FKIE_CVE-2024-26960
Vulnerability from fkie_nvd - Published: 2024-05-01 06:15 - Updated: 2026-06-17 07:18
Severity
Summary
In the Linux kernel, the following vulnerability has been resolved:
mm: swap: fix race between free_swap_and_cache() and swapoff()
There was previously a theoretical window where swapoff() could run and
teardown a swap_info_struct while a call to free_swap_and_cache() was
running in another thread. This could cause, amongst other bad
possibilities, swap_page_trans_huge_swapped() (called by
free_swap_and_cache()) to access the freed memory for swap_map.
This is a theoretical problem and I haven't been able to provoke it from a
test case. But there has been agreement based on code review that this is
possible (see link below).
Fix it by using get_swap_device()/put_swap_device(), which will stall
swapoff(). There was an extra check in _swap_info_get() to confirm that
the swap entry was not free. This isn't present in get_swap_device()
because it doesn't make sense in general due to the race between getting
the reference and swapoff. So I've added an equivalent check directly in
free_swap_and_cache().
Details of how to provoke one possible issue (thanks to David Hildenbrand
for deriving this):
--8<-----
__swap_entry_free() might be the last user and result in
"count == SWAP_HAS_CACHE".
swapoff->try_to_unuse() will stop as soon as soon as si->inuse_pages==0.
So the question is: could someone reclaim the folio and turn
si->inuse_pages==0, before we completed swap_page_trans_huge_swapped().
Imagine the following: 2 MiB folio in the swapcache. Only 2 subpages are
still references by swap entries.
Process 1 still references subpage 0 via swap entry.
Process 2 still references subpage 1 via swap entry.
Process 1 quits. Calls free_swap_and_cache().
-> count == SWAP_HAS_CACHE
[then, preempted in the hypervisor etc.]
Process 2 quits. Calls free_swap_and_cache().
-> count == SWAP_HAS_CACHE
Process 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls
__try_to_reclaim_swap().
__try_to_reclaim_swap()->folio_free_swap()->delete_from_swap_cache()->
put_swap_folio()->free_swap_slot()->swapcache_free_entries()->
swap_entry_free()->swap_range_free()->
...
WRITE_ONCE(si->inuse_pages, si->inuse_pages - nr_entries);
What stops swapoff to succeed after process 2 reclaimed the swap cache
but before process1 finished its call to swap_page_trans_huge_swapped()?
--8<-----
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| debian | debian_linux | 10.0 |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/swapfile.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d85c11c97ecf92d47a4b29e3faca714dc1f18d0d",
"status": "affected",
"version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
"versionType": "git"
},
{
"lessThan": "2da5568ee222ce0541bfe446a07998f92ed1643e",
"status": "affected",
"version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
"versionType": "git"
},
{
"lessThan": "1ede7f1d7eed1738d1b9333fd1e152ccb450b86a",
"status": "affected",
"version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
"versionType": "git"
},
{
"lessThan": "0f98f6d2fb5fad00f8299b84b85b6bc1b6d7d19a",
"status": "affected",
"version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
"versionType": "git"
},
{
"lessThan": "3ce4c4c653e4e478ecb15d3c88e690f12cbf6b39",
"status": "affected",
"version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
"versionType": "git"
},
{
"lessThan": "363d17e7f7907c8e27a9e86968af0eaa2301787b",
"status": "affected",
"version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
"versionType": "git"
},
{
"lessThan": "82b1c07a0af603e3c47b906c8e991dc96f01688e",
"status": "affected",
"version": "7c00bafee87c7bac7ed9eced7c161f8e5332cb4e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/swapfile.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"affectedData": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "d85c11c97ecf",
"status": "affected",
"version": "7c00bafee87c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "2da5568ee222",
"status": "affected",
"version": "7c00bafee87c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "1ede7f1d7eed",
"status": "affected",
"version": "7c00bafee87c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "0f98f6d2fb5f",
"status": "affected",
"version": "7c00bafee87c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3ce4c4c653e4",
"status": "affected",
"version": "7c00bafee87c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "363d17e7f790",
"status": "affected",
"version": "7c00bafee87c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "82b1c07a0af6",
"status": "affected",
"version": "7c00bafee87c",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.11",
"status": "unaffected",
"version": "5.10.215",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.84",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "6.6.24",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.9",
"status": "unaffected",
"version": "6.8.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:4.11:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.16",
"status": "unaffected",
"version": "5.15.154",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.8",
"status": "unaffected",
"version": "6.7.12",
"versionType": "custom"
}
]
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
},
{
"affectedData": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0958525-A5AB-4D52-BD1F-3138F23DCF13",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "577E212E-7E95-4A71-9B5C-F1D1A3AFFF46",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "5.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "834D9BD5-42A6-4D74-979E-4D6D93F630FD",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8018C1D0-0A5F-48D0-BC72-A2B33FDDA693",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6BE9771A-BAFD-4624-95F9-58D536540C53",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C59BBC3-6495-4A77-9C82-55EC7CDF5E02",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "6.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: swap: fix race between free_swap_and_cache() and swapoff()\n\nThere was previously a theoretical window where swapoff() could run and\nteardown a swap_info_struct while a call to free_swap_and_cache() was\nrunning in another thread. This could cause, amongst other bad\npossibilities, swap_page_trans_huge_swapped() (called by\nfree_swap_and_cache()) to access the freed memory for swap_map.\n\nThis is a theoretical problem and I haven\u0027t been able to provoke it from a\ntest case. But there has been agreement based on code review that this is\npossible (see link below).\n\nFix it by using get_swap_device()/put_swap_device(), which will stall\nswapoff(). There was an extra check in _swap_info_get() to confirm that\nthe swap entry was not free. This isn\u0027t present in get_swap_device()\nbecause it doesn\u0027t make sense in general due to the race between getting\nthe reference and swapoff. So I\u0027ve added an equivalent check directly in\nfree_swap_and_cache().\n\nDetails of how to provoke one possible issue (thanks to David Hildenbrand\nfor deriving this):\n\n--8\u003c-----\n\n__swap_entry_free() might be the last user and result in\n\"count == SWAP_HAS_CACHE\".\n\nswapoff-\u003etry_to_unuse() will stop as soon as soon as si-\u003einuse_pages==0.\n\nSo the question is: could someone reclaim the folio and turn\nsi-\u003einuse_pages==0, before we completed swap_page_trans_huge_swapped().\n\nImagine the following: 2 MiB folio in the swapcache. Only 2 subpages are\nstill references by swap entries.\n\nProcess 1 still references subpage 0 via swap entry.\nProcess 2 still references subpage 1 via swap entry.\n\nProcess 1 quits. Calls free_swap_and_cache().\n-\u003e count == SWAP_HAS_CACHE\n[then, preempted in the hypervisor etc.]\n\nProcess 2 quits. Calls free_swap_and_cache().\n-\u003e count == SWAP_HAS_CACHE\n\nProcess 2 goes ahead, passes swap_page_trans_huge_swapped(), and calls\n__try_to_reclaim_swap().\n\n__try_to_reclaim_swap()-\u003efolio_free_swap()-\u003edelete_from_swap_cache()-\u003e\nput_swap_folio()-\u003efree_swap_slot()-\u003eswapcache_free_entries()-\u003e\nswap_entry_free()-\u003eswap_range_free()-\u003e\n...\nWRITE_ONCE(si-\u003einuse_pages, si-\u003einuse_pages - nr_entries);\n\nWhat stops swapoff to succeed after process 2 reclaimed the swap cache\nbut before process1 finished its call to swap_page_trans_huge_swapped()?\n\n--8\u003c-----"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: swap: corrige la ejecuci\u00f3n entre free_swap_and_cache() y swapoff() Anteriormente exist\u00eda una ventana te\u00f3rica donde swapoff() pod\u00eda ejecutar y desmantelar un swap_info_struct mientras se realizaba una llamada a free_swap_and_cache(). corriendo en otro hilo. Esto podr\u00eda causar, entre otras malas posibilidades, que swap_page_trans_huge_swapped() (llamado por free_swap_and_cache()) acceda a la memoria liberada para swap_map. Este es un problema te\u00f3rico y no he podido provocarlo a partir de un caso de prueba. Pero ha habido un acuerdo basado en la revisi\u00f3n del c\u00f3digo de que esto es posible (ver enlace a continuaci\u00f3n). Solucionarlo usando get_swap_device()/put_swap_device(), lo que detendr\u00e1 swapoff(). Hubo una verificaci\u00f3n adicional en _swap_info_get() para confirmar que la entrada de intercambio no era gratuita. Esto no est\u00e1 presente en get_swap_device() porque en general no tiene sentido debido a la ejecuci\u00f3n entre obtener la referencia y el intercambio. As\u00ed que agregu\u00e9 una verificaci\u00f3n equivalente directamente en free_swap_and_cache(). Detalles de c\u00f3mo provocar un posible problema (gracias a David Hildenbrand por derivar esto): --8\u0026lt;----- __swap_entry_free() podr\u00eda ser el \u00faltimo usuario y dar como resultado \"count == SWAP_HAS_CACHE\". swapoff-\u0026gt;try_to_unuse() se detendr\u00e1 tan pronto como si-\u0026gt;inuse_pages==0. Entonces la pregunta es: \u00bfalguien podr\u00eda reclamar la publicaci\u00f3n y activar si-\u0026gt;inuse_pages==0, antes de que completemos swap_page_trans_huge_swapped()? Imagine lo siguiente: folio de 2 MiB en el swapcache. S\u00f3lo 2 subp\u00e1ginas siguen siendo referencias mediante entradas de intercambio. El proceso 1 todav\u00eda hace referencia a la subp\u00e1gina 0 mediante la entrada de intercambio. El proceso 2 todav\u00eda hace referencia a la subp\u00e1gina 1 mediante la entrada de intercambio. El proceso 1 se cierra. Llama a free_swap_and_cache(). -\u0026gt; count == SWAP_HAS_CACHE [luego, adelantado en el hipervisor, etc.] El proceso 2 se cierra. Llama a free_swap_and_cache(). -\u0026gt; count == SWAP_HAS_CACHE El proceso 2 contin\u00faa, pasa swap_page_trans_huge_swapped() y llama a __try_to_reclaim_swap(). __try_to_reclaim_swap()-\u0026gt;folio_free_swap()-\u0026gt;delete_from_swap_cache()-\u0026gt; put_swap_folio()-\u0026gt;free_swap_slot()-\u0026gt;swapcache_free_entries()-\u0026gt; swap_entry_free()-\u0026gt;swap_range_free()-\u0026gt; ... WRITE_ONCE(si-\u0026gt;inuse_pages, si-\u0026gt;inuse_pages - nr_entries); \u00bfQu\u00e9 impide que el intercambio tenga \u00e9xito despu\u00e9s de que el proceso 2 recuper\u00f3 el cach\u00e9 de intercambio pero antes de que el proceso 1 terminara su llamada a swap_page_trans_huge_swapped()? --8\u0026lt;-----"
}
],
"id": "CVE-2024-26960",
"lastModified": "2026-06-17T07:18:47.827",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2024-26960",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T21:09:23.358079Z",
"version": "2.0.3"
}
}
]
},
"published": "2024-05-01T06:15:12.323",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/0f98f6d2fb5fad00f8299b84b85b6bc1b6d7d19a"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/1ede7f1d7eed1738d1b9333fd1e152ccb450b86a"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2da5568ee222ce0541bfe446a07998f92ed1643e"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/363d17e7f7907c8e27a9e86968af0eaa2301787b"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/3ce4c4c653e4e478ecb15d3c88e690f12cbf6b39"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/82b1c07a0af603e3c47b906c8e991dc96f01688e"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/d85c11c97ecf92d47a4b29e3faca714dc1f18d0d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/0f98f6d2fb5fad00f8299b84b85b6bc1b6d7d19a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/1ede7f1d7eed1738d1b9333fd1e152ccb450b86a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2da5568ee222ce0541bfe446a07998f92ed1643e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/363d17e7f7907c8e27a9e86968af0eaa2301787b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/3ce4c4c653e4e478ecb15d3c88e690f12cbf6b39"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/82b1c07a0af603e3c47b906c8e991dc96f01688e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/d85c11c97ecf92d47a4b29e3faca714dc1f18d0d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"source": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…