cve-2024-40904
Vulnerability from cvelistv5
Published
2024-07-12 12:20
Modified
2024-12-19 09:07
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages The syzbot fuzzer found that the interrupt-URB completion callback in the cdc-wdm driver was taking too long, and the driver's immediate resubmission of interrupt URBs with -EPROTO status combined with the dummy-hcd emulation to cause a CPU lockup: cdc_wdm 1-1:1.0: nonzero urb status received: -71 cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes watchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625] CPU#0 Utilization every 4s during lockup: #1: 98% system, 0% softirq, 3% hardirq, 0% idle #2: 98% system, 0% softirq, 3% hardirq, 0% idle #3: 98% system, 0% softirq, 3% hardirq, 0% idle #4: 98% system, 0% softirq, 3% hardirq, 0% idle #5: 98% system, 1% softirq, 3% hardirq, 0% idle Modules linked in: irq event stamp: 73096 hardirqs last enabled at (73095): [<ffff80008037bc00>] console_emit_next_record kernel/printk/printk.c:2935 [inline] hardirqs last enabled at (73095): [<ffff80008037bc00>] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994 hardirqs last disabled at (73096): [<ffff80008af10b00>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (73096): [<ffff80008af10b00>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (73048): [<ffff8000801ea530>] softirq_handle_end kernel/softirq.c:400 [inline] softirqs last enabled at (73048): [<ffff8000801ea530>] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582 softirqs last disabled at (73043): [<ffff800080020de8>] __do_softirq+0x14/0x20 kernel/softirq.c:588 CPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G W 6.10.0-rc2-syzkaller-g8867bbd4a056 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Testing showed that the problem did not occur if the two error messages -- the first two lines above -- were removed; apparently adding material to the kernel log takes a surprisingly large amount of time. In any case, the best approach for preventing these lockups and to avoid spamming the log with thousands of error messages per second is to ratelimit the two dev_err() calls. Therefore we replace them with dev_err_ratelimited().
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/02a4c0499fc3a02e992b4c69a9809912af372d94Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/05b2cd6d33f700597e6f081b53c668a226a96d28Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/217d1f44fff560b3995a685a60aa66e55a7f0f56Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/22f00812862564b314784167a89f27b444f82a46Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/53250b54c92fe087fd4b0c48f85529efe1ebd879Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/72a3fe36cf9f0d030865e571f45a40f9c1e07e8aPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/82075aff7ffccb1e72b0ac8aa349e473624d857cPatch
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c0747d76eb05542b5d49f67069b64ef5ff732c6cPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/02a4c0499fc3a02e992b4c69a9809912af372d94Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/05b2cd6d33f700597e6f081b53c668a226a96d28Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/217d1f44fff560b3995a685a60aa66e55a7f0f56Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/22f00812862564b314784167a89f27b444f82a46Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/53250b54c92fe087fd4b0c48f85529efe1ebd879Patch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/72a3fe36cf9f0d030865e571f45a40f9c1e07e8aPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/82075aff7ffccb1e72b0ac8aa349e473624d857cPatch
af854a3a-2127-422b-91ae-364da2661108https://git.kernel.org/stable/c/c0747d76eb05542b5d49f67069b64ef5ff732c6cPatch
Impacted products
Vendor Product Version
Linux Linux Version: 2.6.28
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:55.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/217d1f44fff560b3995a685a60aa66e55a7f0f56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/05b2cd6d33f700597e6f081b53c668a226a96d28"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c0747d76eb05542b5d49f67069b64ef5ff732c6c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/53250b54c92fe087fd4b0c48f85529efe1ebd879"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/02a4c0499fc3a02e992b4c69a9809912af372d94"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/72a3fe36cf9f0d030865e571f45a40f9c1e07e8a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/82075aff7ffccb1e72b0ac8aa349e473624d857c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/22f00812862564b314784167a89f27b444f82a46"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40904",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:06:25.015899Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:38.321Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/class/cdc-wdm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "217d1f44fff560b3995a685a60aa66e55a7f0f56",
              "status": "affected",
              "version": "9908a32e94de2141463e104c9924279ed3509447",
              "versionType": "git"
            },
            {
              "lessThan": "05b2cd6d33f700597e6f081b53c668a226a96d28",
              "status": "affected",
              "version": "9908a32e94de2141463e104c9924279ed3509447",
              "versionType": "git"
            },
            {
              "lessThan": "c0747d76eb05542b5d49f67069b64ef5ff732c6c",
              "status": "affected",
              "version": "9908a32e94de2141463e104c9924279ed3509447",
              "versionType": "git"
            },
            {
              "lessThan": "53250b54c92fe087fd4b0c48f85529efe1ebd879",
              "status": "affected",
              "version": "9908a32e94de2141463e104c9924279ed3509447",
              "versionType": "git"
            },
            {
              "lessThan": "02a4c0499fc3a02e992b4c69a9809912af372d94",
              "status": "affected",
              "version": "9908a32e94de2141463e104c9924279ed3509447",
              "versionType": "git"
            },
            {
              "lessThan": "72a3fe36cf9f0d030865e571f45a40f9c1e07e8a",
              "status": "affected",
              "version": "9908a32e94de2141463e104c9924279ed3509447",
              "versionType": "git"
            },
            {
              "lessThan": "82075aff7ffccb1e72b0ac8aa349e473624d857c",
              "status": "affected",
              "version": "9908a32e94de2141463e104c9924279ed3509447",
              "versionType": "git"
            },
            {
              "lessThan": "22f00812862564b314784167a89f27b444f82a46",
              "status": "affected",
              "version": "9908a32e94de2141463e104c9924279ed3509447",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/class/cdc-wdm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.28"
            },
            {
              "lessThan": "2.6.28",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages\n\nThe syzbot fuzzer found that the interrupt-URB completion callback in\nthe cdc-wdm driver was taking too long, and the driver\u0027s immediate\nresubmission of interrupt URBs with -EPROTO status combined with the\ndummy-hcd emulation to cause a CPU lockup:\n\ncdc_wdm 1-1:1.0: nonzero urb status received: -71\ncdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes\nwatchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]\nCPU#0 Utilization every 4s during lockup:\n\t#1:  98% system,\t  0% softirq,\t  3% hardirq,\t  0% idle\n\t#2:  98% system,\t  0% softirq,\t  3% hardirq,\t  0% idle\n\t#3:  98% system,\t  0% softirq,\t  3% hardirq,\t  0% idle\n\t#4:  98% system,\t  0% softirq,\t  3% hardirq,\t  0% idle\n\t#5:  98% system,\t  1% softirq,\t  3% hardirq,\t  0% idle\nModules linked in:\nirq event stamp: 73096\nhardirqs last  enabled at (73095): [\u003cffff80008037bc00\u003e] console_emit_next_record kernel/printk/printk.c:2935 [inline]\nhardirqs last  enabled at (73095): [\u003cffff80008037bc00\u003e] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994\nhardirqs last disabled at (73096): [\u003cffff80008af10b00\u003e] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\nhardirqs last disabled at (73096): [\u003cffff80008af10b00\u003e] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\nsoftirqs last  enabled at (73048): [\u003cffff8000801ea530\u003e] softirq_handle_end kernel/softirq.c:400 [inline]\nsoftirqs last  enabled at (73048): [\u003cffff8000801ea530\u003e] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582\nsoftirqs last disabled at (73043): [\u003cffff800080020de8\u003e] __do_softirq+0x14/0x20 kernel/softirq.c:588\nCPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G        W          6.10.0-rc2-syzkaller-g8867bbd4a056 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\n\nTesting showed that the problem did not occur if the two error\nmessages -- the first two lines above -- were removed; apparently adding\nmaterial to the kernel log takes a surprisingly large amount of time.\n\nIn any case, the best approach for preventing these lockups and to\navoid spamming the log with thousands of error messages per second is\nto ratelimit the two dev_err() calls.  Therefore we replace them with\ndev_err_ratelimited()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:07:42.371Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/217d1f44fff560b3995a685a60aa66e55a7f0f56"
        },
        {
          "url": "https://git.kernel.org/stable/c/05b2cd6d33f700597e6f081b53c668a226a96d28"
        },
        {
          "url": "https://git.kernel.org/stable/c/c0747d76eb05542b5d49f67069b64ef5ff732c6c"
        },
        {
          "url": "https://git.kernel.org/stable/c/53250b54c92fe087fd4b0c48f85529efe1ebd879"
        },
        {
          "url": "https://git.kernel.org/stable/c/02a4c0499fc3a02e992b4c69a9809912af372d94"
        },
        {
          "url": "https://git.kernel.org/stable/c/72a3fe36cf9f0d030865e571f45a40f9c1e07e8a"
        },
        {
          "url": "https://git.kernel.org/stable/c/82075aff7ffccb1e72b0ac8aa349e473624d857c"
        },
        {
          "url": "https://git.kernel.org/stable/c/22f00812862564b314784167a89f27b444f82a46"
        }
      ],
      "title": "USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40904",
    "datePublished": "2024-07-12T12:20:45.173Z",
    "dateReserved": "2024-07-12T12:17:45.579Z",
    "dateUpdated": "2024-12-19T09:07:42.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-40904\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-07-12T13:15:13.770\",\"lastModified\":\"2024-11-21T09:31:49.620\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nUSB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages\\n\\nThe syzbot fuzzer found that the interrupt-URB completion callback in\\nthe cdc-wdm driver was taking too long, and the driver\u0027s immediate\\nresubmission of interrupt URBs with -EPROTO status combined with the\\ndummy-hcd emulation to cause a CPU lockup:\\n\\ncdc_wdm 1-1:1.0: nonzero urb status received: -71\\ncdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes\\nwatchdog: BUG: soft lockup - CPU#0 stuck for 26s! [syz-executor782:6625]\\nCPU#0 Utilization every 4s during lockup:\\n\\t#1:  98% system,\\t  0% softirq,\\t  3% hardirq,\\t  0% idle\\n\\t#2:  98% system,\\t  0% softirq,\\t  3% hardirq,\\t  0% idle\\n\\t#3:  98% system,\\t  0% softirq,\\t  3% hardirq,\\t  0% idle\\n\\t#4:  98% system,\\t  0% softirq,\\t  3% hardirq,\\t  0% idle\\n\\t#5:  98% system,\\t  1% softirq,\\t  3% hardirq,\\t  0% idle\\nModules linked in:\\nirq event stamp: 73096\\nhardirqs last  enabled at (73095): [\u003cffff80008037bc00\u003e] console_emit_next_record kernel/printk/printk.c:2935 [inline]\\nhardirqs last  enabled at (73095): [\u003cffff80008037bc00\u003e] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994\\nhardirqs last disabled at (73096): [\u003cffff80008af10b00\u003e] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\\nhardirqs last disabled at (73096): [\u003cffff80008af10b00\u003e] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\\nsoftirqs last  enabled at (73048): [\u003cffff8000801ea530\u003e] softirq_handle_end kernel/softirq.c:400 [inline]\\nsoftirqs last  enabled at (73048): [\u003cffff8000801ea530\u003e] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582\\nsoftirqs last disabled at (73043): [\u003cffff800080020de8\u003e] __do_softirq+0x14/0x20 kernel/softirq.c:588\\nCPU: 0 PID: 6625 Comm: syz-executor782 Tainted: G        W          6.10.0-rc2-syzkaller-g8867bbd4a056 #0\\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\\n\\nTesting showed that the problem did not occur if the two error\\nmessages -- the first two lines above -- were removed; apparently adding\\nmaterial to the kernel log takes a surprisingly large amount of time.\\n\\nIn any case, the best approach for preventing these lockups and to\\navoid spamming the log with thousands of error messages per second is\\nto ratelimit the two dev_err() calls.  Therefore we replace them with\\ndev_err_ratelimited().\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: USB: clase: cdc-wdm: soluciona el bloqueo de la CPU causado por mensajes de registro excesivos. El syzbot fuzzer descubri\u00f3 que la devoluci\u00f3n de llamada de finalizaci\u00f3n de interrupci\u00f3n-URB en el controlador cdc-wdm estaba tardando demasiado y el reenv\u00edo inmediato por parte del controlador de las URB de interrupci\u00f3n con estado -EPROTO combinado con la emulaci\u00f3n ficticia-hcd para provocar un bloqueo de la CPU: cdc_wdm 1-1:1.0: estado de urb distinto de cero recibido: -71 cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes perro guardi\u00e1n: ERROR: bloqueo suave - \u00a1CPU#0 bloqueada durante 26 segundos! [syz-executor782:6625] CPU#0 Utilizaci\u00f3n cada 4 segundos durante el bloqueo: #1: 98% sistema, 0% softirq, 3% hardirq, 0% inactivo #2: 98% sistema, 0% softirq, 3% hardirq, 0 % inactivo #3: 98% sistema, 0% softirq, 3% hardirq, 0% inactivo #4: 98% sistema, 0% softirq, 3% hardirq, 0% inactivo #5: 98% sistema, 1% softirq, 3 % hardirq, 0% inactivo M\u00f3dulos vinculados en: irq event stamp: 73096 hardirqs habilitado por \u00faltima vez en (73095): [] console_emit_next_record kernel/printk/printk.c:2935 [inline] hardirqs habilitado por \u00faltima vez en (73095): [ ] console_flush_all+0x650/0xb74 kernel/printk/printk.c:2994 hardirqs deshabilitado por \u00faltima vez en (73096): [] __el1_irq arch/arm64/kernel/entry-common.c:533 [en l\u00ednea] hardirqs \u00faltimo deshabilitado en (73096): [] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs habilitado por \u00faltima vez en (73048): [] softirq_handle_end kernel/softirq.c:400 [en l\u00ednea] softirqs habilitados por \u00faltima vez en (73048): [] handle_softirqs+0xa60/0xc34 kernel/softirq.c:582 softirqs deshabilitados por \u00faltima vez en (73043): [] __do_softirq+0x14/0x20 kernel/softirq. c:588 CPU: 0 PID: 6625 Comm: syz-executor782 Contaminado: GW 6.10.0-rc2-syzkaller-g8867bbd4a056 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/04/2024 Las pruebas mostraron que el problema no se produjo si se eliminaron los dos mensajes de error (las dos primeras l\u00edneas anteriores); aparentemente agregar material al registro del kernel lleva una cantidad de tiempo sorprendentemente grande. En cualquier caso, el mejor enfoque para prevenir estos bloqueos y evitar enviar spam al registro con miles de mensajes de error por segundo es limitar la velocidad de las dos llamadas dev_err(). Por eso los reemplazamos con dev_err_ratelimited().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.28\",\"versionEndExcluding\":\"4.19.317\",\"matchCriteriaId\":\"379E23C3-E298-4CEF-AEA8-B94BD1CA55BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.20\",\"versionEndExcluding\":\"5.4.279\",\"matchCriteriaId\":\"F4E38E58-1B9F-4DF2-AD3D-A8BEAA2959D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.5\",\"versionEndExcluding\":\"5.10.221\",\"matchCriteriaId\":\"659E1520-6345-41AF-B893-A7C0647585A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.162\",\"matchCriteriaId\":\"10A39ACC-3005-40E8-875C-98A372D1FFD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.95\",\"matchCriteriaId\":\"D435765D-2766-44F5-B319-F713A13E35CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.35\",\"matchCriteriaId\":\"6F019D15-84C0-416B-8C57-7F51B68992F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.9.6\",\"matchCriteriaId\":\"0ABBBA1D-F79D-4BDB-AA41-D1EDCC4A6975\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EBB4392-5FA6-4DA9-9772-8F9C750109FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"331C2F14-12C7-45D5-893D-8C52EE38EA10\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"3173713D-909A-4DD3-9DD4-1E171EB057EE\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/02a4c0499fc3a02e992b4c69a9809912af372d94\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/05b2cd6d33f700597e6f081b53c668a226a96d28\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/217d1f44fff560b3995a685a60aa66e55a7f0f56\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/22f00812862564b314784167a89f27b444f82a46\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/53250b54c92fe087fd4b0c48f85529efe1ebd879\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/72a3fe36cf9f0d030865e571f45a40f9c1e07e8a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/82075aff7ffccb1e72b0ac8aa349e473624d857c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c0747d76eb05542b5d49f67069b64ef5ff732c6c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/02a4c0499fc3a02e992b4c69a9809912af372d94\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/05b2cd6d33f700597e6f081b53c668a226a96d28\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/217d1f44fff560b3995a685a60aa66e55a7f0f56\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/22f00812862564b314784167a89f27b444f82a46\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/53250b54c92fe087fd4b0c48f85529efe1ebd879\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/72a3fe36cf9f0d030865e571f45a40f9c1e07e8a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/82075aff7ffccb1e72b0ac8aa349e473624d857c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c0747d76eb05542b5d49f67069b64ef5ff732c6c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.