csaf_certbund - wid-sec-w-2024-0473

wid-sec-w-2024-0473

Vulnerability from csaf_certbund

Published

2024-02-22 23:00

Modified

2024-07-24 22:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand herbeizuführen oder einen nicht spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0473 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0473.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0473 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0473"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0855-1 vom 2024-03-12",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018151.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0857-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018154.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0856-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018155.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0858-1 vom 2024-03-13",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018153.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0900-1 vom 2024-03-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018167.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6688-1 vom 2024-03-11",
        "url": "https://ubuntu.com/security/notices/USN-6688-1"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022256-CVE-2024-26588-d6d5@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-x6p5-7c22-qrq6"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022245-CVE-2023-52443-e920@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-3hp3-h35p-gqg4"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022252-CVE-2023-52444-f7ee@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-6f72-79f8-3qcp"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022253-CVE-2023-52445-07a6@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-84fp-h279-ggmw"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022253-CVE-2024-26586-6632@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-8pq4-pmqh-grvh"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022254-CVE-2023-52446-2812@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-3m37-qf9f-22vv"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022255-CVE-2023-52447-e074@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-wvjr-h8mr-f8gw"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022255-CVE-2023-52448-7bf2@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-2rwp-xr6x-9ppc"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022255-CVE-2024-26587-db74@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-vmpq-wpxg-r7rp"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022256-CVE-2023-52449-5a7e@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-268r-8rwm-mqq9"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022256-CVE-2023-52450-48ba@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-mxpq-5wm8-vg9v"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022257-CVE-2023-52451-7bdb@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-64r6-8p6g-7r26"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022257-CVE-2024-26589-0ee1@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-rw7c-wqqw-8w6c"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022258-CVE-2023-52452-7904@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-445q-cj49-wrrx"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022258-CVE-2024-26591-8b42@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-x2wh-v69v-x2w9"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022259-CVE-2024-26590-85a4@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-3j4f-wx4w-q2cq"
      },
      {
        "category": "external",
        "summary": "CVE Announce auf lore.kernel.org vom 2024-02-22",
        "url": "http://lore.kernel.org/linux-cve-announce/2024022259-CVE-2024-26592-58f7@gregkh/"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-02-22",
        "url": "https://github.com/advisories/GHSA-qgq4-32vw-r3w5"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0910-1 vom 2024-03-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018181.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0900-2 vom 2024-03-15",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018182.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0926-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018204.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0975-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018186.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0925-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018205.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0976-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018185.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:0977-1 vom 2024-03-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-March/018210.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6725-1 vom 2024-04-09",
        "url": "https://ubuntu.com/security/notices/USN-6725-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6726-1 vom 2024-04-09",
        "url": "https://ubuntu.com/security/notices/USN-6726-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6725-2 vom 2024-04-16",
        "url": "https://ubuntu.com/security/notices/USN-6725-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6726-2 vom 2024-04-16",
        "url": "https://ubuntu.com/security/notices/USN-6726-2"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1320-1 vom 2024-04-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018372.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1321-1 vom 2024-04-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018375.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1322-1 vom 2024-04-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018374.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2024-041 vom 2024-04-18",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2024-041.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1881 vom 2024-04-18",
        "url": "https://access.redhat.com/errata/RHSA-2024:1881"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1882 vom 2024-04-18",
        "url": "https://access.redhat.com/errata/RHSA-2024:1882"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6726-3 vom 2024-04-17",
        "url": "https://ubuntu.com/security/notices/USN-6726-3"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1332-2 vom 2024-04-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018378.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1322-2 vom 2024-04-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018377.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1332-1 vom 2024-04-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018376.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6741-1 vom 2024-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6741-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6739-1 vom 2024-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6739-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6740-1 vom 2024-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6740-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6743-1 vom 2024-04-19",
        "url": "https://ubuntu.com/security/notices/USN-6743-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6743-2 vom 2024-04-22",
        "url": "https://ubuntu.com/security/notices/USN-6743-2"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2006 vom 2024-04-23",
        "url": "https://access.redhat.com/errata/RHSA-2024:2006"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2008 vom 2024-04-23",
        "url": "https://access.redhat.com/errata/RHSA-2024:2008"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6743-3 vom 2024-04-25",
        "url": "https://ubuntu.com/security/notices/USN-6743-3"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1466-1 vom 2024-04-29",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018438.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2394 vom 2024-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2024:2394"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2582 vom 2024-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2024:2582"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2585 vom 2024-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2024:2585"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1480-1 vom 2024-04-30",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018444.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2674 vom 2024-05-02",
        "url": "https://access.redhat.com/errata/RHSA-2024:2674"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:1490-1 vom 2024-05-03",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018445.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5681 vom 2024-05-06",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00090.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6766-1 vom 2024-05-07",
        "url": "https://ubuntu.com/security/notices/USN-6766-1"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-198 vom 2024-05-08",
        "url": "https://www.dell.com/support/kbdoc/000224827/dsa-2024-="
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6765-1 vom 2024-05-07",
        "url": "https://ubuntu.com/security/notices/USN-6765-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6766-2 vom 2024-05-15",
        "url": "https://ubuntu.com/security/notices/USN-6766-2"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2024-065 vom 2024-05-20",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2024-065.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6766-3 vom 2024-05-20",
        "url": "https://ubuntu.com/security/notices/USN-6766-3"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3138 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:3138"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2950 vom 2024-05-22",
        "url": "https://access.redhat.com/errata/RHSA-2024:2950"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2024-054 vom 2024-05-24",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-054.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3421 vom 2024-05-28",
        "url": "https://access.redhat.com/errata/RHSA-2024:3421"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3414 vom 2024-05-28",
        "url": "https://access.redhat.com/errata/RHSA-2024:3414"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6795-1 vom 2024-05-28",
        "url": "https://ubuntu.com/security/notices/USN-6795-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3618 vom 2024-06-05",
        "url": "https://access.redhat.com/errata/RHSA-2024:3618"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3627 vom 2024-06-05",
        "url": "https://access.redhat.com/errata/RHSA-2024:3627"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-3618 vom 2024-06-06",
        "url": "https://linux.oracle.com/errata/ELSA-2024-3618.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6819-1 vom 2024-06-08",
        "url": "https://ubuntu.com/security/notices/USN-6819-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6818-1 vom 2024-06-08",
        "url": "https://ubuntu.com/security/notices/USN-6818-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6820-1 vom 2024-06-08",
        "url": "https://ubuntu.com/security/notices/USN-6820-1"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7156774 vom 2024-06-07",
        "url": "https://www.ibm.com/support/pages/node/7156774"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6821-1 vom 2024-06-08",
        "url": "https://ubuntu.com/security/notices/USN-6821-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6821-2 vom 2024-06-10",
        "url": "https://ubuntu.com/security/notices/USN-6821-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6818-2 vom 2024-06-10",
        "url": "https://ubuntu.com/security/notices/USN-6818-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6821-3 vom 2024-06-11",
        "url": "https://ubuntu.com/security/notices/USN-6821-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6820-2 vom 2024-06-11",
        "url": "https://ubuntu.com/security/notices/USN-6820-2"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:3810 vom 2024-06-11",
        "url": "https://access.redhat.com/errata/RHSA-2024:3810"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6819-2 vom 2024-06-12",
        "url": "https://ubuntu.com/security/notices/USN-6819-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6828-1 vom 2024-06-11",
        "url": "https://ubuntu.com/security/notices/USN-6828-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6819-3 vom 2024-06-12",
        "url": "https://ubuntu.com/security/notices/USN-6819-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6821-4 vom 2024-06-14",
        "url": "https://ubuntu.com/security/notices/USN-6821-4"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6818-3 vom 2024-06-14",
        "url": "https://ubuntu.com/security/notices/USN-6818-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6818-4 vom 2024-06-19",
        "url": "https://ubuntu.com/security/notices/USN-6818-4"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3841 vom 2024-06-25",
        "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3842 vom 2024-06-25",
        "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6819-4 vom 2024-06-26",
        "url": "https://ubuntu.com/security/notices/USN-6819-4"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3840 vom 2024-06-27",
        "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6871-1 vom 2024-07-04",
        "url": "https://ubuntu.com/security/notices/USN-6871-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6892-1 vom 2024-07-10",
        "url": "https://ubuntu.com/security/notices/USN-6892-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6896-1 vom 2024-07-12",
        "url": "https://ubuntu.com/security/notices/USN-6896-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6896-2 vom 2024-07-16",
        "url": "https://ubuntu.com/security/notices/USN-6896-2"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6896-3 vom 2024-07-17",
        "url": "https://ubuntu.com/security/notices/USN-6896-3"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6896-4 vom 2024-07-19",
        "url": "https://ubuntu.com/security/notices/USN-6896-4"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6896-5 vom 2024-07-23",
        "url": "https://ubuntu.com/security/notices/USN-6896-5"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4823 vom 2024-07-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:4823"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:4831 vom 2024-07-24",
        "url": "https://access.redhat.com/errata/RHSA-2024:4831"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-07-24T22:00:00.000+00:00",
      "generator": {
        "date": "2024-07-25T08:36:16.811+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-0473",
      "initial_release_date": "2024-02-22T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-22T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-03-11T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-03-12T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-03-14T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-03-17T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-03-24T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-04-09T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-16T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Ubuntu und SUSE aufgenommen"
        },
        {
          "date": "2024-04-17T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Amazon, Red Hat und Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-18T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-04-21T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-22T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-23T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-04-24T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-04-29T22:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-05-01T22:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat und SUSE aufgenommen"
        },
        {
          "date": "2024-05-02T22:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-06T22:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-05-07T22:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von Ubuntu und Dell aufgenommen"
        },
        {
          "date": "2024-05-15T22:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-05-20T22:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Amazon und Ubuntu aufgenommen"
        },
        {
          "date": "2024-05-21T22:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-26T22:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2024-05-28T22:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-04T22:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-06-06T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-06-09T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Ubuntu und IBM aufgenommen"
        },
        {
          "date": "2024-06-10T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-11T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
        },
        {
          "date": "2024-06-12T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-16T22:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-18T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-25T22:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-06-26T22:00:00.000+00:00",
          "number": "34",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-06-27T22:00:00.000+00:00",
          "number": "35",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-07-03T22:00:00.000+00:00",
          "number": "36",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-07-10T22:00:00.000+00:00",
          "number": "37",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-07-14T22:00:00.000+00:00",
          "number": "38",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-07-16T22:00:00.000+00:00",
          "number": "39",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-07-17T22:00:00.000+00:00",
          "number": "40",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-07-18T22:00:00.000+00:00",
          "number": "41",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-07-22T22:00:00.000+00:00",
          "number": "42",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-07-24T22:00:00.000+00:00",
          "number": "43",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "43"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "virtual",
                "product": {
                  "name": "Dell NetWorker virtual",
                  "product_id": "T034583",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:virtual"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "EMC Avamar",
            "product": {
              "name": "EMC Avamar",
              "product_id": "T014381",
              "product_identification_helper": {
                "cpe": "cpe:/a:emc:avamar:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "EMC"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM QRadar SIEM",
            "product": {
              "name": "IBM QRadar SIEM",
              "product_id": "T021415",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:qradar_siem:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.8-rc1",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.8-rc1",
                  "product_id": "T032408",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.8-rc1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-52443",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2023-52443"
    },
    {
      "cve": "CVE-2023-52444",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2023-52444"
    },
    {
      "cve": "CVE-2023-52445",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2023-52445"
    },
    {
      "cve": "CVE-2023-52446",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2023-52446"
    },
    {
      "cve": "CVE-2023-52447",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2023-52447"
    },
    {
      "cve": "CVE-2023-52448",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2023-52448"
    },
    {
      "cve": "CVE-2023-52449",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2023-52449"
    },
    {
      "cve": "CVE-2023-52450",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2023-52450"
    },
    {
      "cve": "CVE-2023-52451",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2023-52451"
    },
    {
      "cve": "CVE-2023-52452",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2023-52452"
    },
    {
      "cve": "CVE-2024-26586",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2024-26586"
    },
    {
      "cve": "CVE-2024-26587",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2024-26587"
    },
    {
      "cve": "CVE-2024-26588",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2024-26588"
    },
    {
      "cve": "CVE-2024-26589",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2024-26589"
    },
    {
      "cve": "CVE-2024-26590",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2024-26590"
    },
    {
      "cve": "CVE-2024-26591",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2024-26591"
    },
    {
      "cve": "CVE-2024-26592",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten wie dem ksmbd, dem erofs oder dem bpf, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem use-after-free, einer NULL-Zeiger-Dereferenz oder einer Race Condition. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand zu verursachen oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T014381",
          "2951",
          "T002207",
          "67646",
          "T000126",
          "T021415",
          "T034583",
          "398363",
          "T004914"
        ]
      },
      "release_date": "2024-02-22T23:00:00Z",
      "title": "CVE-2024-26592"
    }
  ]
}

cve-2024-26587

Vulnerability from cvelistv5

Published

2024-02-22 16:13

Modified

2024-08-02 00:07

Severity

Summary

net: netdevsim: don't try to destroy PHC on VFs

References

URL	Tags
https://git.kernel.org/stable/c/08aca65997fb6f233066883b1f1e653bcb1f26ca
https://git.kernel.org/stable/c/c5068e442eed063d2f1658e6b6d3c1c6fcf1e588
https://git.kernel.org/stable/c/ea937f77208323d35ffe2f8d8fc81b00118bfcda

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26587",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-26T14:37:54.234702Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:02.831Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.707Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/08aca65997fb6f233066883b1f1e653bcb1f26ca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c5068e442eed063d2f1658e6b6d3c1c6fcf1e588"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ea937f77208323d35ffe2f8d8fc81b00118bfcda"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/netdevsim/netdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "08aca65997fb",
              "status": "affected",
              "version": "b63e78fca889",
              "versionType": "git"
            },
            {
              "lessThan": "c5068e442eed",
              "status": "affected",
              "version": "b63e78fca889",
              "versionType": "git"
            },
            {
              "lessThan": "ea937f772083",
              "status": "affected",
              "version": "b63e78fca889",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/netdevsim/netdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: netdevsim: don\u0027t try to destroy PHC on VFs\n\nPHC gets initialized in nsim_init_netdevsim(), which\nis only called if (nsim_dev_port_is_pf()).\n\nCreate a counterpart of nsim_init_netdevsim() and\nmove the mock_phc_destroy() there.\n\nThis fixes a crash trying to destroy netdevsim with\nVFs instantiated, as caught by running the devlink.sh test:\n\n    BUG: kernel NULL pointer dereference, address: 00000000000000b8\n    RIP: 0010:mock_phc_destroy+0xd/0x30\n    Call Trace:\n     \u003cTASK\u003e\n     nsim_destroy+0x4a/0x70 [netdevsim]\n     __nsim_dev_port_del+0x47/0x70 [netdevsim]\n     nsim_dev_reload_destroy+0x105/0x120 [netdevsim]\n     nsim_drv_remove+0x2f/0xb0 [netdevsim]\n     device_release_driver_internal+0x1a1/0x210\n     bus_remove_device+0xd5/0x120\n     device_del+0x159/0x490\n     device_unregister+0x12/0x30\n     del_device_store+0x11a/0x1a0 [netdevsim]\n     kernfs_fop_write_iter+0x130/0x1d0\n     vfs_write+0x30b/0x4b0\n     ksys_write+0x69/0xf0\n     do_syscall_64+0xcc/0x1e0\n     entry_SYSCALL_64_after_hwframe+0x6f/0x77"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:19:05.222Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/08aca65997fb6f233066883b1f1e653bcb1f26ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/c5068e442eed063d2f1658e6b6d3c1c6fcf1e588"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea937f77208323d35ffe2f8d8fc81b00118bfcda"
        }
      ],
      "title": "net: netdevsim: don\u0027t try to destroy PHC on VFs",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26587",
    "datePublished": "2024-02-22T16:13:32.442Z",
    "dateReserved": "2024-02-19T14:20:24.126Z",
    "dateUpdated": "2024-08-02T00:07:19.707Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-52444

Vulnerability from cvelistv5

Published

2024-02-22 16:21

Modified

2024-08-02 22:55

Severity

Summary

f2fs: fix to avoid dirent corruption

References

URL	Tags
https://git.kernel.org/stable/c/02160112e6d45c2610b049df6eb693d7a2e57b46
https://git.kernel.org/stable/c/5624a3c1b1ebc8991318e1cce2aa719542991024
https://git.kernel.org/stable/c/6f866885e147d33efc497f1095f35b2ee5ec7310
https://git.kernel.org/stable/c/f100ba617d8be6c98a68f3744ef7617082975b77
https://git.kernel.org/stable/c/f0145860c20be6bae6785c7a2249577674702ac7
https://git.kernel.org/stable/c/d3c0b49aaa12a61d560528f5d605029ab57f0728
https://git.kernel.org/stable/c/2fb4867f4405aea8c0519d7d188207f232a57862
https://git.kernel.org/stable/c/53edb549565f55ccd0bdf43be3d66ce4c2d48b28
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52444",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-26T17:55:52.107706Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:03.571Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/02160112e6d45c2610b049df6eb693d7a2e57b46"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5624a3c1b1ebc8991318e1cce2aa719542991024"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6f866885e147d33efc497f1095f35b2ee5ec7310"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f100ba617d8be6c98a68f3744ef7617082975b77"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f0145860c20be6bae6785c7a2249577674702ac7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d3c0b49aaa12a61d560528f5d605029ab57f0728"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2fb4867f4405aea8c0519d7d188207f232a57862"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/53edb549565f55ccd0bdf43be3d66ce4c2d48b28"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/namei.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "02160112e6d4",
              "status": "affected",
              "version": "7e01e7ad746b",
              "versionType": "git"
            },
            {
              "lessThan": "5624a3c1b1eb",
              "status": "affected",
              "version": "7e01e7ad746b",
              "versionType": "git"
            },
            {
              "lessThan": "6f866885e147",
              "status": "affected",
              "version": "7e01e7ad746b",
              "versionType": "git"
            },
            {
              "lessThan": "f100ba617d8b",
              "status": "affected",
              "version": "7e01e7ad746b",
              "versionType": "git"
            },
            {
              "lessThan": "f0145860c20b",
              "status": "affected",
              "version": "7e01e7ad746b",
              "versionType": "git"
            },
            {
              "lessThan": "d3c0b49aaa12",
              "status": "affected",
              "version": "7e01e7ad746b",
              "versionType": "git"
            },
            {
              "lessThan": "2fb4867f4405",
              "status": "affected",
              "version": "7e01e7ad746b",
              "versionType": "git"
            },
            {
              "lessThan": "53edb549565f",
              "status": "affected",
              "version": "7e01e7ad746b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/namei.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid dirent corruption\n\nAs Al reported in link[1]:\n\nf2fs_rename()\n...\n\tif (old_dir != new_dir \u0026\u0026 !whiteout)\n\t\tf2fs_set_link(old_inode, old_dir_entry,\n\t\t\t\t\told_dir_page, new_dir);\n\telse\n\t\tf2fs_put_page(old_dir_page, 0);\n\nYou want correct inumber in the \"..\" link.  And cross-directory\nrename does move the source to new parent, even if you\u0027d been asked\nto leave a whiteout in the old place.\n\n[1] https://lore.kernel.org/all/20231017055040.GN800259@ZenIV/\n\nWith below testcase, it may cause dirent corruption, due to it missed\nto call f2fs_set_link() to update \"..\" link to new directory.\n- mkdir -p dir/foo\n- renameat2 -w dir/foo bar\n\n[ASSERT] (__chk_dots_dentries:1421)  --\u003e Bad inode number[0x4] for \u0027..\u0027, parent parent ino is [0x3]\n[FSCK] other corrupted bugs                           [Fail]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-28T19:49:32.169Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/02160112e6d45c2610b049df6eb693d7a2e57b46"
        },
        {
          "url": "https://git.kernel.org/stable/c/5624a3c1b1ebc8991318e1cce2aa719542991024"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f866885e147d33efc497f1095f35b2ee5ec7310"
        },
        {
          "url": "https://git.kernel.org/stable/c/f100ba617d8be6c98a68f3744ef7617082975b77"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0145860c20be6bae6785c7a2249577674702ac7"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3c0b49aaa12a61d560528f5d605029ab57f0728"
        },
        {
          "url": "https://git.kernel.org/stable/c/2fb4867f4405aea8c0519d7d188207f232a57862"
        },
        {
          "url": "https://git.kernel.org/stable/c/53edb549565f55ccd0bdf43be3d66ce4c2d48b28"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
        }
      ],
      "title": "f2fs: fix to avoid dirent corruption",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52444",
    "datePublished": "2024-02-22T16:21:37.043Z",
    "dateReserved": "2024-02-20T12:30:33.291Z",
    "dateUpdated": "2024-08-02T22:55:41.853Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-26592

Vulnerability from cvelistv5

Published

2024-02-22 16:21

Modified

2024-08-27 15:00

Severity

7.8 (High) - cvssV3_1 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

ksmbd: fix UAF issue in ksmbd_tcp_new_connection()

References

URL	Tags
https://git.kernel.org/stable/c/999daf367b924fdf14e9d83e034ee0f86bc17ec6
https://git.kernel.org/stable/c/380965e48e9c32ee4263c023e1d830ea7e462ed1
https://git.kernel.org/stable/c/24290ba94cd0136e417283b0dbf8fcdabcf62111
https://git.kernel.org/stable/c/69d54650b751532d1e1613a4fb433e591aeef126
https://git.kernel.org/stable/c/38d20c62903d669693a1869aa68c4dd5674e2544

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/999daf367b924fdf14e9d83e034ee0f86bc17ec6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/380965e48e9c32ee4263c023e1d830ea7e462ed1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/24290ba94cd0136e417283b0dbf8fcdabcf62111"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/69d54650b751532d1e1613a4fb433e591aeef126"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/38d20c62903d669693a1869aa68c4dd5674e2544"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "5.15"
              },
              {
                "lessThan": "999daf367b92",
                "status": "affected",
                "version": "a848c4f15ab6",
                "versionType": "git"
              },
              {
                "lessThan": "380965e48e9c",
                "status": "affected",
                "version": "a848c4f15ab6",
                "versionType": "git"
              },
              {
                "lessThan": "24290ba94cd0",
                "status": "affected",
                "version": "a848c4f15ab6",
                "versionType": "git"
              },
              {
                "lessThan": "69d54650b751",
                "status": "affected",
                "version": "a848c4f15ab6",
                "versionType": "git"
              },
              {
                "lessThan": "38d20c62903d",
                "status": "affected",
                "version": "a848c4f15ab6",
                "versionType": "git"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26592",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-27T05:00:16.236632Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-27T15:00:34.971Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/connection.c",
            "fs/smb/server/connection.h",
            "fs/smb/server/transport_rdma.c",
            "fs/smb/server/transport_tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "999daf367b92",
              "status": "affected",
              "version": "a848c4f15ab6",
              "versionType": "git"
            },
            {
              "lessThan": "380965e48e9c",
              "status": "affected",
              "version": "a848c4f15ab6",
              "versionType": "git"
            },
            {
              "lessThan": "24290ba94cd0",
              "status": "affected",
              "version": "a848c4f15ab6",
              "versionType": "git"
            },
            {
              "lessThan": "69d54650b751",
              "status": "affected",
              "version": "a848c4f15ab6",
              "versionType": "git"
            },
            {
              "lessThan": "38d20c62903d",
              "status": "affected",
              "version": "a848c4f15ab6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/server/connection.c",
            "fs/smb/server/connection.h",
            "fs/smb/server/transport_rdma.c",
            "fs/smb/server/transport_tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix UAF issue in ksmbd_tcp_new_connection()\n\nThe race is between the handling of a new TCP connection and\nits disconnection. It leads to UAF on `struct tcp_transport` in\nksmbd_tcp_new_connection() function."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:19:10.383Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/999daf367b924fdf14e9d83e034ee0f86bc17ec6"
        },
        {
          "url": "https://git.kernel.org/stable/c/380965e48e9c32ee4263c023e1d830ea7e462ed1"
        },
        {
          "url": "https://git.kernel.org/stable/c/24290ba94cd0136e417283b0dbf8fcdabcf62111"
        },
        {
          "url": "https://git.kernel.org/stable/c/69d54650b751532d1e1613a4fb433e591aeef126"
        },
        {
          "url": "https://git.kernel.org/stable/c/38d20c62903d669693a1869aa68c4dd5674e2544"
        }
      ],
      "title": "ksmbd: fix UAF issue in ksmbd_tcp_new_connection()",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26592",
    "datePublished": "2024-02-22T16:21:44.626Z",
    "dateReserved": "2024-02-19T14:20:24.126Z",
    "dateUpdated": "2024-08-27T15:00:34.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-52450

Vulnerability from cvelistv5

Published

2024-02-22 16:21

Modified

2024-08-02 22:55

Severity

Summary

perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology()

References

URL	Tags
https://git.kernel.org/stable/c/bf1bf09e6b599758851457f3999779622a48d015
https://git.kernel.org/stable/c/3d6f4a78b104c65e4256c3776c9949f49a1b459e
https://git.kernel.org/stable/c/1692cf434ba13ee212495b5af795b6a07e986ce4

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.573Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bf1bf09e6b599758851457f3999779622a48d015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d6f4a78b104c65e4256c3776c9949f49a1b459e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1692cf434ba13ee212495b5af795b6a07e986ce4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/events/intel/uncore_snbep.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bf1bf09e6b59",
              "status": "affected",
              "version": "f680b6e6062e",
              "versionType": "git"
            },
            {
              "lessThan": "3d6f4a78b104",
              "status": "affected",
              "version": "f680b6e6062e",
              "versionType": "git"
            },
            {
              "lessThan": "1692cf434ba1",
              "status": "affected",
              "version": "f680b6e6062e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/events/intel/uncore_snbep.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology()\n\nGet logical socket id instead of physical id in discover_upi_topology()\nto avoid out-of-bound access on \u0027upi = \u0026type-\u003etopology[nid][idx];\u0027 line\nthat leads to NULL pointer dereference in upi_fill_topology()"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:12:05.417Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bf1bf09e6b599758851457f3999779622a48d015"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d6f4a78b104c65e4256c3776c9949f49a1b459e"
        },
        {
          "url": "https://git.kernel.org/stable/c/1692cf434ba13ee212495b5af795b6a07e986ce4"
        }
      ],
      "title": "perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology()",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52450",
    "datePublished": "2024-02-22T16:21:41.661Z",
    "dateReserved": "2024-02-20T12:30:33.293Z",
    "dateUpdated": "2024-08-02T22:55:41.573Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-52443

Vulnerability from cvelistv5

Published

2024-02-22 16:13

Modified

2024-08-02 22:55

Severity

Summary

apparmor: avoid crash when parsed profile name is empty

References

URL	Tags
https://git.kernel.org/stable/c/9286ee97aa4803d99185768735011d0d65827c9e
https://git.kernel.org/stable/c/1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf
https://git.kernel.org/stable/c/5ff00408e5029d3550ee77f62dc15f1e15c47f87
https://git.kernel.org/stable/c/0a12db736edbb4933e4274932aeea594b5876fa4
https://git.kernel.org/stable/c/9d4fa5fe2b1d56662afd14915a73b4d0783ffa45
https://git.kernel.org/stable/c/5c0392fdafb0a2321311900be83ffa572bef8203
https://git.kernel.org/stable/c/77ab09b92f16c8439a948d1af489196953dc4a0e
https://git.kernel.org/stable/c/55a8210c9e7d21ff2644809699765796d4bfb200
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52443",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T18:29:41.510350Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:01.497Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.517Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9286ee97aa4803d99185768735011d0d65827c9e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ff00408e5029d3550ee77f62dc15f1e15c47f87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0a12db736edbb4933e4274932aeea594b5876fa4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d4fa5fe2b1d56662afd14915a73b4d0783ffa45"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c0392fdafb0a2321311900be83ffa572bef8203"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/77ab09b92f16c8439a948d1af489196953dc4a0e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/55a8210c9e7d21ff2644809699765796d4bfb200"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/apparmor/policy_unpack.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9286ee97aa48",
              "status": "affected",
              "version": "04dc715e24d0",
              "versionType": "git"
            },
            {
              "lessThan": "1d8e62b5569c",
              "status": "affected",
              "version": "04dc715e24d0",
              "versionType": "git"
            },
            {
              "lessThan": "5ff00408e502",
              "status": "affected",
              "version": "04dc715e24d0",
              "versionType": "git"
            },
            {
              "lessThan": "0a12db736edb",
              "status": "affected",
              "version": "04dc715e24d0",
              "versionType": "git"
            },
            {
              "lessThan": "9d4fa5fe2b1d",
              "status": "affected",
              "version": "04dc715e24d0",
              "versionType": "git"
            },
            {
              "lessThan": "5c0392fdafb0",
              "status": "affected",
              "version": "04dc715e24d0",
              "versionType": "git"
            },
            {
              "lessThan": "77ab09b92f16",
              "status": "affected",
              "version": "04dc715e24d0",
              "versionType": "git"
            },
            {
              "lessThan": "55a8210c9e7d",
              "status": "affected",
              "version": "04dc715e24d0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/apparmor/policy_unpack.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\napparmor: avoid crash when parsed profile name is empty\n\nWhen processing a packed profile in unpack_profile() described like\n\n \"profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}\"\n\na string \":samba-dcerpcd\" is unpacked as a fully-qualified name and then\npassed to aa_splitn_fqname().\n\naa_splitn_fqname() treats \":samba-dcerpcd\" as only containing a namespace.\nThus it returns NULL for tmpname, meanwhile tmpns is non-NULL. Later\naa_alloc_profile() crashes as the new profile name is NULL now.\n\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 6 PID: 1657 Comm: apparmor_parser Not tainted 6.7.0-rc2-dirty #16\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\nRIP: 0010:strlen+0x1e/0xa0\nCall Trace:\n \u003cTASK\u003e\n ? strlen+0x1e/0xa0\n aa_policy_init+0x1bb/0x230\n aa_alloc_profile+0xb1/0x480\n unpack_profile+0x3bc/0x4960\n aa_unpack+0x309/0x15e0\n aa_replace_profiles+0x213/0x33c0\n policy_update+0x261/0x370\n profile_replace+0x20e/0x2a0\n vfs_write+0x2af/0xe00\n ksys_write+0x126/0x250\n do_syscall_64+0x46/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n \u003c/TASK\u003e\n---[ end trace 0000000000000000 ]---\nRIP: 0010:strlen+0x1e/0xa0\n\nIt seems such behaviour of aa_splitn_fqname() is expected and checked in\nother places where it is called (e.g. aa_remove_profiles). Well, there\nis an explicit comment \"a ns name without a following profile is allowed\"\ninside.\n\nAFAICS, nothing can prevent unpacked \"name\" to be in form like\n\":samba-dcerpcd\" - it is passed from userspace.\n\nDeny the whole profile set replacement in such case and inform user with\nEPROTO and an explaining message.\n\nFound by Linux Verification Center (linuxtesting.org)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-28T19:49:30.886Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9286ee97aa4803d99185768735011d0d65827c9e"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d8e62b5569cc1466ceb8a7e4872cf10160a9dcf"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ff00408e5029d3550ee77f62dc15f1e15c47f87"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a12db736edbb4933e4274932aeea594b5876fa4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d4fa5fe2b1d56662afd14915a73b4d0783ffa45"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c0392fdafb0a2321311900be83ffa572bef8203"
        },
        {
          "url": "https://git.kernel.org/stable/c/77ab09b92f16c8439a948d1af489196953dc4a0e"
        },
        {
          "url": "https://git.kernel.org/stable/c/55a8210c9e7d21ff2644809699765796d4bfb200"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
        }
      ],
      "title": "apparmor: avoid crash when parsed profile name is empty",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52443",
    "datePublished": "2024-02-22T16:13:31.154Z",
    "dateReserved": "2024-02-20T12:30:33.291Z",
    "dateUpdated": "2024-08-02T22:55:41.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-52446

Vulnerability from cvelistv5

Published

2024-02-22 16:21

Modified

2024-08-02 22:55

Severity

Summary

bpf: Fix a race condition between btf_put() and map_free()

References

URL	Tags
https://git.kernel.org/stable/c/d048dced8ea5eac6723ae873a40567e6f101ea42
https://git.kernel.org/stable/c/f9ff6ef1c73cd9e1a6bb1ab3e57c5d141a536306
https://git.kernel.org/stable/c/59e5791f59dd83e8aa72a4e74217eabb6e8cfd90

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52446",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-24T20:38:04.824335Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T20:38:15.665Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d048dced8ea5eac6723ae873a40567e6f101ea42"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f9ff6ef1c73cd9e1a6bb1ab3e57c5d141a536306"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/59e5791f59dd83e8aa72a4e74217eabb6e8cfd90"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/syscall.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d048dced8ea5",
              "status": "affected",
              "version": "958cf2e273f0",
              "versionType": "git"
            },
            {
              "lessThan": "f9ff6ef1c73c",
              "status": "affected",
              "version": "958cf2e273f0",
              "versionType": "git"
            },
            {
              "lessThan": "59e5791f59dd",
              "status": "affected",
              "version": "958cf2e273f0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/syscall.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a race condition between btf_put() and map_free()\n\nWhen running `./test_progs -j` in my local vm with latest kernel,\nI once hit a kasan error like below:\n\n  [ 1887.184724] BUG: KASAN: slab-use-after-free in bpf_rb_root_free+0x1f8/0x2b0\n  [ 1887.185599] Read of size 4 at addr ffff888106806910 by task kworker/u12:2/2830\n  [ 1887.186498]\n  [ 1887.186712] CPU: 3 PID: 2830 Comm: kworker/u12:2 Tainted: G           OEL     6.7.0-rc3-00699-g90679706d486-dirty #494\n  [ 1887.188034] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\n  [ 1887.189618] Workqueue: events_unbound bpf_map_free_deferred\n  [ 1887.190341] Call Trace:\n  [ 1887.190666]  \u003cTASK\u003e\n  [ 1887.190949]  dump_stack_lvl+0xac/0xe0\n  [ 1887.191423]  ? nf_tcp_handle_invalid+0x1b0/0x1b0\n  [ 1887.192019]  ? panic+0x3c0/0x3c0\n  [ 1887.192449]  print_report+0x14f/0x720\n  [ 1887.192930]  ? preempt_count_sub+0x1c/0xd0\n  [ 1887.193459]  ? __virt_addr_valid+0xac/0x120\n  [ 1887.194004]  ? bpf_rb_root_free+0x1f8/0x2b0\n  [ 1887.194572]  kasan_report+0xc3/0x100\n  [ 1887.195085]  ? bpf_rb_root_free+0x1f8/0x2b0\n  [ 1887.195668]  bpf_rb_root_free+0x1f8/0x2b0\n  [ 1887.196183]  ? __bpf_obj_drop_impl+0xb0/0xb0\n  [ 1887.196736]  ? preempt_count_sub+0x1c/0xd0\n  [ 1887.197270]  ? preempt_count_sub+0x1c/0xd0\n  [ 1887.197802]  ? _raw_spin_unlock+0x1f/0x40\n  [ 1887.198319]  bpf_obj_free_fields+0x1d4/0x260\n  [ 1887.198883]  array_map_free+0x1a3/0x260\n  [ 1887.199380]  bpf_map_free_deferred+0x7b/0xe0\n  [ 1887.199943]  process_scheduled_works+0x3a2/0x6c0\n  [ 1887.200549]  worker_thread+0x633/0x890\n  [ 1887.201047]  ? __kthread_parkme+0xd7/0xf0\n  [ 1887.201574]  ? kthread+0x102/0x1d0\n  [ 1887.202020]  kthread+0x1ab/0x1d0\n  [ 1887.202447]  ? pr_cont_work+0x270/0x270\n  [ 1887.202954]  ? kthread_blkcg+0x50/0x50\n  [ 1887.203444]  ret_from_fork+0x34/0x50\n  [ 1887.203914]  ? kthread_blkcg+0x50/0x50\n  [ 1887.204397]  ret_from_fork_asm+0x11/0x20\n  [ 1887.204913]  \u003c/TASK\u003e\n  [ 1887.204913]  \u003c/TASK\u003e\n  [ 1887.205209]\n  [ 1887.205416] Allocated by task 2197:\n  [ 1887.205881]  kasan_set_track+0x3f/0x60\n  [ 1887.206366]  __kasan_kmalloc+0x6e/0x80\n  [ 1887.206856]  __kmalloc+0xac/0x1a0\n  [ 1887.207293]  btf_parse_fields+0xa15/0x1480\n  [ 1887.207836]  btf_parse_struct_metas+0x566/0x670\n  [ 1887.208387]  btf_new_fd+0x294/0x4d0\n  [ 1887.208851]  __sys_bpf+0x4ba/0x600\n  [ 1887.209292]  __x64_sys_bpf+0x41/0x50\n  [ 1887.209762]  do_syscall_64+0x4c/0xf0\n  [ 1887.210222]  entry_SYSCALL_64_after_hwframe+0x63/0x6b\n  [ 1887.210868]\n  [ 1887.211074] Freed by task 36:\n  [ 1887.211460]  kasan_set_track+0x3f/0x60\n  [ 1887.211951]  kasan_save_free_info+0x28/0x40\n  [ 1887.212485]  ____kasan_slab_free+0x101/0x180\n  [ 1887.213027]  __kmem_cache_free+0xe4/0x210\n  [ 1887.213514]  btf_free+0x5b/0x130\n  [ 1887.213918]  rcu_core+0x638/0xcc0\n  [ 1887.214347]  __do_softirq+0x114/0x37e\n\nThe error happens at bpf_rb_root_free+0x1f8/0x2b0:\n\n  00000000000034c0 \u003cbpf_rb_root_free\u003e:\n  ; {\n    34c0: f3 0f 1e fa                   endbr64\n    34c4: e8 00 00 00 00                callq   0x34c9 \u003cbpf_rb_root_free+0x9\u003e\n    34c9: 55                            pushq   %rbp\n    34ca: 48 89 e5                      movq    %rsp, %rbp\n  ...\n  ;       if (rec \u0026\u0026 rec-\u003erefcount_off \u003e= 0 \u0026\u0026\n    36aa: 4d 85 ed                      testq   %r13, %r13\n    36ad: 74 a9                         je      0x3658 \u003cbpf_rb_root_free+0x198\u003e\n    36af: 49 8d 7d 10                   leaq    0x10(%r13), %rdi\n    36b3: e8 00 00 00 00                callq   0x36b8 \u003cbpf_rb_root_free+0x1f8\u003e\n                                        \u003c==== kasan function\n    36b8: 45 8b 7d 10                   movl    0x10(%r13), %r15d\n                                        \u003c==== use-after-free load\n    36bc: 45 85 ff                      testl   %r15d, %r15d\n    36bf: 78 8c                         js      0x364d \u003cbpf_rb_root_free+0x18d\u003e\n\nSo the problem \n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:12:01.349Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d048dced8ea5eac6723ae873a40567e6f101ea42"
        },
        {
          "url": "https://git.kernel.org/stable/c/f9ff6ef1c73cd9e1a6bb1ab3e57c5d141a536306"
        },
        {
          "url": "https://git.kernel.org/stable/c/59e5791f59dd83e8aa72a4e74217eabb6e8cfd90"
        }
      ],
      "title": "bpf: Fix a race condition between btf_put() and map_free()",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52446",
    "datePublished": "2024-02-22T16:21:38.408Z",
    "dateReserved": "2024-02-20T12:30:33.291Z",
    "dateUpdated": "2024-08-02T22:55:41.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-26590

Vulnerability from cvelistv5

Published

2024-02-22 16:13

Modified

2024-08-02 00:07

Severity

Summary

erofs: fix inconsistent per-file compression format

References

URL	Tags
https://git.kernel.org/stable/c/47467e04816cb297905c0f09bc2d11ef865942d9
https://git.kernel.org/stable/c/823ba1d2106019ddf195287ba53057aee33cf724
https://git.kernel.org/stable/c/eed24b816e50c6cd18cbee0ff0d7218c8fced199
https://git.kernel.org/stable/c/118a8cf504d7dfa519562d000f423ee3ca75d2c4

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26590",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-28T18:51:50.148353Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:04.105Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.710Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/47467e04816cb297905c0f09bc2d11ef865942d9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/823ba1d2106019ddf195287ba53057aee33cf724"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eed24b816e50c6cd18cbee0ff0d7218c8fced199"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/118a8cf504d7dfa519562d000f423ee3ca75d2c4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/erofs/decompressor.c",
            "fs/erofs/zmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "47467e04816c",
              "status": "affected",
              "version": "8f89926290c4",
              "versionType": "git"
            },
            {
              "lessThan": "823ba1d21060",
              "status": "affected",
              "version": "8f89926290c4",
              "versionType": "git"
            },
            {
              "lessThan": "eed24b816e50",
              "status": "affected",
              "version": "8f89926290c4",
              "versionType": "git"
            },
            {
              "lessThan": "118a8cf504d7",
              "status": "affected",
              "version": "8f89926290c4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/erofs/decompressor.c",
            "fs/erofs/zmap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.80",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix inconsistent per-file compression format\n\nEROFS can select compression algorithms on a per-file basis, and each\nper-file compression algorithm needs to be marked in the on-disk\nsuperblock for initialization.\n\nHowever, syzkaller can generate inconsistent crafted images that use\nan unsupported algorithmtype for specific inodes, e.g. use MicroLZMA\nalgorithmtype even it\u0027s not set in `sbi-\u003eavailable_compr_algs`.  This\ncan lead to an unexpected \"BUG: kernel NULL pointer dereference\" if\nthe corresponding decompressor isn\u0027t built-in.\n\nFix this by checking against `sbi-\u003eavailable_compr_algs` for each\nm_algorithmformat request.  Incorrect !erofs_sb_has_compr_cfgs preset\nbitmap is now fixed together since it was harmless previously."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:19:08.324Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/47467e04816cb297905c0f09bc2d11ef865942d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/823ba1d2106019ddf195287ba53057aee33cf724"
        },
        {
          "url": "https://git.kernel.org/stable/c/eed24b816e50c6cd18cbee0ff0d7218c8fced199"
        },
        {
          "url": "https://git.kernel.org/stable/c/118a8cf504d7dfa519562d000f423ee3ca75d2c4"
        }
      ],
      "title": "erofs: fix inconsistent per-file compression format",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26590",
    "datePublished": "2024-02-22T16:13:34.315Z",
    "dateReserved": "2024-02-19T14:20:24.126Z",
    "dateUpdated": "2024-08-02T00:07:19.710Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-26586

Vulnerability from cvelistv5

Published

2024-02-22 16:13

Modified

2024-08-02 00:07

Severity

Summary

mlxsw: spectrum_acl_tcam: Fix stack corruption

References

URL	Tags
https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182
https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15
https://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819
https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62
https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383
https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26586",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T20:41:19.395721Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:02.147Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.636Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c",
            "tools/testing/selftests/drivers/net/mlxsw/spectrum-2/tc_flower.sh"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "56750ea5d154",
              "status": "affected",
              "version": "c3ab435466d5",
              "versionType": "git"
            },
            {
              "lessThan": "348112522a35",
              "status": "affected",
              "version": "c3ab435466d5",
              "versionType": "git"
            },
            {
              "lessThan": "6fd24675188d",
              "status": "affected",
              "version": "c3ab435466d5",
              "versionType": "git"
            },
            {
              "lessThan": "2f5e15657404",
              "status": "affected",
              "version": "c3ab435466d5",
              "versionType": "git"
            },
            {
              "lessThan": "a361c2c1da5d",
              "status": "affected",
              "version": "c3ab435466d5",
              "versionType": "git"
            },
            {
              "lessThan": "483ae90d8f97",
              "status": "affected",
              "version": "c3ab435466d5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c",
            "tools/testing/selftests/drivers/net/mlxsw/spectrum-2/tc_flower.sh"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix stack corruption\n\nWhen tc filters are first added to a net device, the corresponding local\nport gets bound to an ACL group in the device. The group contains a list\nof ACLs. In turn, each ACL points to a different TCAM region where the\nfilters are stored. During forwarding, the ACLs are sequentially\nevaluated until a match is found.\n\nOne reason to place filters in different regions is when they are added\nwith decreasing priorities and in an alternating order so that two\nconsecutive filters can never fit in the same region because of their\nkey usage.\n\nIn Spectrum-2 and newer ASICs the firmware started to report that the\nmaximum number of ACLs in a group is more than 16, but the layout of the\nregister that configures ACL groups (PAGT) was not updated to account\nfor that. It is therefore possible to hit stack corruption [1] in the\nrare case where more than 16 ACLs in a group are required.\n\nFix by limiting the maximum ACL group size to the minimum between what\nthe firmware reports and the maximum ACLs that fit in the PAGT register.\n\nAdd a test case to make sure the machine does not crash when this\ncondition is hit.\n\n[1]\nKernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120\n[...]\n dump_stack_lvl+0x36/0x50\n panic+0x305/0x330\n __stack_chk_fail+0x15/0x20\n mlxsw_sp_acl_tcam_group_update+0x116/0x120\n mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110\n mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20\n mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0\n mlxsw_sp_acl_rule_add+0x47/0x240\n mlxsw_sp_flower_replace+0x1a9/0x1d0\n tc_setup_cb_add+0xdc/0x1c0\n fl_hw_replace_filter+0x146/0x1f0\n fl_change+0xc17/0x1360\n tc_new_tfilter+0x472/0xb90\n rtnetlink_rcv_msg+0x313/0x3b0\n netlink_rcv_skb+0x58/0x100\n netlink_unicast+0x244/0x390\n netlink_sendmsg+0x1e4/0x440\n ____sys_sendmsg+0x164/0x260\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xc0\n do_syscall_64+0x40/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:19:04.180Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182"
        },
        {
          "url": "https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62"
        },
        {
          "url": "https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383"
        },
        {
          "url": "https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
        }
      ],
      "title": "mlxsw: spectrum_acl_tcam: Fix stack corruption",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26586",
    "datePublished": "2024-02-22T16:13:31.796Z",
    "dateReserved": "2024-02-19T14:20:24.125Z",
    "dateUpdated": "2024-08-02T00:07:19.636Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-52447

Vulnerability from cvelistv5

Published

2024-02-22 16:21

Modified

2024-08-02 22:55

Severity

Summary

bpf: Defer the free of inner map when necessary

References

URL	Tags
https://git.kernel.org/stable/c/90c445799fd1dc214d7c6279c144e33a35e29ef2
https://git.kernel.org/stable/c/37d98fb9c3144c0fddf7f6e99aece9927ac8dce6
https://git.kernel.org/stable/c/62fca83303d608ad4fec3f7428c8685680bb01b0
https://git.kernel.org/stable/c/f91cd728b10c51f6d4a39957ccd56d1e802fc8ee
https://git.kernel.org/stable/c/bfd9b20c4862f41d4590fde11d70a5eeae53dcc5
https://git.kernel.org/stable/c/876673364161da50eed6b472d746ef88242b2368
https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52447",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T18:56:06.100431Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:01.653Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.700Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/90c445799fd1dc214d7c6279c144e33a35e29ef2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/37d98fb9c3144c0fddf7f6e99aece9927ac8dce6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/62fca83303d608ad4fec3f7428c8685680bb01b0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f91cd728b10c51f6d4a39957ccd56d1e802fc8ee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bfd9b20c4862f41d4590fde11d70a5eeae53dcc5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/876673364161da50eed6b472d746ef88242b2368"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/bpf.h",
            "kernel/bpf/map_in_map.c",
            "kernel/bpf/syscall.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "90c445799fd1",
              "status": "affected",
              "version": "bba1dc0b55ac",
              "versionType": "git"
            },
            {
              "lessThan": "37d98fb9c314",
              "status": "affected",
              "version": "bba1dc0b55ac",
              "versionType": "git"
            },
            {
              "lessThan": "62fca83303d6",
              "status": "affected",
              "version": "bba1dc0b55ac",
              "versionType": "git"
            },
            {
              "lessThan": "f91cd728b10c",
              "status": "affected",
              "version": "bba1dc0b55ac",
              "versionType": "git"
            },
            {
              "lessThan": "bfd9b20c4862",
              "status": "affected",
              "version": "bba1dc0b55ac",
              "versionType": "git"
            },
            {
              "lessThan": "876673364161",
              "status": "affected",
              "version": "bba1dc0b55ac",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/bpf.h",
            "kernel/bpf/map_in_map.c",
            "kernel/bpf/syscall.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Defer the free of inner map when necessary\n\nWhen updating or deleting an inner map in map array or map htab, the map\nmay still be accessed by non-sleepable program or sleepable program.\nHowever bpf_map_fd_put_ptr() decreases the ref-counter of the inner map\ndirectly through bpf_map_put(), if the ref-counter is the last one\n(which is true for most cases), the inner map will be freed by\nops-\u003emap_free() in a kworker. But for now, most .map_free() callbacks\ndon\u0027t use synchronize_rcu() or its variants to wait for the elapse of a\nRCU grace period, so after the invocation of ops-\u003emap_free completes,\nthe bpf program which is accessing the inner map may incur\nuse-after-free problem.\n\nFix the free of inner map by invoking bpf_map_free_deferred() after both\none RCU grace period and one tasks trace RCU grace period if the inner\nmap has been removed from the outer map before. The deferment is\naccomplished by using call_rcu() or call_rcu_tasks_trace() when\nreleasing the last ref-counter of bpf map. The newly-added rcu_head\nfield in bpf_map shares the same storage space with work field to\nreduce the size of bpf_map."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-28T19:49:36.345Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/90c445799fd1dc214d7c6279c144e33a35e29ef2"
        },
        {
          "url": "https://git.kernel.org/stable/c/37d98fb9c3144c0fddf7f6e99aece9927ac8dce6"
        },
        {
          "url": "https://git.kernel.org/stable/c/62fca83303d608ad4fec3f7428c8685680bb01b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/f91cd728b10c51f6d4a39957ccd56d1e802fc8ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/bfd9b20c4862f41d4590fde11d70a5eeae53dcc5"
        },
        {
          "url": "https://git.kernel.org/stable/c/876673364161da50eed6b472d746ef88242b2368"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
        }
      ],
      "title": "bpf: Defer the free of inner map when necessary",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52447",
    "datePublished": "2024-02-22T16:21:39.032Z",
    "dateReserved": "2024-02-20T12:30:33.292Z",
    "dateUpdated": "2024-08-02T22:55:41.700Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-26588

Vulnerability from cvelistv5

Published

2024-02-22 16:13

Modified

2024-08-02 00:07

Severity

Summary

LoongArch: BPF: Prevent out-of-bounds memory access

References

URL	Tags
https://git.kernel.org/stable/c/4631c2dd69d928bca396f9f58baeddf85e14ced5
https://git.kernel.org/stable/c/9aeb09f4d85a87bac46c010d75a2ea299d462f28
https://git.kernel.org/stable/c/7924ade13a49c0067da6ea13e398102979c0654a
https://git.kernel.org/stable/c/36a87385e31c9343af9a4756598e704741250a67

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-24T20:37:45.044212Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-24T20:37:53.856Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4631c2dd69d928bca396f9f58baeddf85e14ced5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9aeb09f4d85a87bac46c010d75a2ea299d462f28"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7924ade13a49c0067da6ea13e398102979c0654a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/36a87385e31c9343af9a4756598e704741250a67"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/loongarch/net/bpf_jit.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4631c2dd69d9",
              "status": "affected",
              "version": "bbfddb904df6",
              "versionType": "git"
            },
            {
              "lessThan": "9aeb09f4d85a",
              "status": "affected",
              "version": "bbfddb904df6",
              "versionType": "git"
            },
            {
              "lessThan": "7924ade13a49",
              "status": "affected",
              "version": "bbfddb904df6",
              "versionType": "git"
            },
            {
              "lessThan": "36a87385e31c",
              "status": "affected",
              "version": "bbfddb904df6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/loongarch/net/bpf_jit.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: BPF: Prevent out-of-bounds memory access\n\nThe test_tag test triggers an unhandled page fault:\n\n  # ./test_tag\n  [  130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era == 9000000003137f7c, ra == 9000000003139e70\n  [  130.640501] Oops[#3]:\n  [  130.640553] CPU: 0 PID: 1326 Comm: test_tag Tainted: G      D    O       6.7.0-rc4-loong-devel-gb62ab1a397cf #47 61985c1d94084daa2432f771daa45b56b10d8d2a\n  [  130.640764] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022\n  [  130.640874] pc 9000000003137f7c ra 9000000003139e70 tp 9000000104cb4000 sp 9000000104cb7a40\n  [  130.641001] a0 ffff80001b894000 a1 ffff80001b897ff8 a2 000000006ba210be a3 0000000000000000\n  [  130.641128] a4 000000006ba210be a5 00000000000000f1 a6 00000000000000b3 a7 0000000000000000\n  [  130.641256] t0 0000000000000000 t1 00000000000007f6 t2 0000000000000000 t3 9000000004091b70\n  [  130.641387] t4 000000006ba210be t5 0000000000000004 t6 fffffffffffffff0 t7 90000000040913e0\n  [  130.641512] t8 0000000000000005 u0 0000000000000dc0 s9 0000000000000009 s0 9000000104cb7ae0\n  [  130.641641] s1 00000000000007f6 s2 0000000000000009 s3 0000000000000095 s4 0000000000000000\n  [  130.641771] s5 ffff80001b894000 s6 ffff80001b897fb0 s7 9000000004090c50 s8 0000000000000000\n  [  130.641900]    ra: 9000000003139e70 build_body+0x1fcc/0x4988\n  [  130.642007]   ERA: 9000000003137f7c build_body+0xd8/0x4988\n  [  130.642112]  CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n  [  130.642261]  PRMD: 00000004 (PPLV0 +PIE -PWE)\n  [  130.642353]  EUEN: 00000003 (+FPE +SXE -ASXE -BTE)\n  [  130.642458]  ECFG: 00071c1c (LIE=2-4,10-12 VS=7)\n  [  130.642554] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n  [  130.642658]  BADV: ffff80001b898004\n  [  130.642719]  PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)\n  [  130.642815] Modules linked in: [last unloaded: bpf_testmod(O)]\n  [  130.642924] Process test_tag (pid: 1326, threadinfo=00000000f7f4015f, task=000000006499f9fd)\n  [  130.643062] Stack : 0000000000000000 9000000003380724 0000000000000000 0000000104cb7be8\n  [  130.643213]         0000000000000000 25af8d9b6e600558 9000000106250ea0 9000000104cb7ae0\n  [  130.643378]         0000000000000000 0000000000000000 9000000104cb7be8 90000000049f6000\n  [  130.643538]         0000000000000090 9000000106250ea0 ffff80001b894000 ffff80001b894000\n  [  130.643685]         00007ffffb917790 900000000313ca94 0000000000000000 0000000000000000\n  [  130.643831]         ffff80001b894000 0000000000000ff7 0000000000000000 9000000100468000\n  [  130.643983]         0000000000000000 0000000000000000 0000000000000040 25af8d9b6e600558\n  [  130.644131]         0000000000000bb7 ffff80001b894048 0000000000000000 0000000000000000\n  [  130.644276]         9000000104cb7be8 90000000049f6000 0000000000000090 9000000104cb7bdc\n  [  130.644423]         ffff80001b894000 0000000000000000 00007ffffb917790 90000000032acfb0\n  [  130.644572]         ...\n  [  130.644629] Call Trace:\n  [  130.644641] [\u003c9000000003137f7c\u003e] build_body+0xd8/0x4988\n  [  130.644785] [\u003c900000000313ca94\u003e] bpf_int_jit_compile+0x228/0x4ec\n  [  130.644891] [\u003c90000000032acfb0\u003e] bpf_prog_select_runtime+0x158/0x1b0\n  [  130.645003] [\u003c90000000032b3504\u003e] bpf_prog_load+0x760/0xb44\n  [  130.645089] [\u003c90000000032b6744\u003e] __sys_bpf+0xbb8/0x2588\n  [  130.645175] [\u003c90000000032b8388\u003e] sys_bpf+0x20/0x2c\n  [  130.645259] [\u003c9000000003f6ab38\u003e] do_syscall+0x7c/0x94\n  [  130.645369] [\u003c9000000003121c5c\u003e] handle_syscall+0xbc/0x158\n  [  130.645507]\n  [  130.645539] Code: 380839f6  380831f9  28412bae \u003c24000ca6\u003e 004081ad  0014cb50  004083e8  02bff34c  58008e91\n  [  130.645729]\n  [  130.646418] ---[ end trace 0000000000000000 ]---\n\nOn my machine, which has CONFIG_PAGE_SIZE_16KB=y, the test failed at\nloading a BPF prog with 2039 instructions:\n\n  prog = (struct bpf_prog *)ffff80001b894000\n  insn = (struct bpf_insn *)(prog-\u003einsnsi)fff\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:19:06.258Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4631c2dd69d928bca396f9f58baeddf85e14ced5"
        },
        {
          "url": "https://git.kernel.org/stable/c/9aeb09f4d85a87bac46c010d75a2ea299d462f28"
        },
        {
          "url": "https://git.kernel.org/stable/c/7924ade13a49c0067da6ea13e398102979c0654a"
        },
        {
          "url": "https://git.kernel.org/stable/c/36a87385e31c9343af9a4756598e704741250a67"
        }
      ],
      "title": "LoongArch: BPF: Prevent out-of-bounds memory access",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26588",
    "datePublished": "2024-02-22T16:13:33.083Z",
    "dateReserved": "2024-02-19T14:20:24.126Z",
    "dateUpdated": "2024-08-02T00:07:19.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-26589

Vulnerability from cvelistv5

Published

2024-02-22 16:13

Modified

2024-08-02 00:07

Severity

Summary

bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS

References

URL	Tags
https://git.kernel.org/stable/c/29ffa63f21bcdcef3e36b03cccf9d0cd031f6ab0
https://git.kernel.org/stable/c/4108b86e324da42f7ed425bd71632fd844300dc8
https://git.kernel.org/stable/c/e8d3872b617c21100c5ee4f64e513997a68c2e3d
https://git.kernel.org/stable/c/1b500d5d6cecf98dd6ca88bc9e7ae1783c83e6d3
https://git.kernel.org/stable/c/22c7fa171a02d310e3a3f6ed46a698ca8a0060ed

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26589",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T19:09:08.259778Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:01.815Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.728Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/29ffa63f21bcdcef3e36b03cccf9d0cd031f6ab0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4108b86e324da42f7ed425bd71632fd844300dc8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e8d3872b617c21100c5ee4f64e513997a68c2e3d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b500d5d6cecf98dd6ca88bc9e7ae1783c83e6d3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/22c7fa171a02d310e3a3f6ed46a698ca8a0060ed"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/verifier.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "29ffa63f21bc",
              "status": "affected",
              "version": "d58e468b1112",
              "versionType": "git"
            },
            {
              "lessThan": "4108b86e324d",
              "status": "affected",
              "version": "d58e468b1112",
              "versionType": "git"
            },
            {
              "lessThan": "e8d3872b617c",
              "status": "affected",
              "version": "d58e468b1112",
              "versionType": "git"
            },
            {
              "lessThan": "1b500d5d6cec",
              "status": "affected",
              "version": "d58e468b1112",
              "versionType": "git"
            },
            {
              "lessThan": "22c7fa171a02",
              "status": "affected",
              "version": "d58e468b1112",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/verifier.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject variable offset alu on PTR_TO_FLOW_KEYS\n\nFor PTR_TO_FLOW_KEYS, check_flow_keys_access() only uses fixed off\nfor validation. However, variable offset ptr alu is not prohibited\nfor this ptr kind. So the variable offset is not checked.\n\nThe following prog is accepted:\n\n  func#0 @0\n  0: R1=ctx() R10=fp0\n  0: (bf) r6 = r1                       ; R1=ctx() R6_w=ctx()\n  1: (79) r7 = *(u64 *)(r6 +144)        ; R6_w=ctx() R7_w=flow_keys()\n  2: (b7) r8 = 1024                     ; R8_w=1024\n  3: (37) r8 /= 1                       ; R8_w=scalar()\n  4: (57) r8 \u0026= 1024                    ; R8_w=scalar(smin=smin32=0,\n  smax=umax=smax32=umax32=1024,var_off=(0x0; 0x400))\n  5: (0f) r7 += r8\n  mark_precise: frame0: last_idx 5 first_idx 0 subseq_idx -1\n  mark_precise: frame0: regs=r8 stack= before 4: (57) r8 \u0026= 1024\n  mark_precise: frame0: regs=r8 stack= before 3: (37) r8 /= 1\n  mark_precise: frame0: regs=r8 stack= before 2: (b7) r8 = 1024\n  6: R7_w=flow_keys(smin=smin32=0,smax=umax=smax32=umax32=1024,var_off\n  =(0x0; 0x400)) R8_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=1024,\n  var_off=(0x0; 0x400))\n  6: (79) r0 = *(u64 *)(r7 +0)          ; R0_w=scalar()\n  7: (95) exit\n\nThis prog loads flow_keys to r7, and adds the variable offset r8\nto r7, and finally causes out-of-bounds access:\n\n  BUG: unable to handle page fault for address: ffffc90014c80038\n  [...]\n  Call Trace:\n   \u003cTASK\u003e\n   bpf_dispatcher_nop_func include/linux/bpf.h:1231 [inline]\n   __bpf_prog_run include/linux/filter.h:651 [inline]\n   bpf_prog_run include/linux/filter.h:658 [inline]\n   bpf_prog_run_pin_on_cpu include/linux/filter.h:675 [inline]\n   bpf_flow_dissect+0x15f/0x350 net/core/flow_dissector.c:991\n   bpf_prog_test_run_flow_dissector+0x39d/0x620 net/bpf/test_run.c:1359\n   bpf_prog_test_run kernel/bpf/syscall.c:4107 [inline]\n   __sys_bpf+0xf8f/0x4560 kernel/bpf/syscall.c:5475\n   __do_sys_bpf kernel/bpf/syscall.c:5561 [inline]\n   __se_sys_bpf kernel/bpf/syscall.c:5559 [inline]\n   __x64_sys_bpf+0x73/0xb0 kernel/bpf/syscall.c:5559\n   do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n   do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83\n   entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFix this by rejecting ptr alu with variable offset on flow_keys.\nApplying the patch rejects the program with \"R7 pointer arithmetic\non flow_keys prohibited\"."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:19:07.294Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/29ffa63f21bcdcef3e36b03cccf9d0cd031f6ab0"
        },
        {
          "url": "https://git.kernel.org/stable/c/4108b86e324da42f7ed425bd71632fd844300dc8"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8d3872b617c21100c5ee4f64e513997a68c2e3d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b500d5d6cecf98dd6ca88bc9e7ae1783c83e6d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/22c7fa171a02d310e3a3f6ed46a698ca8a0060ed"
        }
      ],
      "title": "bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26589",
    "datePublished": "2024-02-22T16:13:33.713Z",
    "dateReserved": "2024-02-19T14:20:24.126Z",
    "dateUpdated": "2024-08-02T00:07:19.728Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-52449

Vulnerability from cvelistv5

Published

2024-02-22 16:21

Modified

2024-08-02 22:55

Severity

Summary

mtd: Fix gluebi NULL pointer dereference caused by ftl notifier

References

URL	Tags
https://git.kernel.org/stable/c/aeba358bcc8ffddf9b4a9bd0e5ec9eb338d46022
https://git.kernel.org/stable/c/1bf4fe14e97cda621522eb2f28b0a4e87c5b0745
https://git.kernel.org/stable/c/001a3f59d8c914ef8273461d4bf495df384cc5f8
https://git.kernel.org/stable/c/d8ac2537763b54d278b80b2b080e1652523c7d4c
https://git.kernel.org/stable/c/5389407bba1eab1266c6d83e226fb0840cb98dd5
https://git.kernel.org/stable/c/cfd7c9d260dc0a3baaea05a122a19ab91e193c65
https://git.kernel.org/stable/c/b36aaa64d58aaa2f2cbc8275e89bae76a2b6c3dc
https://git.kernel.org/stable/c/a43bdc376deab5fff1ceb93dca55bcab8dbdc1d6
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52449",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-04T20:55:21.816899Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:07.700Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.518Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aeba358bcc8ffddf9b4a9bd0e5ec9eb338d46022"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1bf4fe14e97cda621522eb2f28b0a4e87c5b0745"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/001a3f59d8c914ef8273461d4bf495df384cc5f8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d8ac2537763b54d278b80b2b080e1652523c7d4c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5389407bba1eab1266c6d83e226fb0840cb98dd5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cfd7c9d260dc0a3baaea05a122a19ab91e193c65"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b36aaa64d58aaa2f2cbc8275e89bae76a2b6c3dc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a43bdc376deab5fff1ceb93dca55bcab8dbdc1d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/mtd/mtd_blkdevs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "aeba358bcc8f",
              "status": "affected",
              "version": "2ba3d76a1e29",
              "versionType": "git"
            },
            {
              "lessThan": "1bf4fe14e97c",
              "status": "affected",
              "version": "2ba3d76a1e29",
              "versionType": "git"
            },
            {
              "lessThan": "001a3f59d8c9",
              "status": "affected",
              "version": "2ba3d76a1e29",
              "versionType": "git"
            },
            {
              "lessThan": "d8ac2537763b",
              "status": "affected",
              "version": "2ba3d76a1e29",
              "versionType": "git"
            },
            {
              "lessThan": "5389407bba1e",
              "status": "affected",
              "version": "2ba3d76a1e29",
              "versionType": "git"
            },
            {
              "lessThan": "cfd7c9d260dc",
              "status": "affected",
              "version": "2ba3d76a1e29",
              "versionType": "git"
            },
            {
              "lessThan": "b36aaa64d58a",
              "status": "affected",
              "version": "2ba3d76a1e29",
              "versionType": "git"
            },
            {
              "lessThan": "a43bdc376dea",
              "status": "affected",
              "version": "2ba3d76a1e29",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/mtd/mtd_blkdevs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.31"
            },
            {
              "lessThan": "2.6.31",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: Fix gluebi NULL pointer dereference caused by ftl notifier\n\nIf both ftl.ko and gluebi.ko are loaded, the notifier of ftl\ntriggers NULL pointer dereference when trying to access\n\u2018gluebi-\u003edesc\u2019 in gluebi_read().\n\nubi_gluebi_init\n  ubi_register_volume_notifier\n    ubi_enumerate_volumes\n      ubi_notify_all\n        gluebi_notify    nb-\u003enotifier_call()\n          gluebi_create\n            mtd_device_register\n              mtd_device_parse_register\n                add_mtd_device\n                  blktrans_notify_add   not-\u003eadd()\n                    ftl_add_mtd         tr-\u003eadd_mtd()\n                      scan_header\n                        mtd_read\n                          mtd_read_oob\n                            mtd_read_oob_std\n                              gluebi_read   mtd-\u003eread()\n                                gluebi-\u003edesc - NULL\n\nDetailed reproduction information available at the Link [1],\n\nIn the normal case, obtain gluebi-\u003edesc in the gluebi_get_device(),\nand access gluebi-\u003edesc in the gluebi_read(). However,\ngluebi_get_device() is not executed in advance in the\nftl_add_mtd() process, which leads to NULL pointer dereference.\n\nThe solution for the gluebi module is to run jffs2 on the UBI\nvolume without considering working with ftl or mtdblock [2].\nTherefore, this problem can be avoided by preventing gluebi from\ncreating the mtdblock device after creating mtd partition of the\ntype MTD_UBIVOLUME."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-28T19:49:39.237Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/aeba358bcc8ffddf9b4a9bd0e5ec9eb338d46022"
        },
        {
          "url": "https://git.kernel.org/stable/c/1bf4fe14e97cda621522eb2f28b0a4e87c5b0745"
        },
        {
          "url": "https://git.kernel.org/stable/c/001a3f59d8c914ef8273461d4bf495df384cc5f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/d8ac2537763b54d278b80b2b080e1652523c7d4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/5389407bba1eab1266c6d83e226fb0840cb98dd5"
        },
        {
          "url": "https://git.kernel.org/stable/c/cfd7c9d260dc0a3baaea05a122a19ab91e193c65"
        },
        {
          "url": "https://git.kernel.org/stable/c/b36aaa64d58aaa2f2cbc8275e89bae76a2b6c3dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/a43bdc376deab5fff1ceb93dca55bcab8dbdc1d6"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
        }
      ],
      "title": "mtd: Fix gluebi NULL pointer dereference caused by ftl notifier",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52449",
    "datePublished": "2024-02-22T16:21:40.841Z",
    "dateReserved": "2024-02-20T12:30:33.292Z",
    "dateUpdated": "2024-08-02T22:55:41.518Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-52448

Vulnerability from cvelistv5

Published

2024-02-22 16:21

Modified

2024-08-02 22:55

Severity

Summary

gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

References

URL	Tags
https://git.kernel.org/stable/c/efc8ef87ab9185a23d5676f2f7d986022d91bcde
https://git.kernel.org/stable/c/5c28478af371a1c3fdb570ca67f110e1ae60fc37
https://git.kernel.org/stable/c/ee0586d73cbaf0e7058bc640d62a9daf2dfa9178
https://git.kernel.org/stable/c/d69d7804cf9e2ba171a27e5f98bc266f13d0414a
https://git.kernel.org/stable/c/067a7c48c2c70f05f9460d6f0e8423e234729f05
https://git.kernel.org/stable/c/c323efd620c741168c8e0cc6fc0be04ab57e331a
https://git.kernel.org/stable/c/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52448",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-28T18:52:46.347708Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:58.504Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/efc8ef87ab9185a23d5676f2f7d986022d91bcde"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c28478af371a1c3fdb570ca67f110e1ae60fc37"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ee0586d73cbaf0e7058bc640d62a9daf2dfa9178"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d69d7804cf9e2ba171a27e5f98bc266f13d0414a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/067a7c48c2c70f05f9460d6f0e8423e234729f05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c323efd620c741168c8e0cc6fc0be04ab57e331a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/gfs2/rgrp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "efc8ef87ab91",
              "status": "affected",
              "version": "72244b6bc752",
              "versionType": "git"
            },
            {
              "lessThan": "5c28478af371",
              "status": "affected",
              "version": "72244b6bc752",
              "versionType": "git"
            },
            {
              "lessThan": "ee0586d73cba",
              "status": "affected",
              "version": "72244b6bc752",
              "versionType": "git"
            },
            {
              "lessThan": "d69d7804cf9e",
              "status": "affected",
              "version": "72244b6bc752",
              "versionType": "git"
            },
            {
              "lessThan": "067a7c48c2c7",
              "status": "affected",
              "version": "72244b6bc752",
              "versionType": "git"
            },
            {
              "lessThan": "c323efd620c7",
              "status": "affected",
              "version": "72244b6bc752",
              "versionType": "git"
            },
            {
              "lessThan": "8877243beafa",
              "status": "affected",
              "version": "72244b6bc752",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/gfs2/rgrp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump\n\nSyzkaller has reported a NULL pointer dereference when accessing\nrgd-\u003erd_rgl in gfs2_rgrp_dump().  This can happen when creating\nrgd-\u003erd_gl fails in read_rindex_entry().  Add a NULL pointer check in\ngfs2_rgrp_dump() to prevent that."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-28T19:49:37.697Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/efc8ef87ab9185a23d5676f2f7d986022d91bcde"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c28478af371a1c3fdb570ca67f110e1ae60fc37"
        },
        {
          "url": "https://git.kernel.org/stable/c/ee0586d73cbaf0e7058bc640d62a9daf2dfa9178"
        },
        {
          "url": "https://git.kernel.org/stable/c/d69d7804cf9e2ba171a27e5f98bc266f13d0414a"
        },
        {
          "url": "https://git.kernel.org/stable/c/067a7c48c2c70f05f9460d6f0e8423e234729f05"
        },
        {
          "url": "https://git.kernel.org/stable/c/c323efd620c741168c8e0cc6fc0be04ab57e331a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
        }
      ],
      "title": "gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52448",
    "datePublished": "2024-02-22T16:21:39.915Z",
    "dateReserved": "2024-02-20T12:30:33.292Z",
    "dateUpdated": "2024-08-02T22:55:41.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-52451

Vulnerability from cvelistv5

Published

2024-02-22 16:21

Modified

2024-08-02 22:55

Severity

Summary

powerpc/pseries/memhp: Fix access beyond end of drmem array

References

URL	Tags
https://git.kernel.org/stable/c/bb79613a9a704469ddb8d6c6029d532a5cea384c
https://git.kernel.org/stable/c/9b5f03500bc5b083c0df696d7dd169d7ef3dd0c7
https://git.kernel.org/stable/c/b582aa1f66411d4adcc1aa55b8c575683fb4687e
https://git.kernel.org/stable/c/999a27b3ce9a69d54ccd5db000ec3a447bc43e6d
https://git.kernel.org/stable/c/026fd977dc50ff4a5e09bfb0603557f104d3f3a0
https://git.kernel.org/stable/c/df16afba2378d985359812c865a15c05c70a967e
https://git.kernel.org/stable/c/708a4b59baad96c4718dc0bd3a3427d3ab22fedc
https://git.kernel.org/stable/c/bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52451",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T20:29:32.183324Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:57.905Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.646Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bb79613a9a704469ddb8d6c6029d532a5cea384c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9b5f03500bc5b083c0df696d7dd169d7ef3dd0c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b582aa1f66411d4adcc1aa55b8c575683fb4687e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/999a27b3ce9a69d54ccd5db000ec3a447bc43e6d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/026fd977dc50ff4a5e09bfb0603557f104d3f3a0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/df16afba2378d985359812c865a15c05c70a967e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/708a4b59baad96c4718dc0bd3a3427d3ab22fedc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/platforms/pseries/hotplug-memory.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bb79613a9a70",
              "status": "affected",
              "version": "51925fb3c5c9",
              "versionType": "git"
            },
            {
              "lessThan": "9b5f03500bc5",
              "status": "affected",
              "version": "51925fb3c5c9",
              "versionType": "git"
            },
            {
              "lessThan": "b582aa1f6641",
              "status": "affected",
              "version": "51925fb3c5c9",
              "versionType": "git"
            },
            {
              "lessThan": "999a27b3ce9a",
              "status": "affected",
              "version": "51925fb3c5c9",
              "versionType": "git"
            },
            {
              "lessThan": "026fd977dc50",
              "status": "affected",
              "version": "51925fb3c5c9",
              "versionType": "git"
            },
            {
              "lessThan": "df16afba2378",
              "status": "affected",
              "version": "51925fb3c5c9",
              "versionType": "git"
            },
            {
              "lessThan": "708a4b59baad",
              "status": "affected",
              "version": "51925fb3c5c9",
              "versionType": "git"
            },
            {
              "lessThan": "bd68ffce69f6",
              "status": "affected",
              "version": "51925fb3c5c9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/platforms/pseries/hotplug-memory.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/memhp: Fix access beyond end of drmem array\n\ndlpar_memory_remove_by_index() may access beyond the bounds of the\ndrmem lmb array when the LMB lookup fails to match an entry with the\ngiven DRC index. When the search fails, the cursor is left pointing to\n\u0026drmem_info-\u003elmbs[drmem_info-\u003en_lmbs], which is one element past the\nlast valid entry in the array. The debug message at the end of the\nfunction then dereferences this pointer:\n\n        pr_debug(\"Failed to hot-remove memory at %llx\\n\",\n                 lmb-\u003ebase_addr);\n\nThis was found by inspection and confirmed with KASAN:\n\n  pseries-hotplug-mem: Attempting to hot-remove LMB, drc index 1234\n  ==================================================================\n  BUG: KASAN: slab-out-of-bounds in dlpar_memory+0x298/0x1658\n  Read of size 8 at addr c000000364e97fd0 by task bash/949\n\n  dump_stack_lvl+0xa4/0xfc (unreliable)\n  print_report+0x214/0x63c\n  kasan_report+0x140/0x2e0\n  __asan_load8+0xa8/0xe0\n  dlpar_memory+0x298/0x1658\n  handle_dlpar_errorlog+0x130/0x1d0\n  dlpar_store+0x18c/0x3e0\n  kobj_attr_store+0x68/0xa0\n  sysfs_kf_write+0xc4/0x110\n  kernfs_fop_write_iter+0x26c/0x390\n  vfs_write+0x2d4/0x4e0\n  ksys_write+0xac/0x1a0\n  system_call_exception+0x268/0x530\n  system_call_vectored_common+0x15c/0x2ec\n\n  Allocated by task 1:\n   kasan_save_stack+0x48/0x80\n   kasan_set_track+0x34/0x50\n   kasan_save_alloc_info+0x34/0x50\n   __kasan_kmalloc+0xd0/0x120\n   __kmalloc+0x8c/0x320\n   kmalloc_array.constprop.0+0x48/0x5c\n   drmem_init+0x2a0/0x41c\n   do_one_initcall+0xe0/0x5c0\n   kernel_init_freeable+0x4ec/0x5a0\n   kernel_init+0x30/0x1e0\n   ret_from_kernel_user_thread+0x14/0x1c\n\n  The buggy address belongs to the object at c000000364e80000\n   which belongs to the cache kmalloc-128k of size 131072\n  The buggy address is located 0 bytes to the right of\n   allocated 98256-byte region [c000000364e80000, c000000364e97fd0)\n\n  ==================================================================\n  pseries-hotplug-mem: Failed to hot-remove memory at 0\n\nLog failed lookups with a separate message and dereference the\ncursor only when it points to a valid entry."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-28T19:49:41.485Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bb79613a9a704469ddb8d6c6029d532a5cea384c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b5f03500bc5b083c0df696d7dd169d7ef3dd0c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/b582aa1f66411d4adcc1aa55b8c575683fb4687e"
        },
        {
          "url": "https://git.kernel.org/stable/c/999a27b3ce9a69d54ccd5db000ec3a447bc43e6d"
        },
        {
          "url": "https://git.kernel.org/stable/c/026fd977dc50ff4a5e09bfb0603557f104d3f3a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/df16afba2378d985359812c865a15c05c70a967e"
        },
        {
          "url": "https://git.kernel.org/stable/c/708a4b59baad96c4718dc0bd3a3427d3ab22fedc"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
        }
      ],
      "title": "powerpc/pseries/memhp: Fix access beyond end of drmem array",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52451",
    "datePublished": "2024-02-22T16:21:42.295Z",
    "dateReserved": "2024-02-20T12:30:33.293Z",
    "dateUpdated": "2024-08-02T22:55:41.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-26591

Vulnerability from cvelistv5

Published

2024-02-22 16:21

Modified

2024-08-02 00:07

Severity

Summary

bpf: Fix re-attachment branch in bpf_tracing_prog_attach

References

URL	Tags
https://git.kernel.org/stable/c/a7b98aa10f895e2569403896f2d19b73b6c95653
https://git.kernel.org/stable/c/6cc9c0af0aa06f781fa515a1734b1a4239dfd2c0
https://git.kernel.org/stable/c/8c8bcd45e9b10eef12321f08d2e5be33d615509c
https://git.kernel.org/stable/c/50ae82f080cf87e84828f066c31723b781d68f5b
https://git.kernel.org/stable/c/715d82ba636cb3629a6e18a33bb9dbe53f9936ee

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26591",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-03-04T20:57:55.104919Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:05.953Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.536Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a7b98aa10f895e2569403896f2d19b73b6c95653"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6cc9c0af0aa06f781fa515a1734b1a4239dfd2c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c8bcd45e9b10eef12321f08d2e5be33d615509c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/50ae82f080cf87e84828f066c31723b781d68f5b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/715d82ba636cb3629a6e18a33bb9dbe53f9936ee"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/syscall.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a7b98aa10f89",
              "status": "affected",
              "version": "f3a95075549e",
              "versionType": "git"
            },
            {
              "lessThan": "6cc9c0af0aa0",
              "status": "affected",
              "version": "f3a95075549e",
              "versionType": "git"
            },
            {
              "lessThan": "8c8bcd45e9b1",
              "status": "affected",
              "version": "f3a95075549e",
              "versionType": "git"
            },
            {
              "lessThan": "50ae82f080cf",
              "status": "affected",
              "version": "f3a95075549e",
              "versionType": "git"
            },
            {
              "lessThan": "715d82ba636c",
              "status": "affected",
              "version": "f3a95075549e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/syscall.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix re-attachment branch in bpf_tracing_prog_attach\n\nThe following case can cause a crash due to missing attach_btf:\n\n1) load rawtp program\n2) load fentry program with rawtp as target_fd\n3) create tracing link for fentry program with target_fd = 0\n4) repeat 3\n\nIn the end we have:\n\n- prog-\u003eaux-\u003edst_trampoline == NULL\n- tgt_prog == NULL (because we did not provide target_fd to link_create)\n- prog-\u003eaux-\u003eattach_btf == NULL (the program was loaded with attach_prog_fd=X)\n- the program was loaded for tgt_prog but we have no way to find out which one\n\n    BUG: kernel NULL pointer dereference, address: 0000000000000058\n    Call Trace:\n     \u003cTASK\u003e\n     ? __die+0x20/0x70\n     ? page_fault_oops+0x15b/0x430\n     ? fixup_exception+0x22/0x330\n     ? exc_page_fault+0x6f/0x170\n     ? asm_exc_page_fault+0x22/0x30\n     ? bpf_tracing_prog_attach+0x279/0x560\n     ? btf_obj_id+0x5/0x10\n     bpf_tracing_prog_attach+0x439/0x560\n     __sys_bpf+0x1cf4/0x2de0\n     __x64_sys_bpf+0x1c/0x30\n     do_syscall_64+0x41/0xf0\n     entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nReturn -EINVAL in this situation."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:19:09.342Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a7b98aa10f895e2569403896f2d19b73b6c95653"
        },
        {
          "url": "https://git.kernel.org/stable/c/6cc9c0af0aa06f781fa515a1734b1a4239dfd2c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c8bcd45e9b10eef12321f08d2e5be33d615509c"
        },
        {
          "url": "https://git.kernel.org/stable/c/50ae82f080cf87e84828f066c31723b781d68f5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/715d82ba636cb3629a6e18a33bb9dbe53f9936ee"
        }
      ],
      "title": "bpf: Fix re-attachment branch in bpf_tracing_prog_attach",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26591",
    "datePublished": "2024-02-22T16:21:43.756Z",
    "dateReserved": "2024-02-19T14:20:24.126Z",
    "dateUpdated": "2024-08-02T00:07:19.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-52452

Vulnerability from cvelistv5

Published

2024-02-22 16:21

Modified

2024-08-02 22:55

Severity

Summary

bpf: Fix accesses to uninit stack slots

References

URL	Tags
https://git.kernel.org/stable/c/0954982db8283016bf38e9db2da5adf47a102e19
https://git.kernel.org/stable/c/fbcf372c8eda2290470268e0afb5ab5d5f5d5fde
https://git.kernel.org/stable/c/6b4a64bafd107e521c01eec3453ce94a3fb38529

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52452",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-22T19:34:47.236363Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:01.979Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.850Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0954982db8283016bf38e9db2da5adf47a102e19"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fbcf372c8eda2290470268e0afb5ab5d5f5d5fde"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6b4a64bafd107e521c01eec3453ce94a3fb38529"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/verifier.c",
            "tools/testing/selftests/bpf/progs/iters.c",
            "tools/testing/selftests/bpf/progs/test_global_func16.c",
            "tools/testing/selftests/bpf/progs/verifier_basic_stack.c",
            "tools/testing/selftests/bpf/progs/verifier_int_ptr.c",
            "tools/testing/selftests/bpf/progs/verifier_raw_stack.c",
            "tools/testing/selftests/bpf/progs/verifier_var_off.c",
            "tools/testing/selftests/bpf/verifier/atomic_cmpxchg.c",
            "tools/testing/selftests/bpf/verifier/calls.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0954982db828",
              "status": "affected",
              "version": "01f810ace9ed",
              "versionType": "git"
            },
            {
              "lessThan": "fbcf372c8eda",
              "status": "affected",
              "version": "01f810ace9ed",
              "versionType": "git"
            },
            {
              "lessThan": "6b4a64bafd10",
              "status": "affected",
              "version": "01f810ace9ed",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/verifier.c",
            "tools/testing/selftests/bpf/progs/iters.c",
            "tools/testing/selftests/bpf/progs/test_global_func16.c",
            "tools/testing/selftests/bpf/progs/verifier_basic_stack.c",
            "tools/testing/selftests/bpf/progs/verifier_int_ptr.c",
            "tools/testing/selftests/bpf/progs/verifier_raw_stack.c",
            "tools/testing/selftests/bpf/progs/verifier_var_off.c",
            "tools/testing/selftests/bpf/verifier/atomic_cmpxchg.c",
            "tools/testing/selftests/bpf/verifier/calls.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.12"
            },
            {
              "lessThan": "5.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix accesses to uninit stack slots\n\nPrivileged programs are supposed to be able to read uninitialized stack\nmemory (ever since 6715df8d5) but, before this patch, these accesses\nwere permitted inconsistently. In particular, accesses were permitted\nabove state-\u003eallocated_stack, but not below it. In other words, if the\nstack was already \"large enough\", the access was permitted, but\notherwise the access was rejected instead of being allowed to \"grow the\nstack\". This undesired rejection was happening in two places:\n- in check_stack_slot_within_bounds()\n- in check_stack_range_initialized()\nThis patch arranges for these accesses to be permitted. A bunch of tests\nthat were relying on the old rejection had to change; all of them were\nchanged to add also run unprivileged, in which case the old behavior\npersists. One tests couldn\u0027t be updated - global_func16 - because it\ncan\u0027t run unprivileged for other reasons.\n\nThis patch also fixes the tracking of the stack size for variable-offset\nreads. This second fix is bundled in the same commit as the first one\nbecause they\u0027re inter-related. Before this patch, writes to the stack\nusing registers containing a variable offset (as opposed to registers\nwith fixed, known values) were not properly contributing to the\nfunction\u0027s needed stack size. As a result, it was possible for a program\nto verify, but then to attempt to read out-of-bounds data at runtime\nbecause a too small stack had been allocated for it.\n\nEach function tracks the size of the stack it needs in\nbpf_subprog_info.stack_depth, which is maintained by\nupdate_stack_depth(). For regular memory accesses, check_mem_access()\nwas calling update_state_depth() but it was passing in only the fixed\npart of the offset register, ignoring the variable offset. This was\nincorrect; the minimum possible value of that register should be used\ninstead.\n\nThis tracking is now fixed by centralizing the tracking of stack size in\ngrow_stack_state(), and by lifting the calls to grow_stack_state() to\ncheck_stack_access_within_bounds() as suggested by Andrii. The code is\nnow simpler and more convincingly tracks the correct maximum stack size.\ncheck_stack_range_initialized() can now rely on enough stack having been\nallocated for the access; this helps with the fix for the first issue.\n\nA few tests were changed to also check the stack depth computation. The\none that fails without this patch is verifier_var_off:stack_write_priv_vs_unpriv."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-29T05:12:07.545Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0954982db8283016bf38e9db2da5adf47a102e19"
        },
        {
          "url": "https://git.kernel.org/stable/c/fbcf372c8eda2290470268e0afb5ab5d5f5d5fde"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b4a64bafd107e521c01eec3453ce94a3fb38529"
        }
      ],
      "title": "bpf: Fix accesses to uninit stack slots",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52452",
    "datePublished": "2024-02-22T16:21:43.094Z",
    "dateReserved": "2024-02-20T12:30:33.293Z",
    "dateUpdated": "2024-08-02T22:55:41.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-52445

Vulnerability from cvelistv5

Published

2024-02-22 16:21

Modified

2024-08-02 22:55

Severity

Summary

media: pvrusb2: fix use after free on context disconnection

References

URL	Tags
https://git.kernel.org/stable/c/ec36c134dd020d28e312c2f1766f85525e747aab
https://git.kernel.org/stable/c/47aa8fcd5e8b5563af4042a00f25ba89bef8f33d
https://git.kernel.org/stable/c/3233d8bf7893550045682192cb227af7fa3defeb
https://git.kernel.org/stable/c/ec3634ebe23fc3c44ebc67c6d25917300bc68c08
https://git.kernel.org/stable/c/30773ea47d41773f9611ffb4ebc9bda9d19a9e7e
https://git.kernel.org/stable/c/2cf0005d315549b8d2b940ff96a66c2a889aa795
https://git.kernel.org/stable/c/437b5f57732bb4cc32cc9f8895d2010ee9ff521c
https://git.kernel.org/stable/c/ded85b0c0edd8f45fec88783d7555a5b982449c1
https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html
https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html

Impacted products

Vendor	Product
Linux	Linux
Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T22:55:41.783Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ec36c134dd020d28e312c2f1766f85525e747aab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/47aa8fcd5e8b5563af4042a00f25ba89bef8f33d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3233d8bf7893550045682192cb227af7fa3defeb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ec3634ebe23fc3c44ebc67c6d25917300bc68c08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/30773ea47d41773f9611ffb4ebc9bda9d19a9e7e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2cf0005d315549b8d2b940ff96a66c2a889aa795"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/437b5f57732bb4cc32cc9f8895d2010ee9ff521c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ded85b0c0edd8f45fec88783d7555a5b982449c1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/usb/pvrusb2/pvrusb2-context.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ec36c134dd02",
              "status": "affected",
              "version": "e5be15c63804",
              "versionType": "git"
            },
            {
              "lessThan": "47aa8fcd5e8b",
              "status": "affected",
              "version": "e5be15c63804",
              "versionType": "git"
            },
            {
              "lessThan": "3233d8bf7893",
              "status": "affected",
              "version": "e5be15c63804",
              "versionType": "git"
            },
            {
              "lessThan": "ec3634ebe23f",
              "status": "affected",
              "version": "e5be15c63804",
              "versionType": "git"
            },
            {
              "lessThan": "30773ea47d41",
              "status": "affected",
              "version": "e5be15c63804",
              "versionType": "git"
            },
            {
              "lessThan": "2cf0005d3155",
              "status": "affected",
              "version": "e5be15c63804",
              "versionType": "git"
            },
            {
              "lessThan": "437b5f57732b",
              "status": "affected",
              "version": "e5be15c63804",
              "versionType": "git"
            },
            {
              "lessThan": "ded85b0c0edd",
              "status": "affected",
              "version": "e5be15c63804",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/usb/pvrusb2/pvrusb2-context.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.26"
            },
            {
              "lessThan": "2.6.26",
              "status": "unaffected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.268",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.209",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.148",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.75",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.14",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: pvrusb2: fix use after free on context disconnection\n\nUpon module load, a kthread is created targeting the\npvr2_context_thread_func function, which may call pvr2_context_destroy\nand thus call kfree() on the context object. However, that might happen\nbefore the usb hub_event handler is able to notify the driver. This\npatch adds a sanity check before the invalid read reported by syzbot,\nwithin the context disconnection call stack."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-28T19:49:33.356Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ec36c134dd020d28e312c2f1766f85525e747aab"
        },
        {
          "url": "https://git.kernel.org/stable/c/47aa8fcd5e8b5563af4042a00f25ba89bef8f33d"
        },
        {
          "url": "https://git.kernel.org/stable/c/3233d8bf7893550045682192cb227af7fa3defeb"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec3634ebe23fc3c44ebc67c6d25917300bc68c08"
        },
        {
          "url": "https://git.kernel.org/stable/c/30773ea47d41773f9611ffb4ebc9bda9d19a9e7e"
        },
        {
          "url": "https://git.kernel.org/stable/c/2cf0005d315549b8d2b940ff96a66c2a889aa795"
        },
        {
          "url": "https://git.kernel.org/stable/c/437b5f57732bb4cc32cc9f8895d2010ee9ff521c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ded85b0c0edd8f45fec88783d7555a5b982449c1"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
        },
        {
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
        }
      ],
      "title": "media: pvrusb2: fix use after free on context disconnection",
      "x_generator": {
        "engine": "bippy-a5840b7849dd"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52445",
    "datePublished": "2024-02-22T16:21:37.784Z",
    "dateReserved": "2024-02-20T12:30:33.291Z",
    "dateUpdated": "2024-08-02T22:55:41.783Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

Vulnerability from csaf_certbund

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags