a20e56f2db667a9d9c54ac7e7 (git) Affected: 9030aaf9bf0a1eee47a154c316c789e959638b0f , < 7958c1bf5b03c6f1f58e724dbdec93f8f60b96fc (git) Affected: 9030aaf9bf0a1eee47a154c316c789e959638b0f , < cda4672da1c26835dcbd7aec2bfed954eda9b5ef (git) |
|
| Linux | Linux |
Affected:
2.6.34
Unaffected: 0 , < 2.6.34 (semver) Unaffected: 5.10.210 , ≤ 5.10.* (semver) Unaffected: 5.15.149 , ≤ 5.15.* (semver) Unaffected: 6.1.79 , ≤ 6.1.* (semver) Unaffected: 6.6.18 , ≤ 6.6.* (semver) Unaffected: 6.7.6 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:14:12.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8180d0c27b93a6eb60da1b08ea079e3926328214"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70e329b440762390258a6fe8c0de93c9fdd56c77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f3f98d7d84b31828004545e29fd7262b9f444139"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae20db45e482303a20e56f2db667a9d9c54ac7e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7958c1bf5b03c6f1f58e724dbdec93f8f60b96fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cda4672da1c26835dcbd7aec2bfed954eda9b5ef"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26689",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-15T19:26:55.316031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T19:27:03.603Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/ceph/caps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8180d0c27b93a6eb60da1b08ea079e3926328214",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "70e329b440762390258a6fe8c0de93c9fdd56c77",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "f3f98d7d84b31828004545e29fd7262b9f444139",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "ae20db45e482303a20e56f2db667a9d9c54ac7e7",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "7958c1bf5b03c6f1f58e724dbdec93f8f60b96fc",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
},
{
"lessThan": "cda4672da1c26835dcbd7aec2bfed954eda9b5ef",
"status": "affected",
"version": "9030aaf9bf0a1eee47a154c316c789e959638b0f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/ceph/caps.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.34"
},
{
"lessThan": "2.6.34",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.18",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.6",
"versionStartIncluding": "2.6.34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "2.6.34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: prevent use-after-free in encode_cap_msg()\n\nIn fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was\ncaught by KASAN at this line - \u0027ceph_buffer_get(arg-\u003exattr_buf);\u0027. This\nimplies before the refcount could be increment here, it was freed.\n\nIn same file, in \"handle_cap_grant()\" refcount is decremented by this\nline - \u0027ceph_buffer_put(ci-\u003ei_xattrs.blob);\u0027. It appears that a race\noccurred and resource was freed by the latter line before the former\nline could increment it.\n\nencode_cap_msg() is called by __send_cap() and __send_cap() is called by\nceph_check_caps() after calling __prep_cap(). __prep_cap() is where\narg-\u003exattr_buf is assigned to ci-\u003ei_xattrs.blob. This is the spot where\nthe refcount must be increased to prevent \"use after free\" error."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:02:17.781Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8180d0c27b93a6eb60da1b08ea079e3926328214"
},
{
"url": "https://git.kernel.org/stable/c/70e329b440762390258a6fe8c0de93c9fdd56c77"
},
{
"url": "https://git.kernel.org/stable/c/f3f98d7d84b31828004545e29fd7262b9f444139"
},
{
"url": "https://git.kernel.org/stable/c/ae20db45e482303a20e56f2db667a9d9c54ac7e7"
},
{
"url": "https://git.kernel.org/stable/c/7958c1bf5b03c6f1f58e724dbdec93f8f60b96fc"
},
{
"url": "https://git.kernel.org/stable/c/cda4672da1c26835dcbd7aec2bfed954eda9b5ef"
}
],
"title": "ceph: prevent use-after-free in encode_cap_msg()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26689",
"datePublished": "2024-04-03T14:54:50.885Z",
"dateReserved": "2024-02-19T14:20:24.154Z",
"dateUpdated": "2026-05-11T20:02:17.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-27078 (GCVE-0-2024-27078)
Vulnerability from cvelistv5 – Published: 2024-05-01 13:04 – Updated: 2026-05-12 11:51
VLAI
EPSS
Title
media: v4l2-tpg: fix some memleaks in tpg_alloc
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: v4l2-tpg: fix some memleaks in tpg_alloc
In tpg_alloc, resources should be deallocated in each and every
error-handling paths, since they are allocated in for statements.
Otherwise there would be memleaks because tpg_free is called only when
tpg_alloc return 0.
Severity
No CVSS data available.
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
63881df94d3ecbb0deafa0b77da62ff2f32961c4 , < 0de691ff547d86dd54c24b40a81f9c925df8dd77
(git)
Affected: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 , < 8269ab16415f2065cd792c49b0475543936cbd79 (git) Affected: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 , < 94303a06e1852a366e9671fff46d19459f88cb28 (git) Affected: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 , < 770a57922ce36a8476c43f7400b6501c554ea511 (git) Affected: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 , < 6bf5c2fade8ed53b2d26fa9875e5b04f36c7145d (git) Affected: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 , < 4c86c772fef06f5d7a66151bac42366825db0941 (git) Affected: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 , < 31096da07933598da8522c54bd007376fb152a09 (git) Affected: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 , < 622b1cf38521569869c8f7b9fbe9e4f1a289add7 (git) Affected: 63881df94d3ecbb0deafa0b77da62ff2f32961c4 , < 8cf9c5051076e0eb958f4361d50d8b0c3ee6691c (git) |
|
| Linux | Linux |
Affected:
3.18
Unaffected: 0 , < 3.18 (semver) Unaffected: 4.19.311 , ≤ 4.19.* (semver) Unaffected: 5.4.273 , ≤ 5.4.* (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-27078",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T15:32:05.412221Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T15:32:19.858Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:27:58.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0de691ff547d86dd54c24b40a81f9c925df8dd77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8269ab16415f2065cd792c49b0475543936cbd79"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94303a06e1852a366e9671fff46d19459f88cb28"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/770a57922ce36a8476c43f7400b6501c554ea511"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6bf5c2fade8ed53b2d26fa9875e5b04f36c7145d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c86c772fef06f5d7a66151bac42366825db0941"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31096da07933598da8522c54bd007376fb152a09"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/622b1cf38521569869c8f7b9fbe9e4f1a289add7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8cf9c5051076e0eb958f4361d50d8b0c3ee6691c"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:51:31.849Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/common/v4l2-tpg/v4l2-tpg-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0de691ff547d86dd54c24b40a81f9c925df8dd77",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "8269ab16415f2065cd792c49b0475543936cbd79",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "94303a06e1852a366e9671fff46d19459f88cb28",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "770a57922ce36a8476c43f7400b6501c554ea511",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "6bf5c2fade8ed53b2d26fa9875e5b04f36c7145d",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "4c86c772fef06f5d7a66151bac42366825db0941",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "31096da07933598da8522c54bd007376fb152a09",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "622b1cf38521569869c8f7b9fbe9e4f1a289add7",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
},
{
"lessThan": "8cf9c5051076e0eb958f4361d50d8b0c3ee6691c",
"status": "affected",
"version": "63881df94d3ecbb0deafa0b77da62ff2f32961c4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/common/v4l2-tpg/v4l2-tpg-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.18"
},
{
"lessThan": "3.18",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "3.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "3.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-tpg: fix some memleaks in tpg_alloc\n\nIn tpg_alloc, resources should be deallocated in each and every\nerror-handling paths, since they are allocated in for statements.\nOtherwise there would be memleaks because tpg_free is called only when\ntpg_alloc return 0."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:09:57.841Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0de691ff547d86dd54c24b40a81f9c925df8dd77"
},
{
"url": "https://git.kernel.org/stable/c/8269ab16415f2065cd792c49b0475543936cbd79"
},
{
"url": "https://git.kernel.org/stable/c/94303a06e1852a366e9671fff46d19459f88cb28"
},
{
"url": "https://git.kernel.org/stable/c/770a57922ce36a8476c43f7400b6501c554ea511"
},
{
"url": "https://git.kernel.org/stable/c/6bf5c2fade8ed53b2d26fa9875e5b04f36c7145d"
},
{
"url": "https://git.kernel.org/stable/c/4c86c772fef06f5d7a66151bac42366825db0941"
},
{
"url": "https://git.kernel.org/stable/c/31096da07933598da8522c54bd007376fb152a09"
},
{
"url": "https://git.kernel.org/stable/c/622b1cf38521569869c8f7b9fbe9e4f1a289add7"
},
{
"url": "https://git.kernel.org/stable/c/8cf9c5051076e0eb958f4361d50d8b0c3ee6691c"
}
],
"title": "media: v4l2-tpg: fix some memleaks in tpg_alloc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-27078",
"datePublished": "2024-05-01T13:04:54.979Z",
"dateReserved": "2024-02-19T14:20:24.217Z",
"dateUpdated": "2026-05-12T11:51:31.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-46827 (GCVE-0-2024-46827)
Vulnerability from cvelistv5 – Published: 2024-09-27 12:39 – Updated: 2026-05-11 20:37
VLAI
EPSS
Title
wifi: ath12k: fix firmware crash due to invalid peer nss
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: fix firmware crash due to invalid peer nss
Currently, if the access point receives an association
request containing an Extended HE Capabilities Information
Element with an invalid MCS-NSS, it triggers a firmware
crash.
This issue arises when EHT-PHY capabilities shows support
for a bandwidth and MCS-NSS set for that particular
bandwidth is filled by zeros and due to this, driver obtains
peer_nss as 0 and sending this value to firmware causes
crash.
Address this issue by implementing a validation step for
the peer_nss value before passing it to the firmware. If
the value is greater than zero, proceed with forwarding
it to the firmware. However, if the value is invalid,
reject the association request to prevent potential
firmware crashes.
Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
d889913205cf7ebda905b1e62c5867ed4e39f6c2 , < 838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c
(git)
Affected: d889913205cf7ebda905b1e62c5867ed4e39f6c2 , < 25a15f80253a7c8776e4e4880d797d20ec864154 (git) Affected: d889913205cf7ebda905b1e62c5867ed4e39f6c2 , < db163a463bb93cd3e37e1e7b10b9726fb6f95857 (git) |
|
| Linux | Linux |
Affected:
6.3
Unaffected: 0 , < 6.3 (semver) Unaffected: 6.6.51 , ≤ 6.6.* (semver) Unaffected: 6.10.10 , ≤ 6.10.* (semver) Unaffected: 6.11 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46827",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-29T14:12:42.626537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-29T14:12:52.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "25a15f80253a7c8776e4e4880d797d20ec864154",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
},
{
"lessThan": "db163a463bb93cd3e37e1e7b10b9726fb6f95857",
"status": "affected",
"version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/ath/ath12k/mac.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.11",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.51",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.10",
"versionStartIncluding": "6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11",
"versionStartIncluding": "6.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix firmware crash due to invalid peer nss\n\nCurrently, if the access point receives an association\nrequest containing an Extended HE Capabilities Information\nElement with an invalid MCS-NSS, it triggers a firmware\ncrash.\n\nThis issue arises when EHT-PHY capabilities shows support\nfor a bandwidth and MCS-NSS set for that particular\nbandwidth is filled by zeros and due to this, driver obtains\npeer_nss as 0 and sending this value to firmware causes\ncrash.\n\nAddress this issue by implementing a validation step for\nthe peer_nss value before passing it to the firmware. If\nthe value is greater than zero, proceed with forwarding\nit to the firmware. However, if the value is invalid,\nreject the association request to prevent potential\nfirmware crashes.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:37:19.302Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/838c2cfdb6be7d7d8c06c711edf893eb34ca2e7c"
},
{
"url": "https://git.kernel.org/stable/c/25a15f80253a7c8776e4e4880d797d20ec864154"
},
{
"url": "https://git.kernel.org/stable/c/db163a463bb93cd3e37e1e7b10b9726fb6f95857"
}
],
"title": "wifi: ath12k: fix firmware crash due to invalid peer nss",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-46827",
"datePublished": "2024-09-27T12:39:26.478Z",
"dateReserved": "2024-09-11T15:12:18.285Z",
"dateUpdated": "2026-05-11T20:37:19.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-49959 (GCVE-0-2024-49959)
Vulnerability from cvelistv5 – Published: 2024-10-21 18:02 – Updated: 2026-05-11 20:42
VLAI
EPSS
Title
jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
Summary
In the Linux kernel, the following vulnerability has been resolved:
jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
In __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail()
to recover some journal space. But if an error occurs while executing
jbd2_cleanup_journal_tail() (e.g., an EIO), we don't stop waiting for free
space right away, we try other branches, and if j_committing_transaction
is NULL (i.e., the tid is 0), we will get the following complain:
============================================
JBD2: I/O error when updating journal superblock for sdd-8.
__jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available
__jbd2_log_wait_for_space: no way to get more journal space in sdd-8
------------[ cut here ]------------
WARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0
Modules linked in:
CPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1
RIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0
Call Trace:
<TASK>
add_transaction_credits+0x5d1/0x5e0
start_this_handle+0x1ef/0x6a0
jbd2__journal_start+0x18b/0x340
ext4_dirty_inode+0x5d/0xb0
__mark_inode_dirty+0xe4/0x5d0
generic_update_time+0x60/0x70
[...]
============================================
So only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to
clean up at the moment, continue to try to reclaim free space in other ways.
Note that this fix relies on commit 6f6a6fda2945 ("jbd2: fix ocfs2 corrupt
when updating journal superblock fails") to make jbd2_cleanup_journal_tail
return the correct error code.
Severity
No CVSS data available.
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 801a35dfef6996f3d5eaa96a59caf00440d9165e
(git)
Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < d5dc65370a746750dbb2f03eabcf86b18db65f32 (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < ec7f8337c98ad281020ad1f11ba492462d80737a (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 70bae48377a2c4296fd3caf4caf8f11079111019 (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 1c62dc0d82c62f0dc8fcdc4843208e522acccaf5 (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < 3ced0fe6c0eff032733ea8b38778b34707270138 (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < c6bf043b210eac67d35a114e345c4e5585672913 (git) Affected: 8c3f25d8950c3e9fe6c9849f88679b3f2a071550 , < f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a (git) |
|
| Linux | Linux |
Affected:
2.6.28
Unaffected: 0 , < 2.6.28 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.227 , ≤ 5.10.* (semver) Unaffected: 5.15.168 , ≤ 5.15.* (semver) Unaffected: 6.1.113 , ≤ 6.1.* (semver) Unaffected: 6.6.55 , ≤ 6.6.* (semver) Unaffected: 6.10.14 , ≤ 6.10.* (semver) Unaffected: 6.11.3 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T13:35:21.788104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T13:38:47.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:23:39.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/jbd2/checkpoint.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "801a35dfef6996f3d5eaa96a59caf00440d9165e",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "d5dc65370a746750dbb2f03eabcf86b18db65f32",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "ec7f8337c98ad281020ad1f11ba492462d80737a",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "70bae48377a2c4296fd3caf4caf8f11079111019",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "1c62dc0d82c62f0dc8fcdc4843208e522acccaf5",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "3ced0fe6c0eff032733ea8b38778b34707270138",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "c6bf043b210eac67d35a114e345c4e5585672913",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
},
{
"lessThan": "f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a",
"status": "affected",
"version": "8c3f25d8950c3e9fe6c9849f88679b3f2a071550",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/jbd2/checkpoint.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.28"
},
{
"lessThan": "2.6.28",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.227",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.168",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.113",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.55",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.10.*",
"status": "unaffected",
"version": "6.10.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.168",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.113",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.55",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10.14",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.3",
"versionStartIncluding": "2.6.28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error\n\nIn __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail()\nto recover some journal space. But if an error occurs while executing\njbd2_cleanup_journal_tail() (e.g., an EIO), we don\u0027t stop waiting for free\nspace right away, we try other branches, and if j_committing_transaction\nis NULL (i.e., the tid is 0), we will get the following complain:\n\n============================================\nJBD2: I/O error when updating journal superblock for sdd-8.\n__jbd2_log_wait_for_space: needed 256 blocks and only had 217 space available\n__jbd2_log_wait_for_space: no way to get more journal space in sdd-8\n------------[ cut here ]------------\nWARNING: CPU: 2 PID: 139804 at fs/jbd2/checkpoint.c:109 __jbd2_log_wait_for_space+0x251/0x2e0\nModules linked in:\nCPU: 2 PID: 139804 Comm: kworker/u8:3 Not tainted 6.6.0+ #1\nRIP: 0010:__jbd2_log_wait_for_space+0x251/0x2e0\nCall Trace:\n \u003cTASK\u003e\n add_transaction_credits+0x5d1/0x5e0\n start_this_handle+0x1ef/0x6a0\n jbd2__journal_start+0x18b/0x340\n ext4_dirty_inode+0x5d/0xb0\n __mark_inode_dirty+0xe4/0x5d0\n generic_update_time+0x60/0x70\n[...]\n============================================\n\nSo only if jbd2_cleanup_journal_tail() returns 1, i.e., there is nothing to\nclean up at the moment, continue to try to reclaim free space in other ways.\n\nNote that this fix relies on commit 6f6a6fda2945 (\"jbd2: fix ocfs2 corrupt\nwhen updating journal superblock fails\") to make jbd2_cleanup_journal_tail\nreturn the correct error code."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:42:51.196Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/801a35dfef6996f3d5eaa96a59caf00440d9165e"
},
{
"url": "https://git.kernel.org/stable/c/d5dc65370a746750dbb2f03eabcf86b18db65f32"
},
{
"url": "https://git.kernel.org/stable/c/481e8f18a290e39e04ddb7feb2bb2a2cc3b213ed"
},
{
"url": "https://git.kernel.org/stable/c/ec7f8337c98ad281020ad1f11ba492462d80737a"
},
{
"url": "https://git.kernel.org/stable/c/70bae48377a2c4296fd3caf4caf8f11079111019"
},
{
"url": "https://git.kernel.org/stable/c/1c62dc0d82c62f0dc8fcdc4843208e522acccaf5"
},
{
"url": "https://git.kernel.org/stable/c/3ced0fe6c0eff032733ea8b38778b34707270138"
},
{
"url": "https://git.kernel.org/stable/c/c6bf043b210eac67d35a114e345c4e5585672913"
},
{
"url": "https://git.kernel.org/stable/c/f5cacdc6f2bb2a9bf214469dd7112b43dd2dd68a"
}
],
"title": "jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-49959",
"datePublished": "2024-10-21T18:02:12.355Z",
"dateReserved": "2024-10-21T12:17:06.049Z",
"dateUpdated": "2026-05-11T20:42:51.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50090 (GCVE-0-2024-50090)
Vulnerability from cvelistv5 – Published: 2024-11-05 17:04 – Updated: 2026-05-11 20:45
VLAI
EPSS
Title
drm/xe/oa: Fix overflow in oa batch buffer
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/oa: Fix overflow in oa batch buffer
By default xe_bb_create_job() appends a MI_BATCH_BUFFER_END to batch
buffer, this is not a problem if batch buffer is only used once but
oa reuses the batch buffer for the same metric and at each call
it appends a MI_BATCH_BUFFER_END, printing the warning below and then
overflowing.
[ 381.072016] ------------[ cut here ]------------
[ 381.072019] xe 0000:00:02.0: [drm] Assertion `bb->len * 4 + bb_prefetch(q->gt) <= size` failed!
platform: LUNARLAKE subplatform: 1
graphics: Xe2_LPG / Xe2_HPG 20.04 step B0
media: Xe2_LPM / Xe2_HPM 20.00 step B0
tile: 0 VRAM 0 B
GT: 0 type 1
So here checking if batch buffer already have MI_BATCH_BUFFER_END if
not append it.
v2:
- simply fix, suggestion from Ashutosh
(cherry picked from commit 9ba0e0f30ca42a98af3689460063edfb6315718a)
Severity
5.5 (Medium)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
dd08ebf6c3525a7ea2186e636df064ea47281987 , < bcb5be3421705e682b0b32073ad627056d6bc2a2
(git)
Affected: dd08ebf6c3525a7ea2186e636df064ea47281987 , < 6c10ba06bb1b48acce6d4d9c1e33beb9954f1788 (git) |
|
| Linux | Linux |
Affected:
6.8
Unaffected: 0 , < 6.8 (semver) Unaffected: 6.11.4 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50090",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-18T15:56:39.428028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-18T15:57:57.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/xe/xe_bb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bcb5be3421705e682b0b32073ad627056d6bc2a2",
"status": "affected",
"version": "dd08ebf6c3525a7ea2186e636df064ea47281987",
"versionType": "git"
},
{
"lessThan": "6c10ba06bb1b48acce6d4d9c1e33beb9954f1788",
"status": "affected",
"version": "dd08ebf6c3525a7ea2186e636df064ea47281987",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/xe/xe_bb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.4",
"versionStartIncluding": "6.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/oa: Fix overflow in oa batch buffer\n\nBy default xe_bb_create_job() appends a MI_BATCH_BUFFER_END to batch\nbuffer, this is not a problem if batch buffer is only used once but\noa reuses the batch buffer for the same metric and at each call\nit appends a MI_BATCH_BUFFER_END, printing the warning below and then\noverflowing.\n\n[ 381.072016] ------------[ cut here ]------------\n[ 381.072019] xe 0000:00:02.0: [drm] Assertion `bb-\u003elen * 4 + bb_prefetch(q-\u003egt) \u003c= size` failed!\n platform: LUNARLAKE subplatform: 1\n graphics: Xe2_LPG / Xe2_HPG 20.04 step B0\n media: Xe2_LPM / Xe2_HPM 20.00 step B0\n tile: 0 VRAM 0 B\n GT: 0 type 1\n\nSo here checking if batch buffer already have MI_BATCH_BUFFER_END if\nnot append it.\n\nv2:\n- simply fix, suggestion from Ashutosh\n\n(cherry picked from commit 9ba0e0f30ca42a98af3689460063edfb6315718a)"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:45:13.772Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bcb5be3421705e682b0b32073ad627056d6bc2a2"
},
{
"url": "https://git.kernel.org/stable/c/6c10ba06bb1b48acce6d4d9c1e33beb9954f1788"
}
],
"title": "drm/xe/oa: Fix overflow in oa batch buffer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50090",
"datePublished": "2024-11-05T17:04:54.546Z",
"dateReserved": "2024-10-21T19:36:19.942Z",
"dateUpdated": "2026-05-11T20:45:13.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50195 (GCVE-0-2024-50195)
Vulnerability from cvelistv5 – Published: 2024-11-08 05:54 – Updated: 2026-05-11 20:47
VLAI
EPSS
Title
posix-clock: Fix missing timespec64 check in pc_clock_settime()
Summary
In the Linux kernel, the following vulnerability has been resolved:
posix-clock: Fix missing timespec64 check in pc_clock_settime()
As Andrew pointed out, it will make sense that the PTP core
checked timespec64 struct's tv_sec and tv_nsec range before calling
ptp->info->settime64().
As the man manual of clock_settime() said, if tp.tv_sec is negative or
tp.tv_nsec is outside the range [0..999,999,999], it should return EINVAL,
which include dynamic clocks which handles PTP clock, and the condition is
consistent with timespec64_valid(). As Thomas suggested, timespec64_valid()
only check the timespec is valid, but not ensure that the time is
in a valid range, so check it ahead using timespec64_valid_strict()
in pc_clock_settime() and return -EINVAL if not valid.
There are some drivers that use tp->tv_sec and tp->tv_nsec directly to
write registers without validity checks and assume that the higher layer
has checked it, which is dangerous and will benefit from this, such as
hclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(),
and some drivers can remove the checks of itself.
Severity
5.5 (Medium)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < 29f085345cde24566efb751f39e5d367c381c584
(git)
Affected: 0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < e0c966bd3e31911b57ef76cec4c5796ebd88e512 (git) Affected: 0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < 673a1c5a2998acbd429d6286e6cad10f17f4f073 (git) Affected: 0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < c8789fbe2bbf75845e45302cba6ffa44e1884d01 (git) Affected: 0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < 27abbde44b6e71ee3891de13e1a228aa7ce95bfe (git) Affected: 0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < a3f169e398215e71361774d13bf91a0101283ac2 (git) Affected: 0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < 1ff7247101af723731ea42ed565d54fb8f341264 (git) Affected: 0606f422b453f76c31ab2b1bd52943ff06a2dcf2 , < d8794ac20a299b647ba9958f6d657051fc51a540 (git) |
|
| Linux | Linux |
Affected:
2.6.39
Unaffected: 0 , < 2.6.39 (semver) Unaffected: 4.19.323 , ≤ 4.19.* (semver) Unaffected: 5.4.285 , ≤ 5.4.* (semver) Unaffected: 5.10.228 , ≤ 5.10.* (semver) Unaffected: 5.15.169 , ≤ 5.15.* (semver) Unaffected: 6.1.114 , ≤ 6.1.* (semver) Unaffected: 6.6.58 , ≤ 6.6.* (semver) Unaffected: 6.11.5 , ≤ 6.11.* (semver) Unaffected: 6.12 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50195",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-01T20:18:04.312116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T20:27:07.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:26:50.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/time/posix-clock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "29f085345cde24566efb751f39e5d367c381c584",
"status": "affected",
"version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
"versionType": "git"
},
{
"lessThan": "e0c966bd3e31911b57ef76cec4c5796ebd88e512",
"status": "affected",
"version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
"versionType": "git"
},
{
"lessThan": "673a1c5a2998acbd429d6286e6cad10f17f4f073",
"status": "affected",
"version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
"versionType": "git"
},
{
"lessThan": "c8789fbe2bbf75845e45302cba6ffa44e1884d01",
"status": "affected",
"version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
"versionType": "git"
},
{
"lessThan": "27abbde44b6e71ee3891de13e1a228aa7ce95bfe",
"status": "affected",
"version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
"versionType": "git"
},
{
"lessThan": "a3f169e398215e71361774d13bf91a0101283ac2",
"status": "affected",
"version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
"versionType": "git"
},
{
"lessThan": "1ff7247101af723731ea42ed565d54fb8f341264",
"status": "affected",
"version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
"versionType": "git"
},
{
"lessThan": "d8794ac20a299b647ba9958f6d657051fc51a540",
"status": "affected",
"version": "0606f422b453f76c31ab2b1bd52943ff06a2dcf2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/time/posix-clock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.39"
},
{
"lessThan": "2.6.39",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.323",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.285",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.228",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.169",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.114",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.58",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.285",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.228",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.169",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.114",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.58",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.5",
"versionStartIncluding": "2.6.39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "2.6.39",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nposix-clock: Fix missing timespec64 check in pc_clock_settime()\n\nAs Andrew pointed out, it will make sense that the PTP core\nchecked timespec64 struct\u0027s tv_sec and tv_nsec range before calling\nptp-\u003einfo-\u003esettime64().\n\nAs the man manual of clock_settime() said, if tp.tv_sec is negative or\ntp.tv_nsec is outside the range [0..999,999,999], it should return EINVAL,\nwhich include dynamic clocks which handles PTP clock, and the condition is\nconsistent with timespec64_valid(). As Thomas suggested, timespec64_valid()\nonly check the timespec is valid, but not ensure that the time is\nin a valid range, so check it ahead using timespec64_valid_strict()\nin pc_clock_settime() and return -EINVAL if not valid.\n\nThere are some drivers that use tp-\u003etv_sec and tp-\u003etv_nsec directly to\nwrite registers without validity checks and assume that the higher layer\nhas checked it, which is dangerous and will benefit from this, such as\nhclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(),\nand some drivers can remove the checks of itself."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:47:16.101Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/29f085345cde24566efb751f39e5d367c381c584"
},
{
"url": "https://git.kernel.org/stable/c/e0c966bd3e31911b57ef76cec4c5796ebd88e512"
},
{
"url": "https://git.kernel.org/stable/c/673a1c5a2998acbd429d6286e6cad10f17f4f073"
},
{
"url": "https://git.kernel.org/stable/c/c8789fbe2bbf75845e45302cba6ffa44e1884d01"
},
{
"url": "https://git.kernel.org/stable/c/27abbde44b6e71ee3891de13e1a228aa7ce95bfe"
},
{
"url": "https://git.kernel.org/stable/c/a3f169e398215e71361774d13bf91a0101283ac2"
},
{
"url": "https://git.kernel.org/stable/c/1ff7247101af723731ea42ed565d54fb8f341264"
},
{
"url": "https://git.kernel.org/stable/c/d8794ac20a299b647ba9958f6d657051fc51a540"
}
],
"title": "posix-clock: Fix missing timespec64 check in pc_clock_settime()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50195",
"datePublished": "2024-11-08T05:54:10.183Z",
"dateReserved": "2024-10-21T19:36:19.968Z",
"dateUpdated": "2026-05-11T20:47:16.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…