Action not permitted
Modal body text goes here.
wid-sec-w-2024-0773
Vulnerability from csaf_certbund
Published
2024-04-03 22:00
Modified
2024-07-24 22:00
Summary
Linux Kernel: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder einen nicht näher spezifizierten Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0773 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0773.json" }, { "category": "self", "summary": "WID-SEC-2024-0773 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0773" }, { "category": "external", "summary": "GitHub Advisory GHSA-4fj7-85cf-9m8p vom 2024-04-03", "url": "https://github.com/advisories/GHSA-4fj7-85cf-9m8p" }, { "category": "external", "summary": "Red Hat Bugtracker #2273072 vom 2024-04-03", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273072" }, { "category": "external", "summary": "Red Hat Bugtracker #2273076 vom 2024-04-03", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273076" }, { "category": "external", "summary": "Red Hat Bugtracker #2273074 vom 2024-04-03", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273074" }, { "category": "external", "summary": "GitHub Advisory GHSA-37h8-63p8-qhhg vom 2024-04-03", "url": "https://github.com/advisories/GHSA-37h8-63p8-qhhg" }, { "category": "external", "summary": "Linux Kernel CVE Announcements vom 2024-04-03", "url": "https://lore.kernel.org/linux-cve-announce/" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1322-1 vom 2024-04-17", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018374.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1332-2 vom 2024-04-18", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018378.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1322-2 vom 2024-04-18", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018377.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1332-1 vom 2024-04-18", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018376.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1454-1 vom 2024-04-26", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018431.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1466-1 vom 2024-04-29", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018438.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1480-1 vom 2024-04-30", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-April/018444.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1490-1 vom 2024-05-03", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018445.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-5681 vom 2024-05-06", "url": "https://lists.debian.org/debian-security-announce/2024/msg00090.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6765-1 vom 2024-05-07", "url": "https://ubuntu.com/security/notices/USN-6765-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6767-1 vom 2024-05-07", "url": "https://ubuntu.com/security/notices/USN-6767-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6766-1 vom 2024-05-07", "url": "https://ubuntu.com/security/notices/USN-6766-1" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-12380 vom 2024-05-14", "url": "http://linux.oracle.com/errata/ELSA-2024-12380.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6767-2 vom 2024-05-14", "url": "https://ubuntu.com/security/notices/USN-6767-2" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1645-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018527.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1647-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018525.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1642-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018530.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1641-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018531.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1646-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018526.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1648-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018524.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1643-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018529.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1644-1 vom 2024-05-14", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018528.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1650-1 vom 2024-05-15", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018533.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1659-1 vom 2024-05-15", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018538.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6766-2 vom 2024-05-15", "url": "https://ubuntu.com/security/notices/USN-6766-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6774-1 vom 2024-05-16", "url": "https://ubuntu.com/security/notices/USN-6774-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6778-1 vom 2024-05-16", "url": "https://ubuntu.com/security/notices/USN-6778-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6777-1 vom 2024-05-16", "url": "https://ubuntu.com/security/notices/USN-6777-1" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1682-1 vom 2024-05-20", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018546.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1677-1 vom 2024-05-17", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018543.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1695-1 vom 2024-05-20", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018549.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1685-1 vom 2024-05-20", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018553.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1680-1 vom 2024-05-20", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018547.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6766-3 vom 2024-05-20", "url": "https://ubuntu.com/security/notices/USN-6766-3" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1679-1 vom 2024-05-17", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018544.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6777-2 vom 2024-05-20", "url": "https://ubuntu.com/security/notices/USN-6777-2" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1705-1 vom 2024-05-21", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018565.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1711-1 vom 2024-05-21", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018571.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1726-1 vom 2024-05-21", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018577.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1740-1 vom 2024-05-21", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018579.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1739-1 vom 2024-05-21", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018580.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6777-3 vom 2024-05-22", "url": "https://ubuntu.com/security/notices/USN-6777-3" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1648-2 vom 2024-05-21", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018572.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1748-1 vom 2024-05-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018589.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1749-1 vom 2024-05-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018587.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1759-1 vom 2024-05-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018592.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1750-1 vom 2024-05-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018586.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1753-1 vom 2024-05-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018584.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1757-1 vom 2024-05-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018593.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3306 vom 2024-05-23", "url": "https://access.redhat.com/errata/RHSA-2024:3306" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6777-4 vom 2024-05-23", "url": "https://ubuntu.com/security/notices/USN-6777-4" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-3306 vom 2024-05-25", "url": "https://linux.oracle.com/errata/ELSA-2024-3306.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6795-1 vom 2024-05-28", "url": "https://ubuntu.com/security/notices/USN-6795-1" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3460 vom 2024-05-29", "url": "https://access.redhat.com/errata/RHSA-2024:3460" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3461 vom 2024-05-29", "url": "https://access.redhat.com/errata/RHSA-2024:3461" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1870-1 vom 2024-05-30", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018634.html" }, { "category": "external", "summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2024-068 vom 2024-05-30", "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2024-068.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3618 vom 2024-06-05", "url": "https://access.redhat.com/errata/RHSA-2024:3618" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3619 vom 2024-06-05", "url": "https://access.redhat.com/errata/RHSA-2024:3619" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-12377 vom 2024-06-05", "url": "https://oss.oracle.com/pipermail/el-errata/2024-June/015801.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-12377 vom 2024-06-05", "url": "https://oss.oracle.com/pipermail/el-errata/2024-June/015802.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:3627 vom 2024-06-05", "url": "https://access.redhat.com/errata/RHSA-2024:3627" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-12385 vom 2024-06-05", "url": "https://oss.oracle.com/pipermail/el-errata/2024-June/015807.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-12385 vom 2024-06-05", "url": "https://oss.oracle.com/pipermail/el-errata/2024-June/015806.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-3619 vom 2024-06-07", "url": "http://linux.oracle.com/errata/ELSA-2024-3619.html" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-3618 vom 2024-06-06", "url": "https://linux.oracle.com/errata/ELSA-2024-3618.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6821-1 vom 2024-06-08", "url": "https://ubuntu.com/security/notices/USN-6821-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6820-1 vom 2024-06-08", "url": "https://ubuntu.com/security/notices/USN-6820-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6816-1 vom 2024-06-08", "url": "https://ubuntu.com/security/notices/USN-6816-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6819-1 vom 2024-06-08", "url": "https://ubuntu.com/security/notices/USN-6819-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6817-1 vom 2024-06-08", "url": "https://ubuntu.com/security/notices/USN-6817-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6818-1 vom 2024-06-08", "url": "https://ubuntu.com/security/notices/USN-6818-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6818-2 vom 2024-06-10", "url": "https://ubuntu.com/security/notices/USN-6818-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6821-2 vom 2024-06-10", "url": "https://ubuntu.com/security/notices/USN-6821-2" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1979-1 vom 2024-06-11", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018685.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6817-2 vom 2024-06-11", "url": "https://ubuntu.com/security/notices/USN-6817-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6821-3 vom 2024-06-11", "url": "https://ubuntu.com/security/notices/USN-6821-3" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:1983-1 vom 2024-06-11", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018700.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6828-1 vom 2024-06-11", "url": "https://ubuntu.com/security/notices/USN-6828-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6820-2 vom 2024-06-11", "url": "https://ubuntu.com/security/notices/USN-6820-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6819-2 vom 2024-06-12", "url": "https://ubuntu.com/security/notices/USN-6819-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6831-1 vom 2024-06-12", "url": "https://ubuntu.com/security/notices/USN-6831-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6819-3 vom 2024-06-12", "url": "https://ubuntu.com/security/notices/USN-6819-3" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2008-1 vom 2024-06-12", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018706.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6818-3 vom 2024-06-14", "url": "https://ubuntu.com/security/notices/USN-6818-3" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6817-3 vom 2024-06-14", "url": "https://ubuntu.com/security/notices/USN-6817-3" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6821-4 vom 2024-06-14", "url": "https://ubuntu.com/security/notices/USN-6821-4" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6818-4 vom 2024-06-19", "url": "https://ubuntu.com/security/notices/USN-6818-4" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2092-1 vom 2024-06-19", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018765.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2162-1 vom 2024-06-21", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018785.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2135-1 vom 2024-06-21", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018783.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2163-1 vom 2024-06-21", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018784.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2184-1 vom 2024-06-24", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018807.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2189-1 vom 2024-06-25", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018811.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2190-1 vom 2024-06-25", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018819.html" }, { "category": "external", "summary": "Debian Security Advisory DLA-3842 vom 2024-06-25", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2207-1 vom 2024-06-25", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018824.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6819-4 vom 2024-06-26", "url": "https://ubuntu.com/security/notices/USN-6819-4" }, { "category": "external", "summary": "Debian Security Advisory DLA-3840 vom 2024-06-27", "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4211 vom 2024-07-02", "url": "https://access.redhat.com/errata/RHSA-2024:4211" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-4211 vom 2024-07-03", "url": "https://linux.oracle.com/errata/ELSA-2024-4211.html" }, { "category": "external", "summary": "Dell Security Advisory DSA-2024-022 vom 2024-07-03", "url": "https://www.dell.com/support/kbdoc/de-de/000226633/dsa-2024-022-security-update-for-dell-networker-vproxy-multiple-component-vulnerabilities" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6871-1 vom 2024-07-04", "url": "https://ubuntu.com/security/notices/USN-6871-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6872-1 vom 2024-07-04", "url": "https://ubuntu.com/security/notices/USN-6872-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6873-1 vom 2024-07-04", "url": "https://ubuntu.com/security/notices/USN-6873-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6866-1 vom 2024-07-04", "url": "https://ubuntu.com/security/notices/USN-6866-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6865-1 vom 2024-07-04", "url": "https://ubuntu.com/security/notices/USN-6865-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6874-1 vom 2024-07-04", "url": "https://ubuntu.com/security/notices/USN-6874-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6872-2 vom 2024-07-04", "url": "https://ubuntu.com/security/notices/USN-6872-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6873-2 vom 2024-07-04", "url": "https://ubuntu.com/security/notices/USN-6873-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6866-2 vom 2024-07-04", "url": "https://ubuntu.com/security/notices/USN-6866-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6878-1 vom 2024-07-04", "url": "https://ubuntu.com/security/notices/USN-6878-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6865-2 vom 2024-07-04", "url": "https://ubuntu.com/security/notices/USN-6865-2" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4349 vom 2024-07-08", "url": "https://access.redhat.com/errata/RHSA-2024:4349" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4352 vom 2024-07-08", "url": "https://access.redhat.com/errata/RHSA-2024:4352" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-4349 vom 2024-07-09", "url": "https://linux.oracle.com/errata/ELSA-2024-4349.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2337-1 vom 2024-07-08", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018881.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2372-1 vom 2024-07-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018901.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2360-1 vom 2024-07-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018907.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4447 vom 2024-07-10", "url": "https://access.redhat.com/errata/RHSA-2024:4447" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2381-1 vom 2024-07-10", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018916.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6892-1 vom 2024-07-10", "url": "https://ubuntu.com/security/notices/USN-6892-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6866-3 vom 2024-07-10", "url": "https://ubuntu.com/security/notices/USN-6866-3" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4321 vom 2024-07-10", "url": "https://access.redhat.com/errata/RHSA-2024:4321" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2394-1 vom 2024-07-10", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018922.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2385-1 vom 2024-07-10", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018920.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4533 vom 2024-07-15", "url": "https://access.redhat.com/errata/RHSA-2024:4533" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2448-1 vom 2024-07-12", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018945.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2447-1 vom 2024-07-12", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018946.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2446-1 vom 2024-07-12", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018947.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6896-1 vom 2024-07-12", "url": "https://ubuntu.com/security/notices/USN-6896-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6895-1 vom 2024-07-12", "url": "https://ubuntu.com/security/notices/USN-6895-1" }, { "category": "external", "summary": "Rocky Linux Security Advisory RLSA-2024:4349 vom 2024-07-15", "url": "https://errata.build.resf.org/RLSA-2024:4349" }, { "category": "external", "summary": "Rocky Linux Security Advisory RLSA-2024:4352 vom 2024-07-15", "url": "https://errata.build.resf.org/RLSA-2024:4352" }, { "category": "external", "summary": "Rocky Linux Security Advisory RLSA-2024:4211 vom 2024-07-15", "url": "https://errata.build.resf.org/RLSA-2024:4211" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6898-1 vom 2024-07-15", "url": "https://ubuntu.com/security/notices/USN-6898-1" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4554 vom 2024-07-16", "url": "https://access.redhat.com/errata/RHSA-2024:4554" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2495-1 vom 2024-07-16", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018982.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6895-2 vom 2024-07-16", "url": "https://ubuntu.com/security/notices/USN-6895-2" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4583 vom 2024-07-17", "url": "https://access.redhat.com/errata/RHSA-2024:4583" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6896-2 vom 2024-07-16", "url": "https://ubuntu.com/security/notices/USN-6896-2" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6896-3 vom 2024-07-17", "url": "https://ubuntu.com/security/notices/USN-6896-3" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6900-1 vom 2024-07-17", "url": "https://ubuntu.com/security/notices/USN-6900-1" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6898-2 vom 2024-07-17", "url": "https://ubuntu.com/security/notices/USN-6898-2" }, { "category": "external", "summary": "Oracle Linux Security Advisory ELSA-2024-4583 vom 2024-07-19", "url": "https://linux.oracle.com/errata/ELSA-2024-4583.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2561-1 vom 2024-07-18", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019001.html" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18", "url": "https://access.redhat.com/errata/RHSA-2024:4631" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6898-3 vom 2024-07-19", "url": "https://ubuntu.com/security/notices/USN-6898-3" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6895-3 vom 2024-07-19", "url": "https://ubuntu.com/security/notices/USN-6895-3" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6896-4 vom 2024-07-19", "url": "https://ubuntu.com/security/notices/USN-6896-4" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2571-1 vom 2024-07-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019019.html" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6896-5 vom 2024-07-23", "url": "https://ubuntu.com/security/notices/USN-6896-5" }, { "category": "external", "summary": "Ubuntu Security Notice USN-6898-4 vom 2024-07-23", "url": "https://ubuntu.com/security/notices/USN-6898-4" }, { "category": "external", "summary": "SEM 2024.2.1 release notes vom 2024-07-23", "url": "https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2024-2-1_release_notes.htm" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4740 vom 2024-07-24", "url": "https://access.redhat.com/errata/RHSA-2024:4740" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4831 vom 2024-07-24", "url": "https://access.redhat.com/errata/RHSA-2024:4831" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:4823 vom 2024-07-24", "url": "https://access.redhat.com/errata/RHSA-2024:4823" } ], "source_lang": "en-US", "title": "Linux Kernel: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-07-24T22:00:00.000+00:00", "generator": { "date": "2024-07-25T08:35:37.135+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0773", "initial_release_date": "2024-04-03T22:00:00.000+00:00", "revision_history": [ { "date": "2024-04-03T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-04-04T22:00:00.000+00:00", "number": "2", "summary": "CVE-2024-26752 erg\u00e4nzt" }, { "date": "2024-04-16T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-04-18T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-04-28T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-04-29T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-01T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-02T22:00:00.000+00:00", "number": "8", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-06T22:00:00.000+00:00", "number": "9", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2024-05-07T22:00:00.000+00:00", "number": "10", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-05-13T22:00:00.000+00:00", "number": "11", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2024-05-14T22:00:00.000+00:00", "number": "12", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-15T22:00:00.000+00:00", "number": "13", "summary": "Neue Updates von SUSE und Ubuntu aufgenommen" }, { "date": "2024-05-16T22:00:00.000+00:00", "number": "14", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-05-20T22:00:00.000+00:00", "number": "15", "summary": "Neue Updates von SUSE und Ubuntu aufgenommen" }, { "date": "2024-05-21T22:00:00.000+00:00", "number": "16", "summary": "Neue Updates von SUSE und Ubuntu aufgenommen" }, { "date": "2024-05-22T22:00:00.000+00:00", "number": "17", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-05-23T22:00:00.000+00:00", "number": "18", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-05-26T22:00:00.000+00:00", "number": "19", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2024-05-28T22:00:00.000+00:00", "number": "20", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-05-30T22:00:00.000+00:00", "number": "21", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-06-04T22:00:00.000+00:00", "number": "22", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-06-05T22:00:00.000+00:00", "number": "23", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2024-06-06T22:00:00.000+00:00", "number": "24", "summary": "Neue Updates von Oracle Linux aufgenommen" }, { "date": "2024-06-09T22:00:00.000+00:00", "number": "25", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-06-10T22:00:00.000+00:00", "number": "26", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-06-11T22:00:00.000+00:00", "number": "27", "summary": "Neue Updates von Ubuntu und SUSE aufgenommen" }, { "date": "2024-06-12T22:00:00.000+00:00", "number": "28", "summary": "Neue Updates von Ubuntu und SUSE aufgenommen" }, { "date": "2024-06-16T22:00:00.000+00:00", "number": "29", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-06-18T22:00:00.000+00:00", "number": "30", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-06-19T22:00:00.000+00:00", "number": "31", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-06-23T22:00:00.000+00:00", "number": "32", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-06-24T22:00:00.000+00:00", "number": "33", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-06-25T22:00:00.000+00:00", "number": "34", "summary": "Neue Updates von SUSE und Debian aufgenommen" }, { "date": "2024-06-26T22:00:00.000+00:00", "number": "35", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-06-27T22:00:00.000+00:00", "number": "36", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2024-07-01T22:00:00.000+00:00", "number": "37", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-07-02T22:00:00.000+00:00", "number": "38", "summary": "Neue Updates von Oracle Linux und Dell aufgenommen" }, { "date": "2024-07-03T22:00:00.000+00:00", "number": "39", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-07-04T22:00:00.000+00:00", "number": "40", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-07-07T22:00:00.000+00:00", "number": "41", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-07-08T22:00:00.000+00:00", "number": "42", "summary": "Neue Updates von Oracle Linux und SUSE aufgenommen" }, { "date": "2024-07-09T22:00:00.000+00:00", "number": "43", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-07-10T22:00:00.000+00:00", "number": "44", "summary": "Neue Updates von Ubuntu, Red Hat und SUSE aufgenommen" }, { "date": "2024-07-14T22:00:00.000+00:00", "number": "45", "summary": "Neue Updates von Red Hat, SUSE und Ubuntu aufgenommen" }, { "date": "2024-07-15T22:00:00.000+00:00", "number": "46", "summary": "Neue Updates von Rocky Enterprise Software Foundation, Ubuntu und Red Hat aufgenommen" }, { "date": "2024-07-16T22:00:00.000+00:00", "number": "47", "summary": "Neue Updates von Red Hat und Ubuntu aufgenommen" }, { "date": "2024-07-17T22:00:00.000+00:00", "number": "48", "summary": "Neue Updates von Ubuntu aufgenommen" }, { "date": "2024-07-18T22:00:00.000+00:00", "number": "49", "summary": "Neue Updates von Oracle Linux, SUSE und Red Hat aufgenommen" }, { "date": "2024-07-22T22:00:00.000+00:00", "number": "50", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-07-23T22:00:00.000+00:00", "number": "51", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-07-24T22:00:00.000+00:00", "number": "52", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "52" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Amazon Linux 2", "product": { "name": "Amazon Linux 2", "product_id": "398363", "product_identification_helper": { "cpe": "cpe:/o:amazon:linux_2:-" } } } ], "category": "vendor", "name": "Amazon" }, { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c19.11", "product": { "name": "Dell NetWorker \u003c19.11", "product_id": "T035785", "product_identification_helper": { "cpe": "cpe:/a:dell:networker:19.11" } } } ], "category": "product_name", "name": "NetWorker" } ], "category": "vendor", "name": "Dell" }, { "branches": [ { "category": "product_name", "name": "Open Source Linux Kernel", "product": { "name": "Open Source Linux Kernel", "product_id": "T033861", "product_identification_helper": { "cpe": "cpe:/o:linux:linux_kernel:-" } } } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "Oracle Linux", "product": { "name": "Oracle Linux", "product_id": "T004914", "product_identification_helper": { "cpe": "cpe:/o:oracle:linux:-" } } } ], "category": "vendor", "name": "Oracle" }, { "branches": [ { "category": "product_name", "name": "RESF Rocky Linux", "product": { "name": "RESF Rocky Linux", "product_id": "T032255", "product_identification_helper": { "cpe": "cpe:/o:resf:rocky_linux:-" } } } ], "category": "vendor", "name": "RESF" }, { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } } ], "category": "vendor", "name": "Red Hat" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c2024.2", "product": { "name": "SolarWinds Security Event Manager \u003c2024.2", "product_id": "T034244", "product_identification_helper": { "cpe": "cpe:/a:solarwinds:security_event_manager:2024.2" } } } ], "category": "product_name", "name": "Security Event Manager" } ], "category": "vendor", "name": "SolarWinds" }, { "branches": [ { "category": "product_name", "name": "Ubuntu Linux", "product": { "name": "Ubuntu Linux", "product_id": "T000126", "product_identification_helper": { "cpe": "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category": "vendor", "name": "Ubuntu" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-3061", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2022-3061" }, { "cve": "CVE-2024-26685", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26685" }, { "cve": "CVE-2024-26686", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26686" }, { "cve": "CVE-2024-26687", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26687" }, { "cve": "CVE-2024-26688", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26688" }, { "cve": "CVE-2024-26689", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26689" }, { "cve": "CVE-2024-26690", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26690" }, { "cve": "CVE-2024-26691", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26691" }, { "cve": "CVE-2024-26692", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26692" }, { "cve": "CVE-2024-26693", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26693" }, { "cve": "CVE-2024-26694", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26694" }, { "cve": "CVE-2024-26695", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26695" }, { "cve": "CVE-2024-26696", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26696" }, { "cve": "CVE-2024-26697", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26697" }, { "cve": "CVE-2024-26698", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26698" }, { "cve": "CVE-2024-26699", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26699" }, { "cve": "CVE-2024-26700", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26700" }, { "cve": "CVE-2024-26701", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26701" }, { "cve": "CVE-2024-26702", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26702" }, { "cve": "CVE-2024-26703", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26703" }, { "cve": "CVE-2024-26704", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26704" }, { "cve": "CVE-2024-26705", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26705" }, { "cve": "CVE-2024-26706", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26706" }, { "cve": "CVE-2024-26707", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26707" }, { "cve": "CVE-2024-26708", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26708" }, { "cve": "CVE-2024-26709", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26709" }, { "cve": "CVE-2024-26710", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26710" }, { "cve": "CVE-2024-26711", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26711" }, { "cve": "CVE-2024-26712", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26712" }, { "cve": "CVE-2024-26713", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26713" }, { "cve": "CVE-2024-26714", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26714" }, { "cve": "CVE-2024-26715", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26715" }, { "cve": "CVE-2024-26716", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26716" }, { "cve": "CVE-2024-26717", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26717" }, { "cve": "CVE-2024-26718", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26718" }, { "cve": "CVE-2024-26719", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26719" }, { "cve": "CVE-2024-26720", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26720" }, { "cve": "CVE-2024-26721", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26721" }, { "cve": "CVE-2024-26722", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26722" }, { "cve": "CVE-2024-26723", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26723" }, { "cve": "CVE-2024-26724", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26724" }, { "cve": "CVE-2024-26725", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26725" }, { "cve": "CVE-2024-26726", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26726" }, { "cve": "CVE-2024-26727", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26727" }, { "cve": "CVE-2024-26728", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26728" }, { "cve": "CVE-2024-26729", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26729" }, { "cve": "CVE-2024-26730", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26730" }, { "cve": "CVE-2024-26731", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26731" }, { "cve": "CVE-2024-26732", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26732" }, { "cve": "CVE-2024-26733", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26733" }, { "cve": "CVE-2024-26734", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26734" }, { "cve": "CVE-2024-26735", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26735" }, { "cve": "CVE-2024-26736", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26736" }, { "cve": "CVE-2024-26737", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26737" }, { "cve": "CVE-2024-26738", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26738" }, { "cve": "CVE-2024-26739", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26739" }, { "cve": "CVE-2024-26740", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26740" }, { "cve": "CVE-2024-26741", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26741" }, { "cve": "CVE-2024-26742", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26742" }, { "cve": "CVE-2024-26743", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26743" }, { "cve": "CVE-2024-26744", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26744" }, { "cve": "CVE-2024-26745", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26745" }, { "cve": "CVE-2024-26746", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26746" }, { "cve": "CVE-2024-26747", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26747" }, { "cve": "CVE-2024-26748", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26748" }, { "cve": "CVE-2024-26749", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26749" }, { "cve": "CVE-2024-26750", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26750" }, { "cve": "CVE-2024-26751", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26751" }, { "cve": "CVE-2024-26752", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26752" }, { "cve": "CVE-2024-26753", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26753" }, { "cve": "CVE-2024-26754", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26754" }, { "cve": "CVE-2024-26755", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26755" }, { "cve": "CVE-2024-26756", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26756" }, { "cve": "CVE-2024-26757", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26757" }, { "cve": "CVE-2024-26758", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26758" }, { "cve": "CVE-2024-26759", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26759" }, { "cve": "CVE-2024-26760", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26760" }, { "cve": "CVE-2024-26761", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26761" }, { "cve": "CVE-2024-26762", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26762" }, { "cve": "CVE-2024-26763", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26763" }, { "cve": "CVE-2024-26764", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26764" }, { "cve": "CVE-2024-26765", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26765" }, { "cve": "CVE-2024-26766", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26766" }, { "cve": "CVE-2024-26767", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26767" }, { "cve": "CVE-2024-26768", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26768" }, { "cve": "CVE-2024-26769", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26769" }, { "cve": "CVE-2024-26770", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26770" }, { "cve": "CVE-2024-26771", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26771" }, { "cve": "CVE-2024-26772", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26772" }, { "cve": "CVE-2024-26773", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26773" }, { "cve": "CVE-2024-26774", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26774" }, { "cve": "CVE-2024-26775", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26775" }, { "cve": "CVE-2024-26776", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26776" }, { "cve": "CVE-2024-26777", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26777" }, { "cve": "CVE-2024-26778", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26778" }, { "cve": "CVE-2024-26779", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26779" }, { "cve": "CVE-2024-26780", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26780" }, { "cve": "CVE-2024-26781", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26781" }, { "cve": "CVE-2024-26782", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26782" }, { "cve": "CVE-2024-26783", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26783" }, { "cve": "CVE-2024-26784", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26784" }, { "cve": "CVE-2024-26785", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26785" }, { "cve": "CVE-2024-26786", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26786" }, { "cve": "CVE-2024-26787", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26787" }, { "cve": "CVE-2024-26788", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26788" }, { "cve": "CVE-2024-26789", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26789" }, { "cve": "CVE-2024-26790", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26790" }, { "cve": "CVE-2024-26791", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26791" }, { "cve": "CVE-2024-26792", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26792" }, { "cve": "CVE-2024-26793", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26793" }, { "cve": "CVE-2024-26794", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26794" }, { "cve": "CVE-2024-26795", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26795" }, { "cve": "CVE-2024-26796", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26796" }, { "cve": "CVE-2024-26797", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26797" }, { "cve": "CVE-2024-26798", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26798" }, { "cve": "CVE-2024-26799", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26799" }, { "cve": "CVE-2024-26800", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26800" }, { "cve": "CVE-2024-26801", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26801" }, { "cve": "CVE-2024-26802", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26802" }, { "cve": "CVE-2024-26803", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26803" }, { "cve": "CVE-2024-26804", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26804" }, { "cve": "CVE-2024-26805", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26805" }, { "cve": "CVE-2024-26806", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26806" }, { "cve": "CVE-2024-26807", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26807" }, { "cve": "CVE-2024-26808", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26808" }, { "cve": "CVE-2024-26809", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Subsystemen und Komponenten wie powerpc/kasan, KVM oder nilfs2, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL-Zeiger-Dereferenz, einem \"Use after Free\" oder einem Deadlock. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "67646", "T000126", "398363", "T004914", "T032255", "T033861", "T035785", "T034244" ] }, "release_date": "2024-04-03T22:00:00Z", "title": "CVE-2024-26809" } ] }
cve-2022-3061
Vulnerability from cvelistv5
Published
2022-09-01 00:00
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:00:10.183Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev.git/commit/?id=15cf0b82271b1823fb02ab8c377badba614d95d5" }, { "name": "DSA-5257", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Kernel", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Linux kernel 5.18-rc5" } ] } ], "descriptions": [ { "lang": "en", "value": "Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn\u0027t check the value of \u0027pixclock\u0027, so it may cause a divide by zero error." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-369", "description": "CWE-369", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-01T00:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/deller/linux-fbdev.git/commit/?id=15cf0b82271b1823fb02ab8c377badba614d95d5" }, { "name": "DSA-5257", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2022/dsa-5257" }, { "name": "[debian-lts-announce] 20221101 [SECURITY] [DLA 3173-1] linux-5.10 security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00001.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2022-3061", "datePublished": "2022-09-01T00:00:00", "dateReserved": "2022-08-30T00:00:00", "dateUpdated": "2024-08-03T01:00:10.183Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26777
Vulnerability from cvelistv5
Published
2024-04-03 17:01
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
fbdev: sis: Error out if pixclock equals zero
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26777", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:10:58.840983Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:30.706Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.470Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/video/fbdev/sis/sis_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "84246c35ca34", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "6db07619d173", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "cd36da760bd1", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "df6e2088c6f4", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "f329523f6a65", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "99f1abc34a6d", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "1d11dd3ea5d0", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "e421946be7d9", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/video/fbdev/sis/sis_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.308", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: sis: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn\u0027t check the value of pixclock,\nit may cause divide-by-zero error.\n\nIn sisfb_check_var(), var-\u003epixclock is used as a divisor to caculate\ndrate before it is checked against zero. Fix this by checking it\nat the beginning.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:37.485Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e" }, { "url": "https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207" }, { "url": "https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313" }, { "url": "https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1" }, { "url": "https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99" }, { "url": "https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb" }, { "url": "https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b" }, { "url": "https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239cb7ca52" } ], "title": "fbdev: sis: Error out if pixclock equals zero", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26777", "datePublished": "2024-04-03T17:01:02.935Z", "dateReserved": "2024-02-19T14:20:24.177Z", "dateUpdated": "2024-11-05T09:15:37.485Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26744
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-06 21:08
Severity ?
EPSS score ?
Summary
RDMA/srpt: Support specifying the srpt_service_guid parameter
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26744", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T19:40:03.230655Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-06T21:08:27.208Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.022Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/84f1dac960cfa210a3b7a7522e6c2320ae91932b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5a5c039dac1b1b7ba3e91c791f4421052bf79b82" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/989af2f29342a9a7c7515523d879b698ac8465f4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/aee4dcfe17219fe60f2821923adea98549060af8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fe2a73d57319feab4b3b175945671ce43492172f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c99a827d3cff9f84e1cb997b7cc6386d107aa74d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fdfa083549de5d50ebf7f6811f33757781e838c0" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/infiniband/ulp/srpt/ib_srpt.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "84f1dac960cf", "status": "affected", "version": "a42d985bd5b2", "versionType": "git" }, { "lessThan": "5a5c039dac1b", "status": "affected", "version": "a42d985bd5b2", "versionType": "git" }, { "lessThan": "989af2f29342", "status": "affected", "version": "a42d985bd5b2", "versionType": "git" }, { "lessThan": "aee4dcfe1721", "status": "affected", "version": "a42d985bd5b2", "versionType": "git" }, { "lessThan": "fe2a73d57319", "status": "affected", "version": "a42d985bd5b2", "versionType": "git" }, { "lessThan": "c99a827d3cff", "status": "affected", "version": "a42d985bd5b2", "versionType": "git" }, { "lessThan": "fdfa083549de", "status": "affected", "version": "a42d985bd5b2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/infiniband/ulp/srpt/ib_srpt.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.3" }, { "lessThan": "3.3", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.308", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/srpt: Support specifying the srpt_service_guid parameter\n\nMake loading ib_srpt with this parameter set work. The current behavior is\nthat setting that parameter while loading the ib_srpt kernel module\ntriggers the following kernel crash:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000000\nCall Trace:\n \u003cTASK\u003e\n parse_one+0x18c/0x1d0\n parse_args+0xe1/0x230\n load_module+0x8de/0xa60\n init_module_from_file+0x8b/0xd0\n idempotent_init_module+0x181/0x240\n __x64_sys_finit_module+0x5a/0xb0\n do_syscall_64+0x5f/0xe0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:56.818Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/84f1dac960cfa210a3b7a7522e6c2320ae91932b" }, { "url": "https://git.kernel.org/stable/c/5a5c039dac1b1b7ba3e91c791f4421052bf79b82" }, { "url": "https://git.kernel.org/stable/c/989af2f29342a9a7c7515523d879b698ac8465f4" }, { "url": "https://git.kernel.org/stable/c/aee4dcfe17219fe60f2821923adea98549060af8" }, { "url": "https://git.kernel.org/stable/c/fe2a73d57319feab4b3b175945671ce43492172f" }, { "url": "https://git.kernel.org/stable/c/c99a827d3cff9f84e1cb997b7cc6386d107aa74d" }, { "url": "https://git.kernel.org/stable/c/fdfa083549de5d50ebf7f6811f33757781e838c0" } ], "title": "RDMA/srpt: Support specifying the srpt_service_guid parameter", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26744", "datePublished": "2024-04-03T17:00:33.280Z", "dateReserved": "2024-02-19T14:20:24.168Z", "dateUpdated": "2024-11-06T21:08:27.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26776
Vulnerability from cvelistv5
Published
2024-04-03 17:01
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.413Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e94da8aca2e78ef9ecca02eb211869eacd5504e5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0399d7eba41d9b28f5bdd7757ec21a5b7046858d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f19361d570c67e7e014896fa2dacd7d721bf0aa8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d637b5118274701e8448f35953877daf04df18b4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e4168ac25b4bd378bd7dda322d589482a136c1fd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/de8b6e1c231a95abf95ad097b993d34b31458ec9" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26776", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:14.790934Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:54.556Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/spi/spi-hisi-sfc-v3xx.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "e94da8aca2e7", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "0399d7eba41d", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "f19361d570c6", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "d637b5118274", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "e4168ac25b4b", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "de8b6e1c231a", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/spi/spi-hisi-sfc-v3xx.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected\n\nReturn IRQ_NONE from the interrupt handler when no interrupt was\ndetected. Because an empty interrupt will cause a null pointer error:\n\n Unable to handle kernel NULL pointer dereference at virtual\n address 0000000000000008\n Call trace:\n complete+0x54/0x100\n hisi_sfc_v3xx_isr+0x2c/0x40 [spi_hisi_sfc_v3xx]\n __handle_irq_event_percpu+0x64/0x1e0\n handle_irq_event+0x7c/0x1cc" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:36.245Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/e94da8aca2e78ef9ecca02eb211869eacd5504e5" }, { "url": "https://git.kernel.org/stable/c/0399d7eba41d9b28f5bdd7757ec21a5b7046858d" }, { "url": "https://git.kernel.org/stable/c/f19361d570c67e7e014896fa2dacd7d721bf0aa8" }, { "url": "https://git.kernel.org/stable/c/d637b5118274701e8448f35953877daf04df18b4" }, { "url": "https://git.kernel.org/stable/c/e4168ac25b4bd378bd7dda322d589482a136c1fd" }, { "url": "https://git.kernel.org/stable/c/de8b6e1c231a95abf95ad097b993d34b31458ec9" } ], "title": "spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26776", "datePublished": "2024-04-03T17:01:02.116Z", "dateReserved": "2024-02-19T14:20:24.177Z", "dateUpdated": "2024-11-05T09:15:36.245Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26686
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-05 09:13
Severity ?
EPSS score ?
Summary
fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26686", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:03:13.492262Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:23.666Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.556Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cf4b8c39b9a0bd81c47afc7ef62914a62dd5ec4d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/27978243f165b44e342f28f449b91327944ea071" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7601df8031fd67310af891897ef6cc0df4209305" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/proc/array.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "cf4b8c39b9a0", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "27978243f165", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "7601df8031fd", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/proc/array.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.82", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc: do_task_stat: use sig-\u003estats_lock to gather the threads/children stats\n\nlock_task_sighand() can trigger a hard lockup. If NR_CPUS threads call\ndo_task_stat() at the same time and the process has NR_THREADS, it will\nspin with irqs disabled O(NR_CPUS * NR_THREADS) time.\n\nChange do_task_stat() to use sig-\u003estats_lock to gather the statistics\noutside of -\u003esiglock protected section, in the likely case this code will\nrun lockless." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:13:52.973Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/cf4b8c39b9a0bd81c47afc7ef62914a62dd5ec4d" }, { "url": "https://git.kernel.org/stable/c/27978243f165b44e342f28f449b91327944ea071" }, { "url": "https://git.kernel.org/stable/c/7601df8031fd67310af891897ef6cc0df4209305" } ], "title": "fs/proc: do_task_stat: use sig-\u003estats_lock to gather the threads/children stats", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26686", "datePublished": "2024-04-03T14:54:48.530Z", "dateReserved": "2024-02-19T14:20:24.154Z", "dateUpdated": "2024-11-05T09:13:52.973Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26796
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
drivers: perf: ctr_get_width function for legacy is not defined
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e0d17ee872cf8d0f51cc561329b8e1a0aa792bbb" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e4f50e85de5a6b21dfdc0d7ca435eba4f62935c3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/682dc133f83e0194796e6ea72eb642df1c03dfbe" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26796", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:50:49.551123Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:47.808Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/perf/riscv_pmu.c", "drivers/perf/riscv_pmu_legacy.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "e0d17ee872cf", "status": "affected", "version": "cc4c07c89aad", "versionType": "git" }, { "lessThan": "e4f50e85de5a", "status": "affected", "version": "cc4c07c89aad", "versionType": "git" }, { "lessThan": "682dc133f83e", "status": "affected", "version": "cc4c07c89aad", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/perf/riscv_pmu.c", "drivers/perf/riscv_pmu_legacy.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.6" }, { "lessThan": "6.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrivers: perf: ctr_get_width function for legacy is not defined\n\nWith parameters CONFIG_RISCV_PMU_LEGACY=y and CONFIG_RISCV_PMU_SBI=n\nlinux kernel crashes when you try perf record:\n\n$ perf record ls\n[ 46.749286] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 46.750199] Oops [#1]\n[ 46.750342] Modules linked in:\n[ 46.750608] CPU: 0 PID: 107 Comm: perf-exec Not tainted 6.6.0 #2\n[ 46.750906] Hardware name: riscv-virtio,qemu (DT)\n[ 46.751184] epc : 0x0\n[ 46.751430] ra : arch_perf_update_userpage+0x54/0x13e\n[ 46.751680] epc : 0000000000000000 ra : ffffffff8072ee52 sp : ff2000000022b8f0\n[ 46.751958] gp : ffffffff81505988 tp : ff6000000290d400 t0 : ff2000000022b9c0\n[ 46.752229] t1 : 0000000000000001 t2 : 0000000000000003 s0 : ff2000000022b930\n[ 46.752451] s1 : ff600000028fb000 a0 : 0000000000000000 a1 : ff600000028fb000\n[ 46.752673] a2 : 0000000ae2751268 a3 : 00000000004fb708 a4 : 0000000000000004\n[ 46.752895] a5 : 0000000000000000 a6 : 000000000017ffe3 a7 : 00000000000000d2\n[ 46.753117] s2 : ff600000028fb000 s3 : 0000000ae2751268 s4 : 0000000000000000\n[ 46.753338] s5 : ffffffff8153e290 s6 : ff600000863b9000 s7 : ff60000002961078\n[ 46.753562] s8 : ff60000002961048 s9 : ff60000002961058 s10: 0000000000000001\n[ 46.753783] s11: 0000000000000018 t3 : ffffffffffffffff t4 : ffffffffffffffff\n[ 46.754005] t5 : ff6000000292270c t6 : ff2000000022bb30\n[ 46.754179] status: 0000000200000100 badaddr: 0000000000000000 cause: 000000000000000c\n[ 46.754653] Code: Unable to access instruction at 0xffffffffffffffec.\n[ 46.754939] ---[ end trace 0000000000000000 ]---\n[ 46.755131] note: perf-exec[107] exited with irqs disabled\n[ 46.755546] note: perf-exec[107] exited with preempt_count 4\n\nThis happens because in the legacy case the ctr_get_width function was not\ndefined, but it is used in arch_perf_update_userpage.\n\nAlso remove extra check in riscv_pmu_ctr_get_width_mask" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:59.197Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/e0d17ee872cf8d0f51cc561329b8e1a0aa792bbb" }, { "url": "https://git.kernel.org/stable/c/e4f50e85de5a6b21dfdc0d7ca435eba4f62935c3" }, { "url": "https://git.kernel.org/stable/c/682dc133f83e0194796e6ea72eb642df1c03dfbe" } ], "title": "drivers: perf: ctr_get_width function for legacy is not defined", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26796", "datePublished": "2024-04-04T08:20:25.823Z", "dateReserved": "2024-02-19T14:20:24.178Z", "dateUpdated": "2024-11-05T09:15:59.197Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26808
Vulnerability from cvelistv5
Published
2024-04-04 09:50
Modified
2024-11-05 09:16
Severity ?
EPSS score ?
Summary
netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.575Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9489e214ea8f2a90345516016aa51f2db3a8cc2f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/70f17b48c86622217a58d5099d29242fc9adac58" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/af149a46890e8285d1618bd68b8d159bdb87fdb3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/36a0a80f32209238469deb481967d777a3d539ee" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/01acb2e8666a6529697141a6017edbf206921913" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26808", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-07T15:05:25.057476Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-01T15:13:04.455Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/netfilter/nft_chain_filter.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "9489e214ea8f", "status": "affected", "version": "60a3815da702", "versionType": "git" }, { "lessThan": "70f17b48c866", "status": "affected", "version": "60a3815da702", "versionType": "git" }, { "lessThan": "af149a46890e", "status": "affected", "version": "60a3815da702", "versionType": "git" }, { "lessThan": "e5888acbf1a3", "status": "affected", "version": "60a3815da702", "versionType": "git" }, { "lessThan": "36a0a80f3220", "status": "affected", "version": "60a3815da702", "versionType": "git" }, { "lessThan": "01acb2e8666a", "status": "affected", "version": "60a3815da702", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/netfilter/nft_chain_filter.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.10" }, { "lessThan": "5.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.76", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.15", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.3", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain\n\nRemove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER\nevent is reported, otherwise a stale reference to netdevice remains in\nthe hook list." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:16:12.711Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/9489e214ea8f2a90345516016aa51f2db3a8cc2f" }, { "url": "https://git.kernel.org/stable/c/70f17b48c86622217a58d5099d29242fc9adac58" }, { "url": "https://git.kernel.org/stable/c/af149a46890e8285d1618bd68b8d159bdb87fdb3" }, { "url": "https://git.kernel.org/stable/c/e5888acbf1a3d8d021990ce6c6061fd5b2bb21b4" }, { "url": "https://git.kernel.org/stable/c/36a0a80f32209238469deb481967d777a3d539ee" }, { "url": "https://git.kernel.org/stable/c/01acb2e8666a6529697141a6017edbf206921913" } ], "title": "netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26808", "datePublished": "2024-04-04T09:50:26.672Z", "dateReserved": "2024-02-19T14:20:24.179Z", "dateUpdated": "2024-11-05T09:16:12.711Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26753
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
crypto: virtio/akcipher - Fix stack overflow on memcpy
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.229Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/37077ed16c7793e21b005979d33f8a61565b7e86" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/62f361bfea60c6afc3df09c1ad4152e6507f6f47" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b0365460e945e1117b47cf7329d86de752daff63" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ef1e47d50324e232d2da484fe55a54274eeb9bc1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c0ec2a712daf133d9996a8a1b7ee2d4996080363" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26753", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:40.958573Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:15.875Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/crypto/virtio/virtio_crypto_akcipher_algs.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "37077ed16c77", "status": "affected", "version": "1ff57428894f", "versionType": "git" }, { "lessThan": "62f361bfea60", "status": "affected", "version": "59ca6c93387d", "versionType": "git" }, { "lessThan": "b0365460e945", "status": "affected", "version": "59ca6c93387d", "versionType": "git" }, { "lessThan": "ef1e47d50324", "status": "affected", "version": "59ca6c93387d", "versionType": "git" }, { "lessThan": "c0ec2a712daf", "status": "affected", "version": "59ca6c93387d", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/crypto/virtio/virtio_crypto_akcipher_algs.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.18" }, { "lessThan": "5.18", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.212", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: virtio/akcipher - Fix stack overflow on memcpy\n\nsizeof(struct virtio_crypto_akcipher_session_para) is less than\nsizeof(struct virtio_crypto_op_ctrl_req::u), copying more bytes from\nstack variable leads stack overflow. Clang reports this issue by\ncommands:\nmake -j CC=clang-14 mrproper \u003e/dev/null 2\u003e\u00261\nmake -j O=/tmp/crypto-build CC=clang-14 allmodconfig \u003e/dev/null 2\u003e\u00261\nmake -j O=/tmp/crypto-build W=1 CC=clang-14 drivers/crypto/virtio/\n virtio_crypto_akcipher_algs.o" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:06.991Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/37077ed16c7793e21b005979d33f8a61565b7e86" }, { "url": "https://git.kernel.org/stable/c/62f361bfea60c6afc3df09c1ad4152e6507f6f47" }, { "url": "https://git.kernel.org/stable/c/b0365460e945e1117b47cf7329d86de752daff63" }, { "url": "https://git.kernel.org/stable/c/ef1e47d50324e232d2da484fe55a54274eeb9bc1" }, { "url": "https://git.kernel.org/stable/c/c0ec2a712daf133d9996a8a1b7ee2d4996080363" } ], "title": "crypto: virtio/akcipher - Fix stack overflow on memcpy", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26753", "datePublished": "2024-04-03T17:00:38.148Z", "dateReserved": "2024-02-19T14:20:24.169Z", "dateUpdated": "2024-11-05T09:15:06.991Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26693
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
wifi: iwlwifi: mvm: fix a crash when we run out of stations
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26693", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T17:46:36.382649Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:23.460Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.896Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/00f4eb31b8193f6070ce24df636883f9c104ca95" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c12f0f4d4caf23b1bfdc2602b6b70d56bdcd6aa7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b7198383ef2debe748118996f627452281cf27d7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c", "drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "00f4eb31b819", "status": "affected", "version": "57974a55d995", "versionType": "git" }, { "lessThan": "c12f0f4d4caf", "status": "affected", "version": "57974a55d995", "versionType": "git" }, { "lessThan": "b7198383ef2d", "status": "affected", "version": "57974a55d995", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/wireless/intel/iwlwifi/mvm/mac80211.c", "drivers/net/wireless/intel/iwlwifi/mvm/rxmq.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.4" }, { "lessThan": "6.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: fix a crash when we run out of stations\n\nA DoS tool that injects loads of authentication frames made our AP\ncrash. The iwl_mvm_is_dup() function couldn\u0027t find the per-queue\ndup_data which was not allocated.\n\nThe root cause for that is that we ran out of stations in the firmware\nand we didn\u0027t really add the station to the firmware, yet we didn\u0027t\nreturn an error to mac80211.\nMac80211 was thinking that we have the station and because of that,\nsta_info::uploaded was set to 1. This allowed\nieee80211_find_sta_by_ifaddr() to return a valid station object, but\nthat ieee80211_sta didn\u0027t have any iwl_mvm_sta object initialized and\nthat caused the crash mentioned earlier when we got Rx on that station." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:00.815Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/00f4eb31b8193f6070ce24df636883f9c104ca95" }, { "url": "https://git.kernel.org/stable/c/c12f0f4d4caf23b1bfdc2602b6b70d56bdcd6aa7" }, { "url": "https://git.kernel.org/stable/c/b7198383ef2debe748118996f627452281cf27d7" } ], "title": "wifi: iwlwifi: mvm: fix a crash when we run out of stations", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26693", "datePublished": "2024-04-03T14:54:54.165Z", "dateReserved": "2024-02-19T14:20:24.155Z", "dateUpdated": "2024-11-05T09:14:00.815Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26700
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
drm/amd/display: Fix MST Null Ptr for RV
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.975Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/01d992088dce3945f70f49f34b0b911c5213c238" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7407c61f43b66e90ad127d0cdd13cbc9d87141a5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5cd7185d2db76c42a9b7e69adad9591d9fca093f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e6a7df96facdcf5b1f71eb3ec26f2f9f6ad61e57" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26700", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:43.322834Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:28.912Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "01d992088dce", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "7407c61f43b6", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "5cd7185d2db7", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "e6a7df96facd", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.82", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix MST Null Ptr for RV\n\nThe change try to fix below error specific to RV platform:\n\nBUG: kernel NULL pointer dereference, address: 0000000000000008\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2\nHardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022\nRIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\nCode: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 \u003c48\u003e 8\u003e\nRSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\nRDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\nRBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\nR10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\nR13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\nFS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 000000010ddc6000 CR4: 00000000003506e0\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? plist_add+0xbe/0x100\n ? exc_page_fault+0x7c/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n ? drm_dp_atomic_find_time_slots+0x28/0x260 [drm_display_helper 0e67723696438d8e02b741593dd50d80b44c2026]\n compute_mst_dsc_configs_for_link+0x2ff/0xa40 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n ? fill_plane_buffer_attributes+0x419/0x510 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n compute_mst_dsc_configs_for_state+0x1e1/0x250 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n amdgpu_dm_atomic_check+0xecd/0x1190 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n drm_atomic_check_only+0x5c5/0xa40\n drm_mode_atomic_ioctl+0x76e/0xbc0\n ? _copy_to_user+0x25/0x30\n ? drm_ioctl+0x296/0x4b0\n ? __pfx_drm_mode_atomic_ioctl+0x10/0x10\n drm_ioctl_kernel+0xcd/0x170\n drm_ioctl+0x26d/0x4b0\n ? __pfx_drm_mode_atomic_ioctl+0x10/0x10\n amdgpu_drm_ioctl+0x4e/0x90 [amdgpu 62e600d2a75e9158e1cd0a243bdc8e6da040c054]\n __x64_sys_ioctl+0x94/0xd0\n do_syscall_64+0x60/0x90\n ? do_syscall_64+0x6c/0x90\n entry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x7f4dad17f76f\nCode: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 \u003c89\u003e c\u003e\nRSP: 002b:00007ffd9ae859f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 000055e255a55900 RCX: 00007f4dad17f76f\nRDX: 00007ffd9ae85a90 RSI: 00000000c03864bc RDI: 000000000000000b\nRBP: 00007ffd9ae85a90 R08: 0000000000000003 R09: 0000000000000003\nR10: 0000000000000000 R11: 0000000000000246 R12: 00000000c03864bc\nR13: 000000000000000b R14: 000055e255a7fc60 R15: 000055e255a01eb0\n \u003c/TASK\u003e\nModules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device ccm cmac algif_hash algif_skcipher af_alg joydev mousedev bnep \u003e\n typec libphy k10temp ipmi_msghandler roles i2c_scmi acpi_cpufreq mac_hid nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_mas\u003e\nCR2: 0000000000000008\n---[ end trace 0000000000000000 ]---\nRIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_display_helper]\nCode: 01 00 00 48 8b 85 60 05 00 00 48 63 80 88 00 00 00 3b 43 28 0f 8d 2e 01 00 00 48 8b 53 30 48 8d 04 80 48 8d 04 c2 48 8b 40 18 \u003c48\u003e 8\u003e\nRSP: 0018:ffff960cc2df77d8 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: ffff8afb87e81280 RCX: 0000000000000224\nRDX: ffff8afb9ee37c00 RSI: ffff8afb8da1a578 RDI: ffff8afb87e81280\nRBP: ffff8afb83d67000 R08: 0000000000000001 R09: ffff8afb9652f850\nR10: ffff960cc2df7908 R11: 0000000000000002 R12: 0000000000000000\nR13: ffff8afb8d7688a0 R14: ffff8afb8da1a578 R15: 0000000000000224\nFS: 00007f4dac35ce00(0000) GS:ffff8afe30b00000(0000\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:08.770Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/01d992088dce3945f70f49f34b0b911c5213c238" }, { "url": "https://git.kernel.org/stable/c/7407c61f43b66e90ad127d0cdd13cbc9d87141a5" }, { "url": "https://git.kernel.org/stable/c/5cd7185d2db76c42a9b7e69adad9591d9fca093f" }, { "url": "https://git.kernel.org/stable/c/e6a7df96facdcf5b1f71eb3ec26f2f9f6ad61e57" } ], "title": "drm/amd/display: Fix MST Null Ptr for RV", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26700", "datePublished": "2024-04-03T14:54:59.997Z", "dateReserved": "2024-02-19T14:20:24.157Z", "dateUpdated": "2024-11-05T09:14:08.770Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26755
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
md: Don't suspend the array for interrupted reshape
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26755", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:11:19.922447Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:29.538Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.228Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/60d6130d0ac1d883ed93c2a1e10aadb60967fd48" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9e46c70e829bddc24e04f963471e9983a11598b7" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/md/md.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "60d6130d0ac1", "status": "affected", "version": "bc08041b32ab", "versionType": "git" }, { "lessThan": "9e46c70e829b", "status": "affected", "version": "bc08041b32ab", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/md/md.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.7" }, { "lessThan": "6.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\u0027t suspend the array for interrupted reshape\n\nmd_start_sync() will suspend the array if there are spares that can be\nadded or removed from conf, however, if reshape is still in progress,\nthis won\u0027t happen at all or data will be corrupted(remove_and_add_spares\nwon\u0027t be called from md_choose_sync_action for reshape), hence there is\nno need to suspend the array if reshape is not done yet.\n\nMeanwhile, there is a potential deadlock for raid456:\n\n1) reshape is interrupted;\n\n2) set one of the disk WantReplacement, and add a new disk to the array,\n however, recovery won\u0027t start until the reshape is finished;\n\n3) then issue an IO across reshpae position, this IO will wait for\n reshape to make progress;\n\n4) continue to reshape, then md_start_sync() found there is a spare disk\n that can be added to conf, mddev_suspend() is called;\n\nStep 4 and step 3 is waiting for each other, deadlock triggered. Noted\nthis problem is found by code review, and it\u0027s not reporduced yet.\n\nFix this porblem by don\u0027t suspend the array for interrupted reshape,\nthis is safe because conf won\u0027t be changed until reshape is done." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:09.282Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/60d6130d0ac1d883ed93c2a1e10aadb60967fd48" }, { "url": "https://git.kernel.org/stable/c/9e46c70e829bddc24e04f963471e9983a11598b7" } ], "title": "md: Don\u0027t suspend the array for interrupted reshape", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26755", "datePublished": "2024-04-03T17:00:39.888Z", "dateReserved": "2024-02-19T14:20:24.170Z", "dateUpdated": "2024-11-05T09:15:09.282Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26775
Vulnerability from cvelistv5
Published
2024-04-03 17:01
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
aoe: avoid potential deadlock at set_capacity
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.394Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2d623c94fbba3554f4446ba6f3c764994e8b0d26" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/673629018ba04906899dcb631beec34d871f709c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/19a77b27163820f793b4d022979ffdca8f659b77" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e169bd4fb2b36c4b2bee63c35c740c85daeb2e86" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26775", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:17.891108Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:55.155Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/block/aoe/aoeblk.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "2d623c94fbba", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "673629018ba0", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "19a77b271638", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "e169bd4fb2b3", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/block/aoe/aoeblk.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naoe: avoid potential deadlock at set_capacity\n\nMove set_capacity() outside of the section procected by (\u0026d-\u003elock).\nTo avoid possible interrupt unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n[1] lock(\u0026bdev-\u003ebd_size_lock);\n local_irq_disable();\n [2] lock(\u0026d-\u003elock);\n [3] lock(\u0026bdev-\u003ebd_size_lock);\n \u003cInterrupt\u003e\n[4] lock(\u0026d-\u003elock);\n\n *** DEADLOCK ***\n\nWhere [1](\u0026bdev-\u003ebd_size_lock) hold by zram_add()-\u003eset_capacity().\n[2]lock(\u0026d-\u003elock) hold by aoeblk_gdalloc(). And aoeblk_gdalloc()\nis trying to acquire [3](\u0026bdev-\u003ebd_size_lock) at set_capacity() call.\nIn this situation an attempt to acquire [4]lock(\u0026d-\u003elock) from\naoecmd_cfg_rsp() will lead to deadlock.\n\nSo the simplest solution is breaking lock dependency\n[2](\u0026d-\u003elock) -\u003e [3](\u0026bdev-\u003ebd_size_lock) by moving set_capacity()\noutside." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:35.116Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/2d623c94fbba3554f4446ba6f3c764994e8b0d26" }, { "url": "https://git.kernel.org/stable/c/673629018ba04906899dcb631beec34d871f709c" }, { "url": "https://git.kernel.org/stable/c/19a77b27163820f793b4d022979ffdca8f659b77" }, { "url": "https://git.kernel.org/stable/c/e169bd4fb2b36c4b2bee63c35c740c85daeb2e86" } ], "title": "aoe: avoid potential deadlock at set_capacity", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26775", "datePublished": "2024-04-03T17:01:01.299Z", "dateReserved": "2024-02-19T14:20:24.176Z", "dateUpdated": "2024-11-05T09:15:35.116Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26806
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:16
Severity ?
EPSS score ?
Summary
spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26806", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-05T17:28:20.913168Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:23.037Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.643Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/041562ebc4759c9932b59a06527f8753b86da365" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/959043afe53ae80633e810416cee6076da6e91c6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/spi/spi-cadence-quadspi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "041562ebc475", "status": "affected", "version": "0578a6dbfe75", "versionType": "git" }, { "lessThan": "959043afe53a", "status": "affected", "version": "0578a6dbfe75", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/spi/spi-cadence-quadspi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.7" }, { "lessThan": "6.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks\n\nThe -\u003eruntime_suspend() and -\u003eruntime_resume() callbacks are not\nexpected to call spi_controller_suspend() and spi_controller_resume().\nRemove calls to those in the cadence-qspi driver.\n\nThose helpers have two roles currently:\n - They stop/start the queue, including dealing with the kworker.\n - They toggle the SPI controller SPI_CONTROLLER_SUSPENDED flag. It\n requires acquiring ctlr-\u003ebus_lock_mutex.\n\nStep one is irrelevant because cadence-qspi is not queued. Step two\nhowever has two implications:\n - A deadlock occurs, because -\u003eruntime_resume() is called in a context\n where the lock is already taken (in the -\u003eexec_op() callback, where\n the usage count is incremented).\n - It would disallow all operations once the device is auto-suspended.\n\nHere is a brief call tree highlighting the mutex deadlock:\n\nspi_mem_exec_op()\n ...\n spi_mem_access_start()\n mutex_lock(\u0026ctlr-\u003ebus_lock_mutex)\n\n cqspi_exec_mem_op()\n pm_runtime_resume_and_get()\n cqspi_resume()\n spi_controller_resume()\n mutex_lock(\u0026ctlr-\u003ebus_lock_mutex)\n ...\n\n spi_mem_access_end()\n mutex_unlock(\u0026ctlr-\u003ebus_lock_mutex)\n ..." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:16:10.465Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/041562ebc4759c9932b59a06527f8753b86da365" }, { "url": "https://git.kernel.org/stable/c/959043afe53ae80633e810416cee6076da6e91c6" } ], "title": "spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26806", "datePublished": "2024-04-04T08:20:33.512Z", "dateReserved": "2024-02-19T14:20:24.179Z", "dateUpdated": "2024-11-05T09:16:10.465Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26704
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
ext4: fix double-free of blocks due to wrong extents moved_len
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.613Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b4fbb89d722cbb16beaaea234b7230faaaf68c71" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/afbcad9ae7d6d11608399188f03a837451b6b3a1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d033a555d9a1cf53dbf3301af7199cc4a4c8f537" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/afba9d11320dad5ce222ac8964caf64b7b4bedb1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/185eab30486ba3e7bf8b9c2e049c79a06ffd2bc1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2883940b19c38d5884c8626483811acf4d7e148f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/559ddacb90da1d8786dd8ec4fd76bbfa404eaef6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/55583e899a5357308274601364741a83e78d6ac4" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26704", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:39.832740Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:27.505Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/ext4/move_extent.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "b4fbb89d722c", "status": "affected", "version": "fcf6b1b729bc", "versionType": "git" }, { "lessThan": "afbcad9ae7d6", "status": "affected", "version": "fcf6b1b729bc", "versionType": "git" }, { "lessThan": "d033a555d9a1", "status": "affected", "version": "fcf6b1b729bc", "versionType": "git" }, { "lessThan": "afba9d11320d", "status": "affected", "version": "fcf6b1b729bc", "versionType": "git" }, { "lessThan": "185eab30486b", "status": "affected", "version": "fcf6b1b729bc", "versionType": "git" }, { "lessThan": "2883940b19c3", "status": "affected", "version": "fcf6b1b729bc", "versionType": "git" }, { "lessThan": "559ddacb90da", "status": "affected", "version": "fcf6b1b729bc", "versionType": "git" }, { "lessThan": "55583e899a53", "status": "affected", "version": "fcf6b1b729bc", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/ext4/move_extent.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.18" }, { "lessThan": "3.18", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.307", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.269", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix double-free of blocks due to wrong extents moved_len\n\nIn ext4_move_extents(), moved_len is only updated when all moves are\nsuccessfully executed, and only discards orig_inode and donor_inode\npreallocations when moved_len is not zero. When the loop fails to exit\nafter successfully moving some extents, moved_len is not updated and\nremains at 0, so it does not discard the preallocations.\n\nIf the moved extents overlap with the preallocated extents, the\noverlapped extents are freed twice in ext4_mb_release_inode_pa() and\next4_process_freed_data() (as described in commit 94d7c16cbbbd (\"ext4:\nFix double-free of blocks with EXT4_IOC_MOVE_EXT\")), and bb_free is\nincremented twice. Hence when trim is executed, a zero-division bug is\ntriggered in mb_update_avg_fragment_size() because bb_free is not zero\nand bb_fragments is zero.\n\nTherefore, update move_len after each extent move to avoid the issue." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:12.143Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/b4fbb89d722cbb16beaaea234b7230faaaf68c71" }, { "url": "https://git.kernel.org/stable/c/afbcad9ae7d6d11608399188f03a837451b6b3a1" }, { "url": "https://git.kernel.org/stable/c/d033a555d9a1cf53dbf3301af7199cc4a4c8f537" }, { "url": "https://git.kernel.org/stable/c/afba9d11320dad5ce222ac8964caf64b7b4bedb1" }, { "url": "https://git.kernel.org/stable/c/185eab30486ba3e7bf8b9c2e049c79a06ffd2bc1" }, { "url": "https://git.kernel.org/stable/c/2883940b19c38d5884c8626483811acf4d7e148f" }, { "url": "https://git.kernel.org/stable/c/559ddacb90da1d8786dd8ec4fd76bbfa404eaef6" }, { "url": "https://git.kernel.org/stable/c/55583e899a5357308274601364741a83e78d6ac4" } ], "title": "ext4: fix double-free of blocks due to wrong extents moved_len", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26704", "datePublished": "2024-04-03T14:55:02.672Z", "dateReserved": "2024-02-19T14:20:24.158Z", "dateUpdated": "2024-11-05T09:14:12.143Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26723
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
lan966x: Fix crash when adding interface under a lag
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "b9357489c46c", "status": "affected", "version": "cabc9d49333d", "versionType": "custom" }, { "lessThan": "48fae67d8374", "status": "affected", "version": "cabc9d49333d", "versionType": "custom" }, { "lessThan": "2a492f01228b", "status": "affected", "version": "cabc9d49333d", "versionType": "custom" }, { "lessThan": "15faa1f67ab4", "status": "affected", "version": "cabc9d49333d", "versionType": "custom" }, { "status": "affected", "version": "6.1" }, { "lessThan": "6.1", "status": "unaffected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "6.2", "status": "unaffected", "version": "6.1.79", "versionType": "custom" }, { "lessThanOrEqual": "6.7", "status": "unaffected", "version": "6.6.18", "versionType": "custom" }, { "lessThanOrEqual": "6.8", "status": "unaffected", "version": "6.76", "versionType": "custom" }, { "lessThanOrEqual": "6.8", "status": "unaffected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26723", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-16T14:40:24.360692Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-16T14:53:54.712Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.203Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b9357489c46c7a43999964628db8b47d3a1f8672" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/48fae67d837488c87379f0c9f27df7391718477c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2a492f01228b7d091dfe38974ef40dccf8f9f2f1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/15faa1f67ab405d47789d4702f587ec7df7ef03e" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/microchip/lan966x/lan966x_lag.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "b9357489c46c", "status": "affected", "version": "cabc9d49333d", "versionType": "git" }, { "lessThan": "48fae67d8374", "status": "affected", "version": "cabc9d49333d", "versionType": "git" }, { "lessThan": "2a492f01228b", "status": "affected", "version": "cabc9d49333d", "versionType": "git" }, { "lessThan": "15faa1f67ab4", "status": "affected", "version": "cabc9d49333d", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/microchip/lan966x/lan966x_lag.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.1" }, { "lessThan": "6.1", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlan966x: Fix crash when adding interface under a lag\n\nThere is a crash when adding one of the lan966x interfaces under a lag\ninterface. The issue can be reproduced like this:\nip link add name bond0 type bond miimon 100 mode balance-xor\nip link set dev eth0 master bond0\n\nThe reason is because when adding a interface under the lag it would go\nthrough all the ports and try to figure out which other ports are under\nthat lag interface. And the issue is that lan966x can have ports that are\nNULL pointer as they are not probed. So then iterating over these ports\nit would just crash as they are NULL pointers.\nThe fix consists in actually checking for NULL pointers before accessing\nsomething from the ports. Like we do in other places." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:33.346Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/b9357489c46c7a43999964628db8b47d3a1f8672" }, { "url": "https://git.kernel.org/stable/c/48fae67d837488c87379f0c9f27df7391718477c" }, { "url": "https://git.kernel.org/stable/c/2a492f01228b7d091dfe38974ef40dccf8f9f2f1" }, { "url": "https://git.kernel.org/stable/c/15faa1f67ab405d47789d4702f587ec7df7ef03e" } ], "title": "lan966x: Fix crash when adding interface under a lag", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26723", "datePublished": "2024-04-03T14:55:22.529Z", "dateReserved": "2024-02-19T14:20:24.163Z", "dateUpdated": "2024-11-05T09:14:33.346Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26765
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
LoongArch: Disable IRQ before init_fn() for nonboot CPUs
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.363Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a262b78dd085dbe9b3c75dc1d9c4cd102b110b53" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/dffdf7c783ef291eef38a5a0037584fd1a7fa464" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8bf2ca8c60712af288b88ba80f8e4df4573d923f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1001db6c42e4012b55e5ee19405490f23e033b5a" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26765", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:28.140835Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:11.854Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/loongarch/kernel/smp.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "a262b78dd085", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "dffdf7c783ef", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "8bf2ca8c6071", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "1001db6c42e4", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/loongarch/kernel/smp.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Disable IRQ before init_fn() for nonboot CPUs\n\nDisable IRQ before init_fn() for nonboot CPUs when hotplug, in order to\nsilence such warnings (and also avoid potential errors due to unexpected\ninterrupts):\n\nWARNING: CPU: 1 PID: 0 at kernel/rcu/tree.c:4503 rcu_cpu_starting+0x214/0x280\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.6.17+ #1198\npc 90000000048e3334 ra 90000000047bd56c tp 900000010039c000 sp 900000010039fdd0\na0 0000000000000001 a1 0000000000000006 a2 900000000802c040 a3 0000000000000000\na4 0000000000000001 a5 0000000000000004 a6 0000000000000000 a7 90000000048e3f4c\nt0 0000000000000001 t1 9000000005c70968 t2 0000000004000000 t3 000000000005e56e\nt4 00000000000002e4 t5 0000000000001000 t6 ffffffff80000000 t7 0000000000040000\nt8 9000000007931638 u0 0000000000000006 s9 0000000000000004 s0 0000000000000001\ns1 9000000006356ac0 s2 9000000007244000 s3 0000000000000001 s4 0000000000000001\ns5 900000000636f000 s6 7fffffffffffffff s7 9000000002123940 s8 9000000001ca55f8\n ra: 90000000047bd56c tlb_init+0x24c/0x528\n ERA: 90000000048e3334 rcu_cpu_starting+0x214/0x280\n CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n PRMD: 00000000 (PPLV0 -PIE -PWE)\n EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n ECFG: 00071000 (LIE=12 VS=7)\nESTAT: 000c0000 [BRK] (IS= ECode=12 EsubCode=0)\n PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.6.17+ #1198\nStack : 0000000000000000 9000000006375000 9000000005b61878 900000010039c000\n 900000010039fa30 0000000000000000 900000010039fa38 900000000619a140\n 9000000006456888 9000000006456880 900000010039f950 0000000000000001\n 0000000000000001 cb0cb028ec7e52e1 0000000002b90000 9000000100348700\n 0000000000000000 0000000000000001 ffffffff916d12f1 0000000000000003\n 0000000000040000 9000000007930370 0000000002b90000 0000000000000004\n 9000000006366000 900000000619a140 0000000000000000 0000000000000004\n 0000000000000000 0000000000000009 ffffffffffc681f2 9000000002123940\n 9000000001ca55f8 9000000006366000 90000000047a4828 00007ffff057ded8\n 00000000000000b0 0000000000000000 0000000000000000 0000000000071000\n ...\nCall Trace:\n[\u003c90000000047a4828\u003e] show_stack+0x48/0x1a0\n[\u003c9000000005b61874\u003e] dump_stack_lvl+0x84/0xcc\n[\u003c90000000047f60ac\u003e] __warn+0x8c/0x1e0\n[\u003c9000000005b0ab34\u003e] report_bug+0x1b4/0x280\n[\u003c9000000005b63110\u003e] do_bp+0x2d0/0x480\n[\u003c90000000047a2e20\u003e] handle_bp+0x120/0x1c0\n[\u003c90000000048e3334\u003e] rcu_cpu_starting+0x214/0x280\n[\u003c90000000047bd568\u003e] tlb_init+0x248/0x528\n[\u003c90000000047a4c44\u003e] per_cpu_trap_init+0x124/0x160\n[\u003c90000000047a19f4\u003e] cpu_probe+0x494/0xa00\n[\u003c90000000047b551c\u003e] start_secondary+0x3c/0xc0\n[\u003c9000000005b66134\u003e] smpboot_entry+0x50/0x58" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:20.659Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/a262b78dd085dbe9b3c75dc1d9c4cd102b110b53" }, { "url": "https://git.kernel.org/stable/c/dffdf7c783ef291eef38a5a0037584fd1a7fa464" }, { "url": "https://git.kernel.org/stable/c/8bf2ca8c60712af288b88ba80f8e4df4573d923f" }, { "url": "https://git.kernel.org/stable/c/1001db6c42e4012b55e5ee19405490f23e033b5a" } ], "title": "LoongArch: Disable IRQ before init_fn() for nonboot CPUs", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26765", "datePublished": "2024-04-03T17:00:47.888Z", "dateReserved": "2024-02-19T14:20:24.172Z", "dateUpdated": "2024-11-05T09:15:20.659Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26747
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 14:42
Severity ?
EPSS score ?
Summary
usb: roles: fix NULL pointer issue when put module's reference
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26747", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T15:42:38.862129Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T14:42:09.529Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.305Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e279bf8e51893e1fe160b3d8126ef2dd00f661e1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ef982fc41055fcebb361a92288d3225783d12913" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4b45829440b1b208948b39cc71f77a37a2536734" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/01f82de440f2ab07c259b7573371e1c42e5565db" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1c9be13846c0b2abc2480602f8ef421360e1ad9e" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/usb/roles/class.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "e279bf8e5189", "status": "affected", "version": "5c54fcac9a9d", "versionType": "git" }, { "lessThan": "ef982fc41055", "status": "affected", "version": "5c54fcac9a9d", "versionType": "git" }, { "lessThan": "0158216805ca", "status": "affected", "version": "5c54fcac9a9d", "versionType": "git" }, { "lessThan": "4b45829440b1", "status": "affected", "version": "5c54fcac9a9d", "versionType": "git" }, { "lessThan": "01f82de440f2", "status": "affected", "version": "5c54fcac9a9d", "versionType": "git" }, { "lessThan": "1c9be13846c0", "status": "affected", "version": "5c54fcac9a9d", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/usb/roles/class.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.19" }, { "lessThan": "4.19", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: roles: fix NULL pointer issue when put module\u0027s reference\n\nIn current design, usb role class driver will get usb_role_switch parent\u0027s\nmodule reference after the user get usb_role_switch device and put the\nreference after the user put the usb_role_switch device. However, the\nparent device of usb_role_switch may be removed before the user put the\nusb_role_switch. If so, then, NULL pointer issue will be met when the user\nput the parent module\u0027s reference.\n\nThis will save the module pointer in structure of usb_role_switch. Then,\nwe don\u0027t need to find module by iterating long relations." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:00.174Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/e279bf8e51893e1fe160b3d8126ef2dd00f661e1" }, { "url": "https://git.kernel.org/stable/c/ef982fc41055fcebb361a92288d3225783d12913" }, { "url": "https://git.kernel.org/stable/c/0158216805ca7e498d07de38840d2732166ae5fa" }, { "url": "https://git.kernel.org/stable/c/4b45829440b1b208948b39cc71f77a37a2536734" }, { "url": "https://git.kernel.org/stable/c/01f82de440f2ab07c259b7573371e1c42e5565db" }, { "url": "https://git.kernel.org/stable/c/1c9be13846c0b2abc2480602f8ef421360e1ad9e" } ], "title": "usb: roles: fix NULL pointer issue when put module\u0027s reference", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26747", "datePublished": "2024-04-03T17:00:34.066Z", "dateReserved": "2024-02-19T14:20:24.168Z", "dateUpdated": "2024-11-05T14:42:09.529Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26800
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:16
Severity ?
EPSS score ?
Summary
tls: fix use-after-free on failed backlog decryption
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26800", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-31T20:01:08.576744Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-31T20:01:16.218Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.534Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/81be85353b0f5a7b660635634b655329b429eefe" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/tls/tls_sw.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f2b85a4cc763", "status": "affected", "version": "cd1bbca03f3c", "versionType": "git" }, { "lessThan": "81be85353b0f", "status": "affected", "version": "13eca403876b", "versionType": "git" }, { "lessThan": "1ac9fb84bc7e", "status": "affected", "version": "ab6397f072e5", "versionType": "git" }, { "lessThan": "13114dc55430", "status": "affected", "version": "859054147318", "versionType": "git" } ] }, { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/tls/tls_sw.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "6.6.21", "status": "affected", "version": "6.6.18", "versionType": "semver" }, { "lessThan": "6.7.9", "status": "affected", "version": "6.7.6", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix use-after-free on failed backlog decryption\n\nWhen the decrypt request goes to the backlog and crypto_aead_decrypt\nreturns -EBUSY, tls_do_decryption will wait until all async\ndecryptions have completed. If one of them fails, tls_do_decryption\nwill return -EBADMSG and tls_decrypt_sg jumps to the error path,\nreleasing all the pages. But the pages have been passed to the async\ncallback, and have already been released by tls_decrypt_done.\n\nThe only true async case is when crypto_aead_decrypt returns\n -EINPROGRESS. With -EBUSY, we already waited so we can tell\ntls_sw_recvmsg that the data is available for immediate copy, but we\nneed to notify tls_decrypt_sg (via the new -\u003easync_done flag) that the\nmemory has already been released." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:16:03.786Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f2b85a4cc763841843de693bbd7308fe9a2c4c89" }, { "url": "https://git.kernel.org/stable/c/81be85353b0f5a7b660635634b655329b429eefe" }, { "url": "https://git.kernel.org/stable/c/1ac9fb84bc7ecd4bc6428118301d9d864d2a58d1" }, { "url": "https://git.kernel.org/stable/c/13114dc5543069f7b97991e3b79937b6da05f5b0" } ], "title": "tls: fix use-after-free on failed backlog decryption", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26800", "datePublished": "2024-04-04T08:20:28.554Z", "dateReserved": "2024-02-19T14:20:24.179Z", "dateUpdated": "2024-11-05T09:16:03.786Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26790
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26790", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T16:24:55.798835Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:16.312Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.493Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/518d78b4fac68cac29a263554d7f3b19da99d0da" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bb3a06e9b9a30e33d96aadc0e077be095a4f8580" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/106c1ac953a66556ec77456c46e818208d3a9bce" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/237ecf1afe6c22534fa43abdf2bf0b0f52de0aaa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5b696e9c388251f1c7373be92293769a489fd367" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ad2f8920c314e0a2d9e984fc94b729eca3cda471" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9d739bccf261dd93ec1babf82f5c5d71dd4caa3e" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/dma/fsl-qdma.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "518d78b4fac6", "status": "affected", "version": "b092529e0aa0", "versionType": "git" }, { "lessThan": "bb3a06e9b9a3", "status": "affected", "version": "b092529e0aa0", "versionType": "git" }, { "lessThan": "106c1ac953a6", "status": "affected", "version": "b092529e0aa0", "versionType": "git" }, { "lessThan": "237ecf1afe6c", "status": "affected", "version": "b092529e0aa0", "versionType": "git" }, { "lessThan": "5b696e9c3882", "status": "affected", "version": "b092529e0aa0", "versionType": "git" }, { "lessThan": "ad2f8920c314", "status": "affected", "version": "b092529e0aa0", "versionType": "git" }, { "lessThan": "9d739bccf261", "status": "affected", "version": "b092529e0aa0", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/dma/fsl-qdma.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.1" }, { "lessThan": "5.1", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.271", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.212", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.151", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read\n\nThere is chip (ls1028a) errata:\n\nThe SoC may hang on 16 byte unaligned read transactions by QDMA.\n\nUnaligned read transactions initiated by QDMA may stall in the NOC\n(Network On-Chip), causing a deadlock condition. Stalled transactions will\ntrigger completion timeouts in PCIe controller.\n\nWorkaround:\nEnable prefetch by setting the source descriptor prefetchable bit\n( SD[PF] = 1 ).\n\nImplement this workaround." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:52.396Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/518d78b4fac68cac29a263554d7f3b19da99d0da" }, { "url": "https://git.kernel.org/stable/c/bb3a06e9b9a30e33d96aadc0e077be095a4f8580" }, { "url": "https://git.kernel.org/stable/c/106c1ac953a66556ec77456c46e818208d3a9bce" }, { "url": "https://git.kernel.org/stable/c/237ecf1afe6c22534fa43abdf2bf0b0f52de0aaa" }, { "url": "https://git.kernel.org/stable/c/5b696e9c388251f1c7373be92293769a489fd367" }, { "url": "https://git.kernel.org/stable/c/ad2f8920c314e0a2d9e984fc94b729eca3cda471" }, { "url": "https://git.kernel.org/stable/c/9d739bccf261dd93ec1babf82f5c5d71dd4caa3e" } ], "title": "dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26790", "datePublished": "2024-04-04T08:20:21.742Z", "dateReserved": "2024-02-19T14:20:24.178Z", "dateUpdated": "2024-11-05T09:15:52.396Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26785
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-07 18:54
Severity ?
EPSS score ?
Summary
iommufd: Fix protection fault in iommufd_test_syz_conv_iova
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26785", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T15:19:21.902975Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-07T18:54:48.729Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.352Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fc719ecbca45c9c046640d72baddba3d83e0bc0b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cf7c2789822db8b5efa34f5ebcf1621bc0008d48" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/iommu/iommufd/selftest.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "fd4d5cd7a2e8", "status": "affected", "version": "9227da7816dd", "versionType": "git" }, { "lessThan": "fc719ecbca45", "status": "affected", "version": "9227da7816dd", "versionType": "git" }, { "lessThan": "cf7c2789822d", "status": "affected", "version": "9227da7816dd", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/iommu/iommufd/selftest.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.6" }, { "lessThan": "6.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.55", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Fix protection fault in iommufd_test_syz_conv_iova\n\nSyzkaller reported the following bug:\n\n general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN\n KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7]\n Call Trace:\n lock_acquire\n lock_acquire+0x1ce/0x4f0\n down_read+0x93/0x4a0\n iommufd_test_syz_conv_iova+0x56/0x1f0\n iommufd_test_access_rw.isra.0+0x2ec/0x390\n iommufd_test+0x1058/0x1e30\n iommufd_fops_ioctl+0x381/0x510\n vfs_ioctl\n __do_sys_ioctl\n __se_sys_ioctl\n __x64_sys_ioctl+0x170/0x1e0\n do_syscall_x64\n do_syscall_64+0x71/0x140\n\nThis is because the new iommufd_access_change_ioas() sets access-\u003eioas to\nNULL during its process, so the lock might be gone in a concurrent racing\ncontext.\n\nFix this by doing the same access-\u003eioas sanity as iommufd_access_rw() and\niommufd_access_pin_pages() functions do." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:46.645Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/fd4d5cd7a2e8f08357c9bfc0905957cffe8ce568" }, { "url": "https://git.kernel.org/stable/c/fc719ecbca45c9c046640d72baddba3d83e0bc0b" }, { "url": "https://git.kernel.org/stable/c/cf7c2789822db8b5efa34f5ebcf1621bc0008d48" } ], "title": "iommufd: Fix protection fault in iommufd_test_syz_conv_iova", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26785", "datePublished": "2024-04-04T08:20:18.467Z", "dateReserved": "2024-02-19T14:20:24.178Z", "dateUpdated": "2024-11-07T18:54:48.729Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26734
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
devlink: fix possible use-after-free and memory leaks in devlink_init()
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.249Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/919092bd5482b7070ae66d1daef73b600738f3a2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e91d3561e28d7665f4f837880501dc8755f635a9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/def689fc26b9a9622d2e2cb0c4933dd3b1c8071c" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26734", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:57.238703Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:19.585Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/devlink/core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "919092bd5482", "status": "affected", "version": "687125b5799c", "versionType": "git" }, { "lessThan": "e91d3561e28d", "status": "affected", "version": "687125b5799c", "versionType": "git" }, { "lessThan": "def689fc26b9", "status": "affected", "version": "687125b5799c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/devlink/core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.3" }, { "lessThan": "6.3", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndevlink: fix possible use-after-free and memory leaks in devlink_init()\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family.\n\nMake an unregister in case of unsuccessful registration." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:45.609Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/919092bd5482b7070ae66d1daef73b600738f3a2" }, { "url": "https://git.kernel.org/stable/c/e91d3561e28d7665f4f837880501dc8755f635a9" }, { "url": "https://git.kernel.org/stable/c/def689fc26b9a9622d2e2cb0c4933dd3b1c8071c" } ], "title": "devlink: fix possible use-after-free and memory leaks in devlink_init()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26734", "datePublished": "2024-04-03T17:00:21.162Z", "dateReserved": "2024-02-19T14:20:24.165Z", "dateUpdated": "2024-11-05T09:14:45.609Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26726
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
btrfs: don't drop extent_map for free space inode on write error
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26726", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:10:16.242115Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:45.957Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.173Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/02f2b95b00bf57d20320ee168b30fb7f3db8e555" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7bddf18f474f166c19f91b2baf67bf7c5eda03f7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a4b7741c8302e28073bfc6dd1c2e73598e5e535e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5571e41ec6e56e35f34ae9f5b3a335ef510e0ade" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/btrfs/inode.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "02f2b95b00bf", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "7bddf18f474f", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "a4b7741c8302", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "5571e41ec6e5", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/btrfs/inode.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: don\u0027t drop extent_map for free space inode on write error\n\nWhile running the CI for an unrelated change I hit the following panic\nwith generic/648 on btrfs_holes_spacecache.\n\nassertion failed: block_start != EXTENT_MAP_HOLE, in fs/btrfs/extent_io.c:1385\n------------[ cut here ]------------\nkernel BUG at fs/btrfs/extent_io.c:1385!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nCPU: 1 PID: 2695096 Comm: fsstress Kdump: loaded Tainted: G W 6.8.0-rc2+ #1\nRIP: 0010:__extent_writepage_io.constprop.0+0x4c1/0x5c0\nCall Trace:\n \u003cTASK\u003e\n extent_write_cache_pages+0x2ac/0x8f0\n extent_writepages+0x87/0x110\n do_writepages+0xd5/0x1f0\n filemap_fdatawrite_wbc+0x63/0x90\n __filemap_fdatawrite_range+0x5c/0x80\n btrfs_fdatawrite_range+0x1f/0x50\n btrfs_write_out_cache+0x507/0x560\n btrfs_write_dirty_block_groups+0x32a/0x420\n commit_cowonly_roots+0x21b/0x290\n btrfs_commit_transaction+0x813/0x1360\n btrfs_sync_file+0x51a/0x640\n __x64_sys_fdatasync+0x52/0x90\n do_syscall_64+0x9c/0x190\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nThis happens because we fail to write out the free space cache in one\ninstance, come back around and attempt to write it again. However on\nthe second pass through we go to call btrfs_get_extent() on the inode to\nget the extent mapping. Because this is a new block group, and with the\nfree space inode we always search the commit root to avoid deadlocking\nwith the tree, we find nothing and return a EXTENT_MAP_HOLE for the\nrequested range.\n\nThis happens because the first time we try to write the space cache out\nwe hit an error, and on an error we drop the extent mapping. This is\nnormal for normal files, but the free space cache inode is special. We\nalways expect the extent map to be correct. Thus the second time\nthrough we end up with a bogus extent map.\n\nSince we\u0027re deprecating this feature, the most straightforward way to\nfix this is to simply skip dropping the extent map range for this failed\nrange.\n\nI shortened the test by using error injection to stress the area to make\nit easier to reproduce. With this patch in place we no longer panic\nwith my error injection test." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:36.731Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/02f2b95b00bf57d20320ee168b30fb7f3db8e555" }, { "url": "https://git.kernel.org/stable/c/7bddf18f474f166c19f91b2baf67bf7c5eda03f7" }, { "url": "https://git.kernel.org/stable/c/a4b7741c8302e28073bfc6dd1c2e73598e5e535e" }, { "url": "https://git.kernel.org/stable/c/5571e41ec6e56e35f34ae9f5b3a335ef510e0ade" } ], "title": "btrfs: don\u0027t drop extent_map for free space inode on write error", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26726", "datePublished": "2024-04-03T14:55:24.983Z", "dateReserved": "2024-02-19T14:20:24.163Z", "dateUpdated": "2024-11-05T09:14:36.731Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26711
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
iio: adc: ad4130: zero-initialize clock init data
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.913Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0e0dab37750926d4fb0144edb1c1ea0612fea273" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/02876e2df02f8b17a593d77a0a7879a8109b27e1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a22b0a2be69a36511cb5b37d948b651ddf7debf3" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26711", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:32.878316Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:25.830Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/iio/adc/ad4130.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "0e0dab377509", "status": "affected", "version": "62094060cf3a", "versionType": "git" }, { "lessThan": "02876e2df02f", "status": "affected", "version": "62094060cf3a", "versionType": "git" }, { "lessThan": "a22b0a2be69a", "status": "affected", "version": "62094060cf3a", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/iio/adc/ad4130.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.2" }, { "lessThan": "6.2", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad4130: zero-initialize clock init data\n\nThe clk_init_data struct does not have all its members\ninitialized, causing issues when trying to expose the internal\nclock on the CLK pin.\n\nFix this by zero-initializing the clk_init_data struct." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:19.909Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/0e0dab37750926d4fb0144edb1c1ea0612fea273" }, { "url": "https://git.kernel.org/stable/c/02876e2df02f8b17a593d77a0a7879a8109b27e1" }, { "url": "https://git.kernel.org/stable/c/a22b0a2be69a36511cb5b37d948b651ddf7debf3" } ], "title": "iio: adc: ad4130: zero-initialize clock init data", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26711", "datePublished": "2024-04-03T14:55:13.488Z", "dateReserved": "2024-02-19T14:20:24.159Z", "dateUpdated": "2024-11-05T09:14:19.909Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26799
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:16
Severity ?
EPSS score ?
Summary
ASoC: qcom: Fix uninitialized pointer dmactl
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26799", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T15:07:57.653434Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-01T14:54:06.205Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.565Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/99adc8b4d2f38bf0d06483ec845bc48f60c3f8cf" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d5a7726e6ea62d447b79ab5baeb537ea6bdb225b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1382d8b55129875b2e07c4d2a7ebc790183769ee" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "sound/soc/qcom/lpass-cdc-dma.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "99adc8b4d2f3", "status": "affected", "version": "b81af585ea54", "versionType": "git" }, { "lessThan": "d5a7726e6ea6", "status": "affected", "version": "b81af585ea54", "versionType": "git" }, { "lessThan": "1382d8b55129", "status": "affected", "version": "b81af585ea54", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "sound/soc/qcom/lpass-cdc-dma.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.18" }, { "lessThan": "5.18", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: Fix uninitialized pointer dmactl\n\nIn the case where __lpass_get_dmactl_handle is called and the driver\nid dai_id is invalid the pointer dmactl is not being assigned a value,\nand dmactl contains a garbage value since it has not been initialized\nand so the null check may not work. Fix this to initialize dmactl to\nNULL. One could argue that modern compilers will set this to zero, but\nit is useful to keep this initialized as per the same way in functions\n__lpass_platform_codec_intf_init and lpass_cdc_dma_daiops_hw_params.\n\nCleans up clang scan build warning:\nsound/soc/qcom/lpass-cdc-dma.c:275:7: warning: Branch condition\nevaluates to a garbage value [core.uninitialized.Branch]" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:16:02.668Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/99adc8b4d2f38bf0d06483ec845bc48f60c3f8cf" }, { "url": "https://git.kernel.org/stable/c/d5a7726e6ea62d447b79ab5baeb537ea6bdb225b" }, { "url": "https://git.kernel.org/stable/c/1382d8b55129875b2e07c4d2a7ebc790183769ee" } ], "title": "ASoC: qcom: Fix uninitialized pointer dmactl", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26799", "datePublished": "2024-04-04T08:20:27.888Z", "dateReserved": "2024-02-19T14:20:24.179Z", "dateUpdated": "2024-11-05T09:16:02.668Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26751
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
ARM: ep93xx: Add terminator to gpiod_lookup_table
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26751", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:36:01.250592Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:52.747Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.203Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9e200a06ae2abb321939693008290af32b33dd6e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/999a8bb70da2946336327b4480824d1691cae1fa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/70d92abbe29692a3de8697ae082c60f2d21ab482" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/eec6cbbfa1e8d685cc245cfd5626d0715a127a48" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/786f089086b505372fb3f4f008d57e7845fff0d8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/97ba7c1f9c0a2401e644760d857b2386aa895997" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6abe0895b63c20de06685c8544b908c7e413efa8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fdf87a0dc26d0550c60edc911cda42f9afec3557" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/arm/mach-ep93xx/core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "9e200a06ae2a", "status": "affected", "version": "b2e63555592f", "versionType": "git" }, { "lessThan": "999a8bb70da2", "status": "affected", "version": "b2e63555592f", "versionType": "git" }, { "lessThan": "70d92abbe296", "status": "affected", "version": "b2e63555592f", "versionType": "git" }, { "lessThan": "eec6cbbfa1e8", "status": "affected", "version": "b2e63555592f", "versionType": "git" }, { "lessThan": "786f089086b5", "status": "affected", "version": "b2e63555592f", "versionType": "git" }, { "lessThan": "97ba7c1f9c0a", "status": "affected", "version": "b2e63555592f", "versionType": "git" }, { "lessThan": "6abe0895b63c", "status": "affected", "version": "b2e63555592f", "versionType": "git" }, { "lessThan": "fdf87a0dc26d", "status": "affected", "version": "b2e63555592f", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/arm/mach-ep93xx/core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.15" }, { "lessThan": "4.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.308", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: ep93xx: Add terminator to gpiod_lookup_table\n\nWithout the terminator, if a con_id is passed to gpio_find() that\ndoes not exist in the lookup table the function will not stop looping\ncorrectly, and eventually cause an oops." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:04.741Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/9e200a06ae2abb321939693008290af32b33dd6e" }, { "url": "https://git.kernel.org/stable/c/999a8bb70da2946336327b4480824d1691cae1fa" }, { "url": "https://git.kernel.org/stable/c/70d92abbe29692a3de8697ae082c60f2d21ab482" }, { "url": "https://git.kernel.org/stable/c/eec6cbbfa1e8d685cc245cfd5626d0715a127a48" }, { "url": "https://git.kernel.org/stable/c/786f089086b505372fb3f4f008d57e7845fff0d8" }, { "url": "https://git.kernel.org/stable/c/97ba7c1f9c0a2401e644760d857b2386aa895997" }, { "url": "https://git.kernel.org/stable/c/6abe0895b63c20de06685c8544b908c7e413efa8" }, { "url": "https://git.kernel.org/stable/c/fdf87a0dc26d0550c60edc911cda42f9afec3557" } ], "title": "ARM: ep93xx: Add terminator to gpiod_lookup_table", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26751", "datePublished": "2024-04-03T17:00:36.523Z", "dateReserved": "2024-02-19T14:20:24.169Z", "dateUpdated": "2024-11-05T09:15:04.741Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26791
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
btrfs: dev-replace: properly validate device names
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.455Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/11d7a2e429c02d51e2dc90713823ea8b8d3d3a84" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c6652e20d7d783d060fe5f987eac7b5cabe31311" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2886fe308a83968dde252302884a1e63351cf16d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ab2d68655d0f04650bef09fee948ff80597c5fb9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f590040ce2b712177306b03c2a63b16f7d48d3c8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b1690ced4d2d8b28868811fb81cd33eee5aefee1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/343eecb4ff49a7b1cc1dfe86958a805cf2341cfb" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9845664b9ee47ce7ee7ea93caf47d39a9d4552c4" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26791", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:50:58.820208Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:50.626Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/btrfs/dev-replace.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "11d7a2e429c0", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "c6652e20d7d7", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "2886fe308a83", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "ab2d68655d0f", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "f590040ce2b7", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "b1690ced4d2d", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "343eecb4ff49", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "9845664b9ee4", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/btrfs/dev-replace.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.309", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.271", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.212", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.151", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: dev-replace: properly validate device names\n\nThere\u0027s a syzbot report that device name buffers passed to device\nreplace are not properly checked for string termination which could lead\nto a read out of bounds in getname_kernel().\n\nAdd a helper that validates both source and target device name buffers.\nFor devid as the source initialize the buffer to empty string in case\nsomething tries to read it later.\n\nThis was originally analyzed and fixed in a different way by Edward Adam\nDavis (see links)." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:53.595Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/11d7a2e429c02d51e2dc90713823ea8b8d3d3a84" }, { "url": "https://git.kernel.org/stable/c/c6652e20d7d783d060fe5f987eac7b5cabe31311" }, { "url": "https://git.kernel.org/stable/c/2886fe308a83968dde252302884a1e63351cf16d" }, { "url": "https://git.kernel.org/stable/c/ab2d68655d0f04650bef09fee948ff80597c5fb9" }, { "url": "https://git.kernel.org/stable/c/f590040ce2b712177306b03c2a63b16f7d48d3c8" }, { "url": "https://git.kernel.org/stable/c/b1690ced4d2d8b28868811fb81cd33eee5aefee1" }, { "url": "https://git.kernel.org/stable/c/343eecb4ff49a7b1cc1dfe86958a805cf2341cfb" }, { "url": "https://git.kernel.org/stable/c/9845664b9ee47ce7ee7ea93caf47d39a9d4552c4" } ], "title": "btrfs: dev-replace: properly validate device names", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26791", "datePublished": "2024-04-04T08:20:22.374Z", "dateReserved": "2024-02-19T14:20:24.178Z", "dateUpdated": "2024-11-05T09:15:53.595Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26710
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
powerpc/kasan: Limit KASAN thread size increase to 32KB
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26710", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T17:38:18.725321Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T19:09:54.006Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.978Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4297217bcf1f0948a19c2bacc6b68d92e7778ad9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4cc31fa07445879a13750cb061bb8c2654975fcb" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b29b16bd836a838b7690f80e37f8376414c74cbe" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f1acb109505d983779bbb7e20a1ee6244d2b5736" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/powerpc/include/asm/thread_info.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "4297217bcf1f", "status": "affected", "version": "9ccf64e763ac", "versionType": "git" }, { "lessThan": "4cc31fa07445", "status": "affected", "version": "b38014874530", "versionType": "git" }, { "lessThan": "b29b16bd836a", "status": "affected", "version": "58f396513cb1", "versionType": "git" }, { "lessThan": "f1acb109505d", "status": "affected", "version": "18f14afe2816", "versionType": "git" } ] }, { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/powerpc/include/asm/thread_info.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "6.1.79", "status": "affected", "version": "6.1.75", "versionType": "semver" }, { "lessThan": "6.6.18", "status": "affected", "version": "6.6.14", "versionType": "semver" }, { "lessThan": "6.7.6", "status": "affected", "version": "6.7.2", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/kasan: Limit KASAN thread size increase to 32KB\n\nKASAN is seen to increase stack usage, to the point that it was reported\nto lead to stack overflow on some 32-bit machines (see link).\n\nTo avoid overflows the stack size was doubled for KASAN builds in\ncommit 3e8635fb2e07 (\"powerpc/kasan: Force thread size increase with\nKASAN\").\n\nHowever with a 32KB stack size to begin with, the doubling leads to a\n64KB stack, which causes build errors:\n arch/powerpc/kernel/switch.S:249: Error: operand out of range (0x000000000000fe50 is not between 0xffffffffffff8000 and 0x0000000000007fff)\n\nAlthough the asm could be reworked, in practice a 32KB stack seems\nsufficient even for KASAN builds - the additional usage seems to be in\nthe 2-3KB range for a 64-bit KASAN build.\n\nSo only increase the stack for KASAN if the stack size is \u003c 32KB." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:18.739Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/4297217bcf1f0948a19c2bacc6b68d92e7778ad9" }, { "url": "https://git.kernel.org/stable/c/4cc31fa07445879a13750cb061bb8c2654975fcb" }, { "url": "https://git.kernel.org/stable/c/b29b16bd836a838b7690f80e37f8376414c74cbe" }, { "url": "https://git.kernel.org/stable/c/f1acb109505d983779bbb7e20a1ee6244d2b5736" } ], "title": "powerpc/kasan: Limit KASAN thread size increase to 32KB", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26710", "datePublished": "2024-04-03T14:55:12.583Z", "dateReserved": "2024-02-19T14:20:24.159Z", "dateUpdated": "2024-11-05T09:14:18.739Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26703
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
tracing/timerlat: Move hrtimer_init to timerlat_fd open()
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26703", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-05T18:03:40.350570Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:26.798Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.874Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5f703935fdb559642d85b2088442ee55a557ae6d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2354d29986ebd138f89c2b73fecf8237e0a4ad6b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1389358bb008e7625942846e9f03554319b7fecc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "kernel/trace/trace_osnoise.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5f703935fdb5", "status": "affected", "version": "e88ed227f639", "versionType": "git" }, { "lessThan": "2354d29986eb", "status": "affected", "version": "e88ed227f639", "versionType": "git" }, { "lessThan": "1389358bb008", "status": "affected", "version": "e88ed227f639", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "kernel/trace/trace_osnoise.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.5" }, { "lessThan": "6.5", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/timerlat: Move hrtimer_init to timerlat_fd open()\n\nCurrently, the timerlat\u0027s hrtimer is initialized at the first read of\ntimerlat_fd, and destroyed at close(). It works, but it causes an error\nif the user program open() and close() the file without reading.\n\nHere\u0027s an example:\n\n # echo NO_OSNOISE_WORKLOAD \u003e /sys/kernel/debug/tracing/osnoise/options\n # echo timerlat \u003e /sys/kernel/debug/tracing/current_tracer\n\n # cat \u003c\u003cEOF \u003e ./timerlat_load.py\n # !/usr/bin/env python3\n\n timerlat_fd = open(\"/sys/kernel/tracing/osnoise/per_cpu/cpu0/timerlat_fd\", \u0027r\u0027)\n timerlat_fd.close();\n EOF\n\n # ./taskset -c 0 ./timerlat_load.py\n\u003cBOOM\u003e\n\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 PID: 2673 Comm: python3 Not tainted 6.6.13-200.fc39.x86_64 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014\n RIP: 0010:hrtimer_active+0xd/0x50\n Code: 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 48 8b 57 30 \u003c8b\u003e 42 10 a8 01 74 09 f3 90 8b 42 10 a8 01 75 f7 80 7f 38 00 75 1d\n RSP: 0018:ffffb031009b7e10 EFLAGS: 00010286\n RAX: 000000000002db00 RBX: ffff9118f786db08 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: ffff9117a0e64400 RDI: ffff9118f786db08\n RBP: ffff9118f786db80 R08: ffff9117a0ddd420 R09: ffff9117804d4f70\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff9118f786db08\n R13: ffff91178fdd5e20 R14: ffff9117840978c0 R15: 0000000000000000\n FS: 00007f2ffbab1740(0000) GS:ffff9118f7840000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000010 CR3: 00000001b402e000 CR4: 0000000000750ee0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x171/0x4e0\n ? srso_alias_return_thunk+0x5/0x7f\n ? avc_has_extended_perms+0x237/0x520\n ? exc_page_fault+0x7f/0x180\n ? asm_exc_page_fault+0x26/0x30\n ? hrtimer_active+0xd/0x50\n hrtimer_cancel+0x15/0x40\n timerlat_fd_release+0x48/0xe0\n __fput+0xf5/0x290\n __x64_sys_close+0x3d/0x80\n do_syscall_64+0x60/0x90\n ? srso_alias_return_thunk+0x5/0x7f\n ? __x64_sys_ioctl+0x72/0xd0\n ? srso_alias_return_thunk+0x5/0x7f\n ? syscall_exit_to_user_mode+0x2b/0x40\n ? srso_alias_return_thunk+0x5/0x7f\n ? do_syscall_64+0x6c/0x90\n ? srso_alias_return_thunk+0x5/0x7f\n ? exit_to_user_mode_prepare+0x142/0x1f0\n ? srso_alias_return_thunk+0x5/0x7f\n ? syscall_exit_to_user_mode+0x2b/0x40\n ? srso_alias_return_thunk+0x5/0x7f\n ? do_syscall_64+0x6c/0x90\n entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n RIP: 0033:0x7f2ffb321594\n Code: 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 80 3d d5 cd 0d 00 00 74 13 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 3c c3 0f 1f 00 55 48 89 e5 48 83 ec 10 89 7d\n RSP: 002b:00007ffe8d8eef18 EFLAGS: 00000202 ORIG_RAX: 0000000000000003\n RAX: ffffffffffffffda RBX: 00007f2ffba4e668 RCX: 00007f2ffb321594\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003\n RBP: 00007ffe8d8eef40 R08: 0000000000000000 R09: 0000000000000000\n R10: 55c926e3167eae79 R11: 0000000000000202 R12: 0000000000000003\n R13: 00007ffe8d8ef030 R14: 0000000000000000 R15: 00007f2ffba4e668\n \u003c/TASK\u003e\n CR2: 0000000000000010\n ---[ end trace 0000000000000000 ]---\n\nMove hrtimer_init to timerlat_fd open() to avoid this problem." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:11.034Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5f703935fdb559642d85b2088442ee55a557ae6d" }, { "url": "https://git.kernel.org/stable/c/2354d29986ebd138f89c2b73fecf8237e0a4ad6b" }, { "url": "https://git.kernel.org/stable/c/1389358bb008e7625942846e9f03554319b7fecc" } ], "title": "tracing/timerlat: Move hrtimer_init to timerlat_fd open()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26703", "datePublished": "2024-04-03T14:55:01.838Z", "dateReserved": "2024-02-19T14:20:24.158Z", "dateUpdated": "2024-11-05T09:14:11.034Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26738
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26738", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:32:38.410311Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:33.182Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.091Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b8315b2e25b4e68e42fcb74630f824b9a5067765" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/46e36ebd5e00a148b67ed77c1d31675996f77c25" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a5c57fd2e9bd1c8ea8613a8f94fd0be5eccbf321" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/powerpc/include/asm/ppc-pci.h", "arch/powerpc/kernel/iommu.c", "arch/powerpc/platforms/pseries/pci_dlpar.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "b8315b2e25b4", "status": "affected", "version": "a940904443e4", "versionType": "git" }, { "lessThan": "46e36ebd5e00", "status": "affected", "version": "a940904443e4", "versionType": "git" }, { "lessThan": "a5c57fd2e9bd", "status": "affected", "version": "a940904443e4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/powerpc/include/asm/ppc-pci.h", "arch/powerpc/kernel/iommu.c", "arch/powerpc/platforms/pseries/pci_dlpar.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.4" }, { "lessThan": "6.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: DLPAR add doesn\u0027t completely initialize pci_controller\n\nWhen a PCI device is dynamically added, the kernel oopses with a NULL\npointer dereference:\n\n BUG: Kernel NULL pointer dereference on read at 0x00000030\n Faulting instruction address: 0xc0000000006bbe5c\n Oops: Kernel access of bad area, sig: 11 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse\n CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66\n Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n NIP: c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8\n REGS: c00000009924f240 TRAP: 0300 Not tainted (6.7.0-203405+)\n MSR: 8000000000009033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 24002220 XER: 20040006\n CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0\n ...\n NIP sysfs_add_link_to_group+0x34/0x94\n LR iommu_device_link+0x5c/0x118\n Call Trace:\n iommu_init_device+0x26c/0x318 (unreliable)\n iommu_device_link+0x5c/0x118\n iommu_init_device+0xa8/0x318\n iommu_probe_device+0xc0/0x134\n iommu_bus_notifier+0x44/0x104\n notifier_call_chain+0xb8/0x19c\n blocking_notifier_call_chain+0x64/0x98\n bus_notify+0x50/0x7c\n device_add+0x640/0x918\n pci_device_add+0x23c/0x298\n of_create_pci_dev+0x400/0x884\n of_scan_pci_dev+0x124/0x1b0\n __of_scan_bus+0x78/0x18c\n pcibios_scan_phb+0x2a4/0x3b0\n init_phb_dynamic+0xb8/0x110\n dlpar_add_slot+0x170/0x3b8 [rpadlpar_io]\n add_slot_store.part.0+0xb4/0x130 [rpadlpar_io]\n kobj_attr_store+0x2c/0x48\n sysfs_kf_write+0x64/0x78\n kernfs_fop_write_iter+0x1b0/0x290\n vfs_write+0x350/0x4a0\n ksys_write+0x84/0x140\n system_call_exception+0x124/0x330\n system_call_vectored_common+0x15c/0x2ec\n\nCommit a940904443e4 (\"powerpc/iommu: Add iommu_ops to report capabilities\nand allow blocking domains\") broke DLPAR add of PCI devices.\n\nThe above added iommu_device structure to pci_controller. During\nsystem boot, PCI devices are discovered and this newly added iommu_device\nstructure is initialized by a call to iommu_device_register().\n\nDuring DLPAR add of a PCI device, a new pci_controller structure is\nallocated but there are no calls made to iommu_device_register()\ninterface.\n\nFix is to register the iommu device during DLPAR add as well." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:50.064Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/b8315b2e25b4e68e42fcb74630f824b9a5067765" }, { "url": "https://git.kernel.org/stable/c/46e36ebd5e00a148b67ed77c1d31675996f77c25" }, { "url": "https://git.kernel.org/stable/c/a5c57fd2e9bd1c8ea8613a8f94fd0be5eccbf321" } ], "title": "powerpc/pseries/iommu: DLPAR add doesn\u0027t completely initialize pci_controller", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26738", "datePublished": "2024-04-03T17:00:24.126Z", "dateReserved": "2024-02-19T14:20:24.166Z", "dateUpdated": "2024-11-05T09:14:50.064Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26699
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.940Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ca400d8e0c1c9d79c08dfb6b7f966e26c8cae7fb" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/46806e59a87790760870d216f54951a5b4d545bc" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26699", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:47.122143Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:29.383Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "ca400d8e0c1c", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "46806e59a877", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr\n\n[Why]\nThere is a potential memory access violation while\niterating through array of dcn35 clks.\n\n[How]\nLimit iteration per array size." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:07.657Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/ca400d8e0c1c9d79c08dfb6b7f966e26c8cae7fb" }, { "url": "https://git.kernel.org/stable/c/46806e59a87790760870d216f54951a5b4d545bc" } ], "title": "drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26699", "datePublished": "2024-04-03T14:54:59.268Z", "dateReserved": "2024-02-19T14:20:24.157Z", "dateUpdated": "2024-11-05T09:14:07.657Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26724
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26724", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-05T17:56:55.554456Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:11.438Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.956Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1596126ea50228f0ed96697bae4e9368fda02c56" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/aa1eec2f546f2afa8c98ec41e5d8ee488165d685" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/mellanox/mlx5/core/dpll.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "1596126ea502", "status": "affected", "version": "496fd0a26bbf", "versionType": "git" }, { "lessThan": "aa1eec2f546f", "status": "affected", "version": "496fd0a26bbf", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/mellanox/mlx5/core/dpll.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.7" }, { "lessThan": "6.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: DPLL, Fix possible use after free after delayed work timer triggers\n\nI managed to hit following use after free warning recently:\n\n[ 2169.711665] ==================================================================\n[ 2169.714009] BUG: KASAN: slab-use-after-free in __run_timers.part.0+0x179/0x4c0\n[ 2169.716293] Write of size 8 at addr ffff88812b326a70 by task swapper/4/0\n\n[ 2169.719022] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 6.8.0-rc2jiri+ #2\n[ 2169.720974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\n[ 2169.722457] Call Trace:\n[ 2169.722756] \u003cIRQ\u003e\n[ 2169.723024] dump_stack_lvl+0x58/0xb0\n[ 2169.723417] print_report+0xc5/0x630\n[ 2169.723807] ? __virt_addr_valid+0x126/0x2b0\n[ 2169.724268] kasan_report+0xbe/0xf0\n[ 2169.724667] ? __run_timers.part.0+0x179/0x4c0\n[ 2169.725116] ? __run_timers.part.0+0x179/0x4c0\n[ 2169.725570] __run_timers.part.0+0x179/0x4c0\n[ 2169.726003] ? call_timer_fn+0x320/0x320\n[ 2169.726404] ? lock_downgrade+0x3a0/0x3a0\n[ 2169.726820] ? kvm_clock_get_cycles+0x14/0x20\n[ 2169.727257] ? ktime_get+0x92/0x150\n[ 2169.727630] ? lapic_next_deadline+0x35/0x60\n[ 2169.728069] run_timer_softirq+0x40/0x80\n[ 2169.728475] __do_softirq+0x1a1/0x509\n[ 2169.728866] irq_exit_rcu+0x95/0xc0\n[ 2169.729241] sysvec_apic_timer_interrupt+0x6b/0x80\n[ 2169.729718] \u003c/IRQ\u003e\n[ 2169.729993] \u003cTASK\u003e\n[ 2169.730259] asm_sysvec_apic_timer_interrupt+0x16/0x20\n[ 2169.730755] RIP: 0010:default_idle+0x13/0x20\n[ 2169.731190] Code: c0 08 00 00 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 72 ff ff ff cc cc cc cc 8b 05 9a 7f 1f 02 85 c0 7e 07 0f 00 2d cf 69 43 00 fb f4 \u003cfa\u003e c3 66 66 2e 0f 1f 84 00 00 00 00 00 65 48 8b 04 25 c0 93 04 00\n[ 2169.732759] RSP: 0018:ffff888100dbfe10 EFLAGS: 00000242\n[ 2169.733264] RAX: 0000000000000001 RBX: ffff888100d9c200 RCX: ffffffff8241bd62\n[ 2169.733925] RDX: ffffed109a848b15 RSI: 0000000000000004 RDI: ffffffff8127ac55\n[ 2169.734566] RBP: 0000000000000004 R08: 0000000000000000 R09: ffffed109a848b14\n[ 2169.735200] R10: ffff8884d42458a3 R11: 000000000000ba7e R12: ffffffff83d7d3a0\n[ 2169.735835] R13: 1ffff110201b7fc6 R14: 0000000000000000 R15: ffff888100d9c200\n[ 2169.736478] ? ct_kernel_exit.constprop.0+0xa2/0xc0\n[ 2169.736954] ? do_idle+0x285/0x290\n[ 2169.737323] default_idle_call+0x63/0x90\n[ 2169.737730] do_idle+0x285/0x290\n[ 2169.738089] ? arch_cpu_idle_exit+0x30/0x30\n[ 2169.738511] ? mark_held_locks+0x1a/0x80\n[ 2169.738917] ? lockdep_hardirqs_on_prepare+0x12e/0x200\n[ 2169.739417] cpu_startup_entry+0x30/0x40\n[ 2169.739825] start_secondary+0x19a/0x1c0\n[ 2169.740229] ? set_cpu_sibling_map+0xbd0/0xbd0\n[ 2169.740673] secondary_startup_64_no_verify+0x15d/0x16b\n[ 2169.741179] \u003c/TASK\u003e\n\n[ 2169.741686] Allocated by task 1098:\n[ 2169.742058] kasan_save_stack+0x1c/0x40\n[ 2169.742456] kasan_save_track+0x10/0x30\n[ 2169.742852] __kasan_kmalloc+0x83/0x90\n[ 2169.743246] mlx5_dpll_probe+0xf5/0x3c0 [mlx5_dpll]\n[ 2169.743730] auxiliary_bus_probe+0x62/0xb0\n[ 2169.744148] really_probe+0x127/0x590\n[ 2169.744534] __driver_probe_device+0xd2/0x200\n[ 2169.744973] device_driver_attach+0x6b/0xf0\n[ 2169.745402] bind_store+0x90/0xe0\n[ 2169.745761] kernfs_fop_write_iter+0x1df/0x2a0\n[ 2169.746210] vfs_write+0x41f/0x790\n[ 2169.746579] ksys_write+0xc7/0x160\n[ 2169.746947] do_syscall_64+0x6f/0x140\n[ 2169.747333] entry_SYSCALL_64_after_hwframe+0x46/0x4e\n\n[ 2169.748049] Freed by task 1220:\n[ 2169.748393] kasan_save_stack+0x1c/0x40\n[ 2169.748789] kasan_save_track+0x10/0x30\n[ 2169.749188] kasan_save_free_info+0x3b/0x50\n[ 2169.749621] poison_slab_object+0x106/0x180\n[ 2169.750044] __kasan_slab_free+0x14/0x50\n[ 2169.750451] kfree+0x118/0x330\n[ 2169.750792] mlx5_dpll_remove+0xf5/0x110 [mlx5_dpll]\n[ 2169.751271] auxiliary_bus_remove+0x2e/0x40\n[ 2169.751694] device_release_driver_internal+0x24b/0x2e0\n[ 2169.752191] unbind_store+0xa6/0xb0\n[ 2169.752563] kernfs_fo\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:34.495Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/1596126ea50228f0ed96697bae4e9368fda02c56" }, { "url": "https://git.kernel.org/stable/c/aa1eec2f546f2afa8c98ec41e5d8ee488165d685" } ], "title": "net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26724", "datePublished": "2024-04-03T14:55:23.349Z", "dateReserved": "2024-02-19T14:20:24.163Z", "dateUpdated": "2024-11-05T09:14:34.495Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26787
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
mmc: mmci: stm32: fix DMA API overlapping mappings warning
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.461Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0224cbc53ba82b84affa7619b6d1b1a254bc2c53" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5ae5060e17a3fc38e54c3e5bd8abd6b1d5bfae7c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/70af82bb9c897faa25a44e4181f36c60312b71ef" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/176e66269f0de327375fc0ea51c12c2f5a97e4c4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d610a307225951929b9dff807788439454476f85" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6b1ba3f9040be5efc4396d86c9752cdc564730be" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26787", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:02.092511Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:51.566Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/mmc/host/mmci_stm32_sdmmc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "0224cbc53ba8", "status": "affected", "version": "46b723dd867d", "versionType": "git" }, { "lessThan": "5ae5060e17a3", "status": "affected", "version": "46b723dd867d", "versionType": "git" }, { "lessThan": "70af82bb9c89", "status": "affected", "version": "46b723dd867d", "versionType": "git" }, { "lessThan": "176e66269f0d", "status": "affected", "version": "46b723dd867d", "versionType": "git" }, { "lessThan": "d610a3072259", "status": "affected", "version": "46b723dd867d", "versionType": "git" }, { "lessThan": "6b1ba3f9040b", "status": "affected", "version": "46b723dd867d", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/mmc/host/mmci_stm32_sdmmc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.20" }, { "lessThan": "4.20", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.213", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.152", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: mmci: stm32: fix DMA API overlapping mappings warning\n\nTurning on CONFIG_DMA_API_DEBUG_SG results in the following warning:\n\nDMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST,\noverlapping mappings aren\u0027t supported\nWARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568\nadd_dma_entry+0x234/0x2f4\nModules linked in:\nCPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1\nHardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT)\nWorkqueue: events_freezable mmc_rescan\nCall trace:\nadd_dma_entry+0x234/0x2f4\ndebug_dma_map_sg+0x198/0x350\n__dma_map_sg_attrs+0xa0/0x110\ndma_map_sg_attrs+0x10/0x2c\nsdmmc_idma_prep_data+0x80/0xc0\nmmci_prep_data+0x38/0x84\nmmci_start_data+0x108/0x2dc\nmmci_request+0xe4/0x190\n__mmc_start_request+0x68/0x140\nmmc_start_request+0x94/0xc0\nmmc_wait_for_req+0x70/0x100\nmmc_send_tuning+0x108/0x1ac\nsdmmc_execute_tuning+0x14c/0x210\nmmc_execute_tuning+0x48/0xec\nmmc_sd_init_uhs_card.part.0+0x208/0x464\nmmc_sd_init_card+0x318/0x89c\nmmc_attach_sd+0xe4/0x180\nmmc_rescan+0x244/0x320\n\nDMA API debug brings to light leaking dma-mappings as dma_map_sg and\ndma_unmap_sg are not correctly balanced.\n\nIf an error occurs in mmci_cmd_irq function, only mmci_dma_error\nfunction is called and as this API is not managed on stm32 variant,\ndma_unmap_sg is never called in this error path." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:48.930Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/0224cbc53ba82b84affa7619b6d1b1a254bc2c53" }, { "url": "https://git.kernel.org/stable/c/5ae5060e17a3fc38e54c3e5bd8abd6b1d5bfae7c" }, { "url": "https://git.kernel.org/stable/c/70af82bb9c897faa25a44e4181f36c60312b71ef" }, { "url": "https://git.kernel.org/stable/c/176e66269f0de327375fc0ea51c12c2f5a97e4c4" }, { "url": "https://git.kernel.org/stable/c/d610a307225951929b9dff807788439454476f85" }, { "url": "https://git.kernel.org/stable/c/6b1ba3f9040be5efc4396d86c9752cdc564730be" } ], "title": "mmc: mmci: stm32: fix DMA API overlapping mappings warning", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26787", "datePublished": "2024-04-04T08:20:19.751Z", "dateReserved": "2024-02-19T14:20:24.178Z", "dateUpdated": "2024-11-05T09:15:48.930Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26766
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26766", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:11:09.801717Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:44.178Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.309Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/115b7f3bc1dce590a6851a2dcf23dc1100c49790" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5833024a9856f454a964a198c63a57e59e07baf5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3f38d22e645e2e994979426ea5a35186102ff3c2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/47ae64df23ed1318e27bd9844e135a5e1c0e6e39" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/52dc9a7a573dbf778625a0efca0fca55489f084b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a2fef1d81becf4ff60e1a249477464eae3c3bc2a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9034a1bec35e9f725315a3bb6002ef39666114d9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e6f57c6881916df39db7d95981a8ad2b9c3458d6" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/infiniband/hw/hfi1/sdma.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "115b7f3bc1dc", "status": "affected", "version": "d1c1ee052d25", "versionType": "git" }, { "lessThan": "5833024a9856", "status": "affected", "version": "40ac5cb6cbb0", "versionType": "git" }, { "lessThan": "3f38d22e645e", "status": "affected", "version": "6cf8f3d690bb", "versionType": "git" }, { "lessThan": "47ae64df23ed", "status": "affected", "version": "bd57756a7e43", "versionType": "git" }, { "lessThan": "52dc9a7a573d", "status": "affected", "version": "eeaf35f4e3b3", "versionType": "git" }, { "lessThan": "a2fef1d81bec", "status": "affected", "version": "fd8958efe877", "versionType": "git" }, { "lessThan": "9034a1bec35e", "status": "affected", "version": "fd8958efe877", "versionType": "git" }, { "lessThan": "e6f57c688191", "status": "affected", "version": "fd8958efe877", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/infiniband/hw/hfi1/sdma.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.3" }, { "lessThan": "6.3", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.308", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix sdma.h tx-\u003enum_descs off-by-one error\n\nUnfortunately the commit `fd8958efe877` introduced another error\ncausing the `descs` array to overflow. This reults in further crashes\neasily reproducible by `sendmsg` system call.\n\n[ 1080.836473] general protection fault, probably for non-canonical address 0x400300015528b00a: 0000 [#1] PREEMPT SMP PTI\n[ 1080.869326] RIP: 0010:hfi1_ipoib_build_ib_tx_headers.constprop.0+0xe1/0x2b0 [hfi1]\n--\n[ 1080.974535] Call Trace:\n[ 1080.976990] \u003cTASK\u003e\n[ 1081.021929] hfi1_ipoib_send_dma_common+0x7a/0x2e0 [hfi1]\n[ 1081.027364] hfi1_ipoib_send_dma_list+0x62/0x270 [hfi1]\n[ 1081.032633] hfi1_ipoib_send+0x112/0x300 [hfi1]\n[ 1081.042001] ipoib_start_xmit+0x2a9/0x2d0 [ib_ipoib]\n[ 1081.046978] dev_hard_start_xmit+0xc4/0x210\n--\n[ 1081.148347] __sys_sendmsg+0x59/0xa0\n\ncrash\u003e ipoib_txreq 0xffff9cfeba229f00\nstruct ipoib_txreq {\n txreq = {\n list = {\n next = 0xffff9cfeba229f00,\n prev = 0xffff9cfeba229f00\n },\n descp = 0xffff9cfeba229f40,\n coalesce_buf = 0x0,\n wait = 0xffff9cfea4e69a48,\n complete = 0xffffffffc0fe0760 \u003chfi1_ipoib_sdma_complete\u003e,\n packet_len = 0x46d,\n tlen = 0x0,\n num_desc = 0x0,\n desc_limit = 0x6,\n next_descq_idx = 0x45c,\n coalesce_idx = 0x0,\n flags = 0x0,\n descs = {{\n qw = {0x8024000120dffb00, 0x4} # SDMA_DESC0_FIRST_DESC_FLAG (bit 63)\n }, {\n qw = { 0x3800014231b108, 0x4}\n }, {\n qw = { 0x310000e4ee0fcf0, 0x8}\n }, {\n qw = { 0x3000012e9f8000, 0x8}\n }, {\n qw = { 0x59000dfb9d0000, 0x8}\n }, {\n qw = { 0x78000e02e40000, 0x8}\n }}\n },\n sdma_hdr = 0x400300015528b000, \u003c\u003c\u003c invalid pointer in the tx request structure\n sdma_status = 0x0, SDMA_DESC0_LAST_DESC_FLAG (bit 62)\n complete = 0x0,\n priv = 0x0,\n txq = 0xffff9cfea4e69880,\n skb = 0xffff9d099809f400\n}\n\nIf an SDMA send consists of exactly 6 descriptors and requires dword\npadding (in the 7th descriptor), the sdma_txreq descriptor array is not\nproperly expanded and the packet will overflow into the container\nstructure. This results in a panic when the send completion runs. The\nexact panic varies depending on what elements of the container structure\nget corrupted. The fix is to use the correct expression in\n_pad_sdma_tx_descs() to test the need to expand the descriptor array.\n\nWith this patch the crashes are no longer reproducible and the machine is\nstable." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:21.749Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/115b7f3bc1dce590a6851a2dcf23dc1100c49790" }, { "url": "https://git.kernel.org/stable/c/5833024a9856f454a964a198c63a57e59e07baf5" }, { "url": "https://git.kernel.org/stable/c/3f38d22e645e2e994979426ea5a35186102ff3c2" }, { "url": "https://git.kernel.org/stable/c/47ae64df23ed1318e27bd9844e135a5e1c0e6e39" }, { "url": "https://git.kernel.org/stable/c/52dc9a7a573dbf778625a0efca0fca55489f084b" }, { "url": "https://git.kernel.org/stable/c/a2fef1d81becf4ff60e1a249477464eae3c3bc2a" }, { "url": "https://git.kernel.org/stable/c/9034a1bec35e9f725315a3bb6002ef39666114d9" }, { "url": "https://git.kernel.org/stable/c/e6f57c6881916df39db7d95981a8ad2b9c3458d6" } ], "title": "IB/hfi1: Fix sdma.h tx-\u003enum_descs off-by-one error", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26766", "datePublished": "2024-04-03T17:00:48.642Z", "dateReserved": "2024-02-19T14:20:24.173Z", "dateUpdated": "2024-11-05T09:15:21.749Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26770
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
HID: nvidia-shield: Add missing null pointer checks to LED initialization
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.354Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/83527a13740f57b45f162e3af4c7db4b88521100" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e71cc4a1e584293deafff1a7dea614b0210d0443" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b6eda11c44dc89a681e1c105f0f4660e69b1e183" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26770", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:24.782459Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:11.391Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/hid/hid-nvidia-shield.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "83527a13740f", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "e71cc4a1e584", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "b6eda11c44dc", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/hid/hid-nvidia-shield.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: nvidia-shield: Add missing null pointer checks to LED initialization\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity.\n\n[jkosina@suse.com: tweak changelog a bit]" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:28.984Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/83527a13740f57b45f162e3af4c7db4b88521100" }, { "url": "https://git.kernel.org/stable/c/e71cc4a1e584293deafff1a7dea614b0210d0443" }, { "url": "https://git.kernel.org/stable/c/b6eda11c44dc89a681e1c105f0f4660e69b1e183" } ], "title": "HID: nvidia-shield: Add missing null pointer checks to LED initialization", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26770", "datePublished": "2024-04-03T17:00:56.894Z", "dateReserved": "2024-02-19T14:20:24.175Z", "dateUpdated": "2024-11-05T09:15:28.984Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26756
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
md: Don't register sync_thread for reshape directly
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26756", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T19:28:01.094375Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T19:28:07.779Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.242Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/13b520fb62b772e408f9b79c5fe18ad414e90417" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ad39c08186f8a0f221337985036ba86731d6aafe" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/md/md.c", "drivers/md/raid10.c", "drivers/md/raid5.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "13b520fb62b7", "status": "affected", "version": "f67055780caa", "versionType": "git" }, { "lessThan": "ad39c08186f8", "status": "affected", "version": "f67055780caa", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/md/md.c", "drivers/md/raid10.c", "drivers/md/raid5.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "2.6.17" }, { "lessThan": "2.6.17", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\u0027t register sync_thread for reshape directly\n\nCurrently, if reshape is interrupted, then reassemble the array will\nregister sync_thread directly from pers-\u003erun(), in this case\n\u0027MD_RECOVERY_RUNNING\u0027 is set directly, however, there is no guarantee\nthat md_do_sync() will be executed, hence stop_sync_thread() will hang\nbecause \u0027MD_RECOVERY_RUNNING\u0027 can\u0027t be cleared.\n\nLast patch make sure that md_do_sync() will set MD_RECOVERY_DONE,\nhowever, following hang can still be triggered by dm-raid test\nshell/lvconvert-raid-reshape.sh occasionally:\n\n[root@fedora ~]# cat /proc/1982/stack\n[\u003c0\u003e] stop_sync_thread+0x1ab/0x270 [md_mod]\n[\u003c0\u003e] md_frozen_sync_thread+0x5c/0xa0 [md_mod]\n[\u003c0\u003e] raid_presuspend+0x1e/0x70 [dm_raid]\n[\u003c0\u003e] dm_table_presuspend_targets+0x40/0xb0 [dm_mod]\n[\u003c0\u003e] __dm_destroy+0x2a5/0x310 [dm_mod]\n[\u003c0\u003e] dm_destroy+0x16/0x30 [dm_mod]\n[\u003c0\u003e] dev_remove+0x165/0x290 [dm_mod]\n[\u003c0\u003e] ctl_ioctl+0x4bb/0x7b0 [dm_mod]\n[\u003c0\u003e] dm_ctl_ioctl+0x11/0x20 [dm_mod]\n[\u003c0\u003e] vfs_ioctl+0x21/0x60\n[\u003c0\u003e] __x64_sys_ioctl+0xb9/0xe0\n[\u003c0\u003e] do_syscall_64+0xc6/0x230\n[\u003c0\u003e] entry_SYSCALL_64_after_hwframe+0x6c/0x74\n\nMeanwhile mddev-\u003erecovery is:\nMD_RECOVERY_RUNNING |\nMD_RECOVERY_INTR |\nMD_RECOVERY_RESHAPE |\nMD_RECOVERY_FROZEN\n\nFix this problem by remove the code to register sync_thread directly\nfrom raid10 and raid5. And let md_check_recovery() to register\nsync_thread." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:10.500Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/13b520fb62b772e408f9b79c5fe18ad414e90417" }, { "url": "https://git.kernel.org/stable/c/ad39c08186f8a0f221337985036ba86731d6aafe" } ], "title": "md: Don\u0027t register sync_thread for reshape directly", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26756", "datePublished": "2024-04-03T17:00:40.814Z", "dateReserved": "2024-02-19T14:20:24.170Z", "dateUpdated": "2024-11-05T09:15:10.500Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26720
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.922Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c593d26fb5d577ef31b6e49a31e08ae3ebc1bc1e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1f12e4b3284d6c863f272eb2de0d4248ed211cf4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/81e7d2530d458548b90a5c5e76b77ad5e5d1c0df" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5099871b370335809c0fd1abad74d9c7c205d43f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/16b1025eaa8fc223ab4273ece20d1c3a4211a95d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ec18ec230301583395576915d274b407743d8f6c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/65977bed167a92e87085e757fffa5798f7314c9f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9319b647902cbd5cc884ac08a8a6d54ce111fc78" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26720", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:20.181139Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:22.917Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "mm/page-writeback.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "c593d26fb5d5", "status": "affected", "version": "f6789593d5ce", "versionType": "git" }, { "lessThan": "253f9ea7e8e5", "status": "affected", "version": "f6789593d5ce", "versionType": "git" }, { "lessThan": "1f12e4b3284d", "status": "affected", "version": "f6789593d5ce", "versionType": "git" }, { "lessThan": "23a28f5f3f6c", "status": "affected", "version": "f6789593d5ce", "versionType": "git" }, { "lessThan": "81e7d2530d45", "status": "affected", "version": "f6789593d5ce", "versionType": "git" }, { "lessThan": "145faa3d0368", "status": "affected", "version": "f6789593d5ce", "versionType": "git" }, { "lessThan": "5099871b3703", "status": "affected", "version": "f6789593d5ce", "versionType": "git" }, { "lessThan": "2820005edae1", "status": "affected", "version": "f6789593d5ce", "versionType": "git" }, { "lessThan": "16b1025eaa8f", "status": "affected", "version": "f6789593d5ce", "versionType": "git" }, { "lessThan": "cbbe17a32443", "status": "affected", "version": "f6789593d5ce", "versionType": "git" }, { "lessThan": "ec18ec230301", "status": "affected", "version": "f6789593d5ce", "versionType": "git" }, { "lessThan": "f6620df12cb6", "status": "affected", "version": "f6789593d5ce", "versionType": "git" }, { "lessThan": "65977bed167a", "status": "affected", "version": "f6789593d5ce", "versionType": "git" }, { "lessThan": "9319b647902c", "status": "affected", "version": "f6789593d5ce", "versionType": "git" }, { "lessThan": "000099d71648", "status": "affected", "version": "f6789593d5ce", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "mm/page-writeback.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.16" }, { "lessThan": "3.16", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.307", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.318", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.269", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.280", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.222", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.163", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.98", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.39", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.9", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\n\n(struct dirty_throttle_control *)-\u003ethresh is an unsigned long, but is\npassed as the u32 divisor argument to div_u64(). On architectures where\nunsigned long is 64 bytes, the argument will be implicitly truncated.\n\nUse div64_u64() instead of div_u64() so that the value used in the \"is\nthis a safe division\" check is the same as the divisor.\n\nAlso, remove redundant cast of the numerator to u64, as that should happen\nimplicitly.\n\nThis would be difficult to exploit in memcg domain, given the ratio-based\narithmetic domain_drity_limits() uses, but is much easier in global\nwriteback domain with a BDI_CAP_STRICTLIMIT-backing device, using e.g. \nvm.dirty_bytes=(1\u003c\u003c32)*PAGE_SIZE so that dtc-\u003ethresh == (1\u003c\u003c32)" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:29.969Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/c593d26fb5d577ef31b6e49a31e08ae3ebc1bc1e" }, { "url": "https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a" }, { "url": "https://git.kernel.org/stable/c/1f12e4b3284d6c863f272eb2de0d4248ed211cf4" }, { "url": "https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807" }, { "url": "https://git.kernel.org/stable/c/81e7d2530d458548b90a5c5e76b77ad5e5d1c0df" }, { "url": "https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c" }, { "url": "https://git.kernel.org/stable/c/5099871b370335809c0fd1abad74d9c7c205d43f" }, { "url": "https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59" }, { "url": "https://git.kernel.org/stable/c/16b1025eaa8fc223ab4273ece20d1c3a4211a95d" }, { "url": "https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00" }, { "url": "https://git.kernel.org/stable/c/ec18ec230301583395576915d274b407743d8f6c" }, { "url": "https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d" }, { "url": "https://git.kernel.org/stable/c/65977bed167a92e87085e757fffa5798f7314c9f" }, { "url": "https://git.kernel.org/stable/c/9319b647902cbd5cc884ac08a8a6d54ce111fc78" }, { "url": "https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec" } ], "title": "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26720", "datePublished": "2024-04-03T14:55:20.286Z", "dateReserved": "2024-02-19T14:20:24.161Z", "dateUpdated": "2024-11-05T09:14:29.969Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26767
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
drm/amd/display: fixed integer types and null check locations
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26767", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T19:27:45.666742Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T19:27:54.746Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.326Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/71783d1ff65204d69207fd156d4b2eb1d3882375" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/beea9ab9080cd2ef46296070bb327af066ee09d7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0484e05d048b66d01d1f3c1d2306010bb57d8738" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c", "drivers/gpu/drm/amd/display/dc/link/link_validation.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "71783d1ff652", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "beea9ab9080c", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "0484e05d048b", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c", "drivers/gpu/drm/amd/display/dc/link/link_validation.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fixed integer types and null check locations\n\n[why]:\nissues fixed:\n- comparison with wider integer type in loop condition which can cause\ninfinite loops\n- pointer dereference before null check" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:22.840Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/71783d1ff65204d69207fd156d4b2eb1d3882375" }, { "url": "https://git.kernel.org/stable/c/beea9ab9080cd2ef46296070bb327af066ee09d7" }, { "url": "https://git.kernel.org/stable/c/0484e05d048b66d01d1f3c1d2306010bb57d8738" } ], "title": "drm/amd/display: fixed integer types and null check locations", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26767", "datePublished": "2024-04-03T17:00:49.315Z", "dateReserved": "2024-02-19T14:20:24.173Z", "dateUpdated": "2024-11-05T09:15:22.840Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26780
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
af_unix: Fix task hung while purging oob_skb in GC.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.403Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/36f7371de977f805750748e80279be7e370df85c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2a3d40b4025fcfe51b04924979f1653993b17669" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/69e0f04460f4037e01e29f0d9675544f62aafca3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cb8890318dde26fc89c6ea67d6e9070ab50b6e91" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/25236c91b5ab4a26a56ba2e79b8060cf4e047839" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26780", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:08.468266Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:52.933Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/unix/garbage.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "36f7371de977", "status": "affected", "version": "4fe505c63aa3", "versionType": "git" }, { "lessThan": "2a3d40b4025f", "status": "affected", "version": "e0e09186d882", "versionType": "git" }, { "lessThan": "69e0f04460f4", "status": "affected", "version": "b74aa9ce13d0", "versionType": "git" }, { "lessThan": "cb8890318dde", "status": "affected", "version": "82ae47c5c3a6", "versionType": "git" }, { "lessThan": "25236c91b5ab", "status": "affected", "version": "1279f9d9dec2", "versionType": "git" } ] }, { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/unix/garbage.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "6.1.81", "status": "affected", "version": "6.1.78", "versionType": "semver" }, { "lessThan": "6.6.21", "status": "affected", "version": "6.6.17", "versionType": "semver" }, { "lessThan": "6.7.9", "status": "affected", "version": "6.7.5", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Fix task hung while purging oob_skb in GC.\n\nsyzbot reported a task hung; at the same time, GC was looping infinitely\nin list_for_each_entry_safe() for OOB skb. [0]\n\nsyzbot demonstrated that the list_for_each_entry_safe() was not actually\nsafe in this case.\n\nA single skb could have references for multiple sockets. If we free such\na skb in the list_for_each_entry_safe(), the current and next sockets could\nbe unlinked in a single iteration.\n\nunix_notinflight() uses list_del_init() to unlink the socket, so the\nprefetched next socket forms a loop itself and list_for_each_entry_safe()\nnever stops.\n\nHere, we must use while() and make sure we always fetch the first socket.\n\n[0]:\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 5065 Comm: syz-executor236 Not tainted 6.8.0-rc3-syzkaller-00136-g1f719a2f3fa6 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nRIP: 0010:preempt_count arch/x86/include/asm/preempt.h:26 [inline]\nRIP: 0010:check_kcov_mode kernel/kcov.c:173 [inline]\nRIP: 0010:__sanitizer_cov_trace_pc+0xd/0x60 kernel/kcov.c:207\nCode: cc cc cc cc 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 48 8b 14 25 40 c2 03 00 \u003c65\u003e 8b 05 b4 7c 78 7e a9 00 01 ff 00 48 8b 34 24 74 0f f6 c4 01 74\nRSP: 0018:ffffc900033efa58 EFLAGS: 00000283\nRAX: ffff88807b077800 RBX: ffff88807b077800 RCX: 1ffffffff27b1189\nRDX: ffff88802a5a3b80 RSI: ffffffff8968488d RDI: ffff88807b077f70\nRBP: ffffc900033efbb0 R08: 0000000000000001 R09: fffffbfff27a900c\nR10: ffffffff93d48067 R11: ffffffff8ae000eb R12: ffff88807b077800\nR13: dffffc0000000000 R14: ffff88807b077e40 R15: 0000000000000001\nFS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000564f4fc1e3a8 CR3: 000000000d57a000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cTASK\u003e\n unix_gc+0x563/0x13b0 net/unix/garbage.c:319\n unix_release_sock+0xa93/0xf80 net/unix/af_unix.c:683\n unix_release+0x91/0xf0 net/unix/af_unix.c:1064\n __sock_release+0xb0/0x270 net/socket.c:659\n sock_close+0x1c/0x30 net/socket.c:1421\n __fput+0x270/0xb80 fs/file_table.c:376\n task_work_run+0x14f/0x250 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0xa8a/0x2ad0 kernel/exit.c:871\n do_group_exit+0xd4/0x2a0 kernel/exit.c:1020\n __do_sys_exit_group kernel/exit.c:1031 [inline]\n __se_sys_exit_group kernel/exit.c:1029 [inline]\n __x64_sys_exit_group+0x3e/0x50 kernel/exit.c:1029\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd5/0x270 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\nRIP: 0033:0x7f9d6cbdac09\nCode: Unable to access opcode bytes at 0x7f9d6cbdabdf.\nRSP: 002b:00007fff5952feb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9d6cbdac09\nRDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000\nRBP: 00007f9d6cc552b0 R08: ffffffffffffffb8 R09: 0000000000000006\nR10: 0000000000000006 R11: 0000000000000246 R12: 00007f9d6cc552b0\nR13: 0000000000000000 R14: 00007f9d6cc55d00 R15: 00007f9d6cbabe70\n \u003c/TASK\u003e" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:41.057Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/36f7371de977f805750748e80279be7e370df85c" }, { "url": "https://git.kernel.org/stable/c/2a3d40b4025fcfe51b04924979f1653993b17669" }, { "url": "https://git.kernel.org/stable/c/69e0f04460f4037e01e29f0d9675544f62aafca3" }, { "url": "https://git.kernel.org/stable/c/cb8890318dde26fc89c6ea67d6e9070ab50b6e91" }, { "url": "https://git.kernel.org/stable/c/25236c91b5ab4a26a56ba2e79b8060cf4e047839" } ], "title": "af_unix: Fix task hung while purging oob_skb in GC.", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26780", "datePublished": "2024-04-04T08:20:15.120Z", "dateReserved": "2024-02-19T14:20:24.177Z", "dateUpdated": "2024-11-05T09:15:41.057Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26764
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26764", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:05:37.687851Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:01.111Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.386Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ea1cd64d59f22d6d13f367d62ec6e27b9344695f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d7b6fa97ec894edd02f64b83e5e72e1aa352f353" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/18f614369def2a11a52f569fe0f910b199d13487" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e7e23fc5d5fe422827c9a43ecb579448f73876c7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1dc7d74fe456944a9b1c57bd776280249f441ac6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b820de741ae48ccf50dd95e297889c286ff4f760" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/aio.c", "include/linux/fs.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "337b543e274f", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "b4eea7a05ee0", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "ea1cd64d59f2", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "d7b6fa97ec89", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "18f614369def", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "e7e23fc5d5fe", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "1dc7d74fe456", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "b820de741ae4", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/aio.c", "include/linux/fs.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.308", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio\n\nIf kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the\nfollowing kernel warning appears:\n\nWARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8\nCall trace:\n kiocb_set_cancel_fn+0x9c/0xa8\n ffs_epfile_read_iter+0x144/0x1d0\n io_read+0x19c/0x498\n io_issue_sqe+0x118/0x27c\n io_submit_sqes+0x25c/0x5fc\n __arm64_sys_io_uring_enter+0x104/0xab0\n invoke_syscall+0x58/0x11c\n el0_svc_common+0xb4/0xf4\n do_el0_svc+0x2c/0xb0\n el0_svc+0x2c/0xa4\n el0t_64_sync_handler+0x68/0xb4\n el0t_64_sync+0x1a4/0x1a8\n\nFix this by setting the IOCB_AIO_RW flag for read and write I/O that is\nsubmitted by libaio." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:19.561Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f" }, { "url": "https://git.kernel.org/stable/c/b4eea7a05ee0ab5ab0514421e6ba8c5d249cf942" }, { "url": "https://git.kernel.org/stable/c/ea1cd64d59f22d6d13f367d62ec6e27b9344695f" }, { "url": "https://git.kernel.org/stable/c/d7b6fa97ec894edd02f64b83e5e72e1aa352f353" }, { "url": "https://git.kernel.org/stable/c/18f614369def2a11a52f569fe0f910b199d13487" }, { "url": "https://git.kernel.org/stable/c/e7e23fc5d5fe422827c9a43ecb579448f73876c7" }, { "url": "https://git.kernel.org/stable/c/1dc7d74fe456944a9b1c57bd776280249f441ac6" }, { "url": "https://git.kernel.org/stable/c/b820de741ae48ccf50dd95e297889c286ff4f760" } ], "title": "fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26764", "datePublished": "2024-04-03T17:00:46.962Z", "dateReserved": "2024-02-19T14:20:24.172Z", "dateUpdated": "2024-11-05T09:15:19.561Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26771
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
dmaengine: ti: edma: Add some null pointer checks to the edma_probe
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26771", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-08T14:05:41.933267Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:46.373Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.369Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c432094aa7c9970f2fa10d2305d550d3810657ce" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4fe4e5adc7d29d214c59b59f61db73dec505ca3d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9d508c897153ae8dd79303f7f035f078139f6b49" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7b24760f3a3c7ae1a176d343136b6c25174b7b27" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f2a5e30d1e9a629de6179fa23923a318d5feb29e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6e2276203ac9ff10fc76917ec9813c660f627369" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/dma/ti/edma.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "c432094aa7c9", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "4fe4e5adc7d2", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "9d508c897153", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "7b24760f3a3c", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "f2a5e30d1e9a", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "6e2276203ac9", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/dma/ti/edma.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: ti: edma: Add some null pointer checks to the edma_probe\n\ndevm_kasprintf() returns a pointer to dynamically allocated memory\nwhich can be NULL upon failure. Ensure the allocation was successful\nby checking the pointer validity." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:30.551Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/c432094aa7c9970f2fa10d2305d550d3810657ce" }, { "url": "https://git.kernel.org/stable/c/4fe4e5adc7d29d214c59b59f61db73dec505ca3d" }, { "url": "https://git.kernel.org/stable/c/9d508c897153ae8dd79303f7f035f078139f6b49" }, { "url": "https://git.kernel.org/stable/c/7b24760f3a3c7ae1a176d343136b6c25174b7b27" }, { "url": "https://git.kernel.org/stable/c/f2a5e30d1e9a629de6179fa23923a318d5feb29e" }, { "url": "https://git.kernel.org/stable/c/6e2276203ac9ff10fc76917ec9813c660f627369" } ], "title": "dmaengine: ti: edma: Add some null pointer checks to the edma_probe", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26771", "datePublished": "2024-04-03T17:00:57.918Z", "dateReserved": "2024-02-19T14:20:24.175Z", "dateUpdated": "2024-11-05T09:15:30.551Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26685
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-07 14:55
Severity ?
EPSS score ?
Summary
nilfs2: fix potential bug in end_buffer_async_write
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26685", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:35:50.019246Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-07T14:55:46.383Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.823Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c4a09fdac625e64abe478dcf88bfa20406616928" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d31c8721e816eff5ca6573cc487754f357c093cd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f3e4963566f58726d3265a727116a42b591f6596" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8fa90634ec3e9cc50f42dd605eec60f2d146ced8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6589f0f72f8edd1fa11adce4eedbd3615f2e78ab" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2c3bdba00283a6c7a5b19481a59a730f46063803" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/626daab3811b772086aef1bf8eed3ffe6f523eff" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5bc09b397cbf1221f8a8aacb1152650c9195b02b" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/nilfs2/segment.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "c4a09fdac625", "status": "affected", "version": "7f42ec394156", "versionType": "git" }, { "lessThan": "d31c8721e816", "status": "affected", "version": "7f42ec394156", "versionType": "git" }, { "lessThan": "f3e4963566f5", "status": "affected", "version": "7f42ec394156", "versionType": "git" }, { "lessThan": "8fa90634ec3e", "status": "affected", "version": "7f42ec394156", "versionType": "git" }, { "lessThan": "6589f0f72f8e", "status": "affected", "version": "7f42ec394156", "versionType": "git" }, { "lessThan": "2c3bdba00283", "status": "affected", "version": "7f42ec394156", "versionType": "git" }, { "lessThan": "626daab3811b", "status": "affected", "version": "7f42ec394156", "versionType": "git" }, { "lessThan": "5bc09b397cbf", "status": "affected", "version": "7f42ec394156", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/nilfs2/segment.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.12" }, { "lessThan": "3.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.307", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.269", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential bug in end_buffer_async_write\n\nAccording to a syzbot report, end_buffer_async_write(), which handles the\ncompletion of block device writes, may detect abnormal condition of the\nbuffer async_write flag and cause a BUG_ON failure when using nilfs2.\n\nNilfs2 itself does not use end_buffer_async_write(). But, the async_write\nflag is now used as a marker by commit 7f42ec394156 (\"nilfs2: fix issue\nwith race condition of competition between segments for dirty blocks\") as\na means of resolving double list insertion of dirty blocks in\nnilfs_lookup_dirty_data_buffers() and nilfs_lookup_node_buffers() and the\nresulting crash.\n\nThis modification is safe as long as it is used for file data and b-tree\nnode blocks where the page caches are independent. However, it was\nirrelevant and redundant to also introduce async_write for segment summary\nand super root blocks that share buffers with the backing device. This\nled to the possibility that the BUG_ON check in end_buffer_async_write\nwould fail as described above, if independent writebacks of the backing\ndevice occurred in parallel.\n\nThe use of async_write for segment summary buffers has already been\nremoved in a previous change.\n\nFix this issue by removing the manipulation of the async_write flag for\nthe remaining super root block buffer." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:13:51.866Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/c4a09fdac625e64abe478dcf88bfa20406616928" }, { "url": "https://git.kernel.org/stable/c/d31c8721e816eff5ca6573cc487754f357c093cd" }, { "url": "https://git.kernel.org/stable/c/f3e4963566f58726d3265a727116a42b591f6596" }, { "url": "https://git.kernel.org/stable/c/8fa90634ec3e9cc50f42dd605eec60f2d146ced8" }, { "url": "https://git.kernel.org/stable/c/6589f0f72f8edd1fa11adce4eedbd3615f2e78ab" }, { "url": "https://git.kernel.org/stable/c/2c3bdba00283a6c7a5b19481a59a730f46063803" }, { "url": "https://git.kernel.org/stable/c/626daab3811b772086aef1bf8eed3ffe6f523eff" }, { "url": "https://git.kernel.org/stable/c/5bc09b397cbf1221f8a8aacb1152650c9195b02b" } ], "title": "nilfs2: fix potential bug in end_buffer_async_write", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26685", "datePublished": "2024-04-03T14:54:47.688Z", "dateReserved": "2024-02-19T14:20:24.153Z", "dateUpdated": "2024-11-07T14:55:46.383Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26773
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26773", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:50:26.209110Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:10.181Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.512Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/ext4/mballoc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "21f8cfe79f77", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "260fc96283c0", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "927794a02169", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "4c21fa60a6f4", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "f97e75fa4e12", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "0184747b552d", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "a2576ae9a35c", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "4530b3660d39", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/ext4/mballoc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.308", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()\n\nDetermine if the group block bitmap is corrupted before using ac_b_ex in\next4_mb_try_best_found() to avoid allocating blocks from a group with a\ncorrupted block bitmap in the following concurrency and making the\nsituation worse.\n\next4_mb_regular_allocator\n ext4_lock_group(sb, group)\n ext4_mb_good_group\n // check if the group bbitmap is corrupted\n ext4_mb_complex_scan_group\n // Scan group gets ac_b_ex but doesn\u0027t use it\n ext4_unlock_group(sb, group)\n ext4_mark_group_bitmap_corrupted(group)\n // The block bitmap was corrupted during\n // the group unlock gap.\n ext4_mb_try_best_found\n ext4_lock_group(ac-\u003eac_sb, group)\n ext4_mb_use_best_found\n mb_mark_used\n // Allocating blocks in block bitmap corrupted group" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:32.813Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea" }, { "url": "https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d" }, { "url": "https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03" }, { "url": "https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5" }, { "url": "https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36" }, { "url": "https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1" }, { "url": "https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe" }, { "url": "https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37cf604b53" } ], "title": "ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26773", "datePublished": "2024-04-03T17:00:59.757Z", "dateReserved": "2024-02-19T14:20:24.176Z", "dateUpdated": "2024-11-05T09:15:32.813Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26733
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
arp: Prevent overflow in arp_req_get().
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-11-01T17:03:11.240Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "url": "https://security.netapp.com/advisory/ntap-20241101-0013/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26733", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:00.464269Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:20.304Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/ipv4/arp.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "dbc9b22d0ed3", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "97eaa2955db4", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "f119f2325ba7", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "a3f2c083cb57", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "3ab0d6f8289b", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "a7d6027790ac", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/ipv4/arp.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "2.6.12" }, { "lessThan": "2.6.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narp: Prevent overflow in arp_req_get().\n\nsyzkaller reported an overflown write in arp_req_get(). [0]\n\nWhen ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour\nentry and copies neigh-\u003eha to struct arpreq.arp_ha.sa_data.\n\nThe arp_ha here is struct sockaddr, not struct sockaddr_storage, so\nthe sa_data buffer is just 14 bytes.\n\nIn the splat below, 2 bytes are overflown to the next int field,\narp_flags. We initialise the field just after the memcpy(), so it\u0027s\nnot a problem.\n\nHowever, when dev-\u003eaddr_len is greater than 22 (e.g. MAX_ADDR_LEN),\narp_netmask is overwritten, which could be set as htonl(0xFFFFFFFFUL)\nin arp_ioctl() before calling arp_req_get().\n\nTo avoid the overflow, let\u0027s limit the max length of memcpy().\n\nNote that commit b5f0de6df6dc (\"net: dev: Convert sa_data to flexible\narray in struct sockaddr\") just silenced syzkaller.\n\n[0]:\nmemcpy: detected field-spanning write (size 16) of single field \"r-\u003earp_ha.sa_data\" at net/ipv4/arp.c:1128 (size 14)\nWARNING: CPU: 0 PID: 144638 at net/ipv4/arp.c:1128 arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nModules linked in:\nCPU: 0 PID: 144638 Comm: syz-executor.4 Not tainted 6.1.74 #31\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.0-debian-1.16.0-5 04/01/2014\nRIP: 0010:arp_req_get+0x411/0x4a0 net/ipv4/arp.c:1128\nCode: fd ff ff e8 41 42 de fb b9 0e 00 00 00 4c 89 fe 48 c7 c2 20 6d ab 87 48 c7 c7 80 6d ab 87 c6 05 25 af 72 04 01 e8 5f 8d ad fb \u003c0f\u003e 0b e9 6c fd ff ff e8 13 42 de fb be 03 00 00 00 4c 89 e7 e8 a6\nRSP: 0018:ffffc900050b7998 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff88803a815000 RCX: 0000000000000000\nRDX: 0000000000000000 RSI: ffffffff8641a44a RDI: 0000000000000001\nRBP: ffffc900050b7a98 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000000 R11: 203a7970636d656d R12: ffff888039c54000\nR13: 1ffff92000a16f37 R14: ffff88803a815084 R15: 0000000000000010\nFS: 00007f172bf306c0(0000) GS:ffff88805aa00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f172b3569f0 CR3: 0000000057f12005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n arp_ioctl+0x33f/0x4b0 net/ipv4/arp.c:1261\n inet_ioctl+0x314/0x3a0 net/ipv4/af_inet.c:981\n sock_do_ioctl+0xdf/0x260 net/socket.c:1204\n sock_ioctl+0x3ef/0x650 net/socket.c:1321\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:870 [inline]\n __se_sys_ioctl fs/ioctl.c:856 [inline]\n __x64_sys_ioctl+0x18e/0x220 fs/ioctl.c:856\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x37/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x64/0xce\nRIP: 0033:0x7f172b262b8d\nCode: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007f172bf300b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: ffffffffffffffda RBX: 00007f172b3abf80 RCX: 00007f172b262b8d\nRDX: 0000000020000000 RSI: 0000000000008954 RDI: 0000000000000003\nRBP: 00007f172b2d3493 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 000000000000000b R14: 00007f172b3abf80 R15: 00007f172bf10000\n \u003c/TASK\u003e" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:44.489Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/dbc9b22d0ed319b4e29034ce0a3fe32a3ee2c587" }, { "url": "https://git.kernel.org/stable/c/97eaa2955db4120ce6ec2ef123e860bc32232c50" }, { "url": "https://git.kernel.org/stable/c/f119f2325ba70cbfdec701000dcad4d88805d5b0" }, { "url": "https://git.kernel.org/stable/c/a3f2c083cb575d80a7627baf3339e78fedccbb91" }, { "url": "https://git.kernel.org/stable/c/3ab0d6f8289ba8402ca95a9fc61a34909d5e1f3a" }, { "url": "https://git.kernel.org/stable/c/a7d6027790acea24446ddd6632d394096c0f4667" } ], "title": "arp: Prevent overflow in arp_req_get().", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26733", "datePublished": "2024-04-03T17:00:20.437Z", "dateReserved": "2024-02-19T14:20:24.165Z", "dateUpdated": "2024-11-05T09:14:44.489Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26735
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
ipv6: sr: fix possible use-after-free and null-ptr-deref
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26735", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-16T14:17:44.078376Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-31T13:57:56.491Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-11-01T17:03:12.597Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" }, { "url": "https://security.netapp.com/advisory/ntap-20241101-0012/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/ipv6/seg6.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "953f42934533", "status": "affected", "version": "915d7e5e5930", "versionType": "git" }, { "lessThan": "82831e3ff76e", "status": "affected", "version": "915d7e5e5930", "versionType": "git" }, { "lessThan": "65c38f23d10f", "status": "affected", "version": "915d7e5e5930", "versionType": "git" }, { "lessThan": "91b020aaa1e5", "status": "affected", "version": "915d7e5e5930", "versionType": "git" }, { "lessThan": "8391b9b651cf", "status": "affected", "version": "915d7e5e5930", "versionType": "git" }, { "lessThan": "9e02973dbc6a", "status": "affected", "version": "915d7e5e5930", "versionType": "git" }, { "lessThan": "02b08db594e8", "status": "affected", "version": "915d7e5e5930", "versionType": "git" }, { "lessThan": "5559cea2d5aa", "status": "affected", "version": "915d7e5e5930", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/ipv6/seg6.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.10" }, { "lessThan": "4.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.308", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix possible use-after-free and null-ptr-deref\n\nThe pernet operations structure for the subsystem must be registered\nbefore registering the generic netlink family." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:46.717Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/953f42934533c151f440cd32390044d2396b87aa" }, { "url": "https://git.kernel.org/stable/c/82831e3ff76ef09fb184eb93b79a3eb3fb284f1d" }, { "url": "https://git.kernel.org/stable/c/65c38f23d10ff79feea1e5d50b76dc7af383c1e6" }, { "url": "https://git.kernel.org/stable/c/91b020aaa1e59bfb669d34c968e3db3d5416bcee" }, { "url": "https://git.kernel.org/stable/c/8391b9b651cfdf80ab0f1dc4a489f9d67386e197" }, { "url": "https://git.kernel.org/stable/c/9e02973dbc6a91e40aa4f5d87b8c47446fbfce44" }, { "url": "https://git.kernel.org/stable/c/02b08db594e8218cfbc0e4680d4331b457968a9b" }, { "url": "https://git.kernel.org/stable/c/5559cea2d5aa3018a5f00dd2aca3427ba09b386b" } ], "title": "ipv6: sr: fix possible use-after-free and null-ptr-deref", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26735", "datePublished": "2024-04-03T17:00:21.972Z", "dateReserved": "2024-02-19T14:20:24.165Z", "dateUpdated": "2024-11-05T09:14:46.717Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26798
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:16
Severity ?
EPSS score ?
Summary
fbcon: always restore the old font data in fbcon_do_set_font()
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26798", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-08T20:53:12.971429Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:30.291Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.539Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/20a4b5214f7bee13c897477168c77bbf79683c3d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2f91a96b892fab2f2543b4a55740c5bee36b1a6b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/73a6bd68a1342f3a44cac9dffad81ad6a003e520" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a2c881413dcc5d801bdc9535e51270cc88cb9cd8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/00d6a284fcf3fad1b7e1b5bc3cd87cbfb60ce03f" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/video/fbdev/core/fbcon.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "20a4b5214f7b", "status": "affected", "version": "ebd6f886aa24", "versionType": "git" }, { "lessThan": "2f91a96b892f", "status": "affected", "version": "a5a923038d70", "versionType": "git" }, { "lessThan": "73a6bd68a134", "status": "affected", "version": "a5a923038d70", "versionType": "git" }, { "lessThan": "a2c881413dcc", "status": "affected", "version": "a5a923038d70", "versionType": "git" }, { "lessThan": "00d6a284fcf3", "status": "affected", "version": "a5a923038d70", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/video/fbdev/core/fbcon.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.0" }, { "lessThan": "6.0", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.151", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbcon: always restore the old font data in fbcon_do_set_font()\n\nCommit a5a923038d70 (fbdev: fbcon: Properly revert changes when\nvc_resize() failed) started restoring old font data upon failure (of\nvc_resize()). But it performs so only for user fonts. It means that the\n\"system\"/internal fonts are not restored at all. So in result, the very\nfirst call to fbcon_do_set_font() performs no restore at all upon\nfailing vc_resize().\n\nThis can be reproduced by Syzkaller to crash the system on the next\ninvocation of font_get(). It\u0027s rather hard to hit the allocation failure\nin vc_resize() on the first font_set(), but not impossible. Esp. if\nfault injection is used to aid the execution/failure. It was\ndemonstrated by Sirius:\n BUG: unable to handle page fault for address: fffffffffffffff8\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD cb7b067 P4D cb7b067 PUD cb7d067 PMD 0\n Oops: 0000 [#1] PREEMPT SMP KASAN\n CPU: 1 PID: 8007 Comm: poc Not tainted 6.7.0-g9d1694dc91ce #20\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n RIP: 0010:fbcon_get_font+0x229/0x800 drivers/video/fbdev/core/fbcon.c:2286\n Call Trace:\n \u003cTASK\u003e\n con_font_get drivers/tty/vt/vt.c:4558 [inline]\n con_font_op+0x1fc/0xf20 drivers/tty/vt/vt.c:4673\n vt_k_ioctl drivers/tty/vt/vt_ioctl.c:474 [inline]\n vt_ioctl+0x632/0x2ec0 drivers/tty/vt/vt_ioctl.c:752\n tty_ioctl+0x6f8/0x1570 drivers/tty/tty_io.c:2803\n vfs_ioctl fs/ioctl.c:51 [inline]\n ...\n\nSo restore the font data in any case, not only for user fonts. Note the\nlater \u0027if\u0027 is now protected by \u0027old_userfont\u0027 and not \u0027old_data\u0027 as the\nlatter is always set now. (And it is supposed to be non-NULL. Otherwise\nwe would see the bug above again.)" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:16:01.475Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/20a4b5214f7bee13c897477168c77bbf79683c3d" }, { "url": "https://git.kernel.org/stable/c/2f91a96b892fab2f2543b4a55740c5bee36b1a6b" }, { "url": "https://git.kernel.org/stable/c/73a6bd68a1342f3a44cac9dffad81ad6a003e520" }, { "url": "https://git.kernel.org/stable/c/a2c881413dcc5d801bdc9535e51270cc88cb9cd8" }, { "url": "https://git.kernel.org/stable/c/00d6a284fcf3fad1b7e1b5bc3cd87cbfb60ce03f" } ], "title": "fbcon: always restore the old font data in fbcon_do_set_font()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26798", "datePublished": "2024-04-04T08:20:27.195Z", "dateReserved": "2024-02-19T14:20:24.179Z", "dateUpdated": "2024-11-05T09:16:01.475Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26742
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
scsi: smartpqi: Fix disable_managed_interrupts
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26742", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:11:28.621284Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:24.448Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.975Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3c31b18a8dd8b7bf36af1cd723d455853b8f94fe" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4f5b15c15e6016efb3e14582d02cc4ddf57227df" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b9433b25cb06c415c9cb24782599649a406c8d6d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5761eb9761d2d5fe8248a9b719efc4d8baf1f24a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/scsi/smartpqi/smartpqi_init.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "3c31b18a8dd8", "status": "affected", "version": "cf15c3e734e8", "versionType": "git" }, { "lessThan": "4f5b15c15e60", "status": "affected", "version": "cf15c3e734e8", "versionType": "git" }, { "lessThan": "b9433b25cb06", "status": "affected", "version": "cf15c3e734e8", "versionType": "git" }, { "lessThan": "5761eb9761d2", "status": "affected", "version": "cf15c3e734e8", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/scsi/smartpqi/smartpqi_init.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.0" }, { "lessThan": "6.0", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix disable_managed_interrupts\n\nCorrect blk-mq registration issue with module parameter\ndisable_managed_interrupts enabled.\n\nWhen we turn off the default PCI_IRQ_AFFINITY flag, the driver needs to\nregister with blk-mq using blk_mq_map_queues(). The driver is currently\ncalling blk_mq_pci_map_queues() which results in a stack trace and possibly\nundefined behavior.\n\nStack Trace:\n[ 7.860089] scsi host2: smartpqi\n[ 7.871934] WARNING: CPU: 0 PID: 238 at block/blk-mq-pci.c:52 blk_mq_pci_map_queues+0xca/0xd0\n[ 7.889231] Modules linked in: sd_mod t10_pi sg uas smartpqi(+) crc32c_intel scsi_transport_sas usb_storage dm_mirror dm_region_hash dm_log dm_mod ipmi_devintf ipmi_msghandler fuse\n[ 7.924755] CPU: 0 PID: 238 Comm: kworker/0:3 Not tainted 4.18.0-372.88.1.el8_6_smartpqi_test.x86_64 #1\n[ 7.944336] Hardware name: HPE ProLiant DL380 Gen10/ProLiant DL380 Gen10, BIOS U30 03/08/2022\n[ 7.963026] Workqueue: events work_for_cpu_fn\n[ 7.978275] RIP: 0010:blk_mq_pci_map_queues+0xca/0xd0\n[ 7.978278] Code: 48 89 de 89 c7 e8 f6 0f 4f 00 3b 05 c4 b7 8e 01 72 e1 5b 31 c0 5d 41 5c 41 5d 41 5e 41 5f e9 7d df 73 00 31 c0 e9 76 df 73 00 \u003c0f\u003e 0b eb bc 90 90 0f 1f 44 00 00 41 57 49 89 ff 41 56 41 55 41 54\n[ 7.978280] RSP: 0018:ffffa95fc3707d50 EFLAGS: 00010216\n[ 7.978283] RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000010\n[ 7.978284] RDX: 0000000000000004 RSI: 0000000000000000 RDI: ffff9190c32d4310\n[ 7.978286] RBP: 0000000000000000 R08: ffffa95fc3707d38 R09: ffff91929b81ac00\n[ 7.978287] R10: 0000000000000001 R11: ffffa95fc3707ac0 R12: 0000000000000000\n[ 7.978288] R13: ffff9190c32d4000 R14: 00000000ffffffff R15: ffff9190c4c950a8\n[ 7.978290] FS: 0000000000000000(0000) GS:ffff9193efc00000(0000) knlGS:0000000000000000\n[ 7.978292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 8.172814] CR2: 000055d11166c000 CR3: 00000002dae10002 CR4: 00000000007706f0\n[ 8.172816] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 8.172817] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 8.172818] PKRU: 55555554\n[ 8.172819] Call Trace:\n[ 8.172823] blk_mq_alloc_tag_set+0x12e/0x310\n[ 8.264339] scsi_add_host_with_dma.cold.9+0x30/0x245\n[ 8.279302] pqi_ctrl_init+0xacf/0xc8e [smartpqi]\n[ 8.294085] ? pqi_pci_probe+0x480/0x4c8 [smartpqi]\n[ 8.309015] pqi_pci_probe+0x480/0x4c8 [smartpqi]\n[ 8.323286] local_pci_probe+0x42/0x80\n[ 8.337855] work_for_cpu_fn+0x16/0x20\n[ 8.351193] process_one_work+0x1a7/0x360\n[ 8.364462] ? create_worker+0x1a0/0x1a0\n[ 8.379252] worker_thread+0x1ce/0x390\n[ 8.392623] ? create_worker+0x1a0/0x1a0\n[ 8.406295] kthread+0x10a/0x120\n[ 8.418428] ? set_kthread_struct+0x50/0x50\n[ 8.431532] ret_from_fork+0x1f/0x40\n[ 8.444137] ---[ end trace 1bf0173d39354506 ]---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:54.537Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/3c31b18a8dd8b7bf36af1cd723d455853b8f94fe" }, { "url": "https://git.kernel.org/stable/c/4f5b15c15e6016efb3e14582d02cc4ddf57227df" }, { "url": "https://git.kernel.org/stable/c/b9433b25cb06c415c9cb24782599649a406c8d6d" }, { "url": "https://git.kernel.org/stable/c/5761eb9761d2d5fe8248a9b719efc4d8baf1f24a" } ], "title": "scsi: smartpqi: Fix disable_managed_interrupts", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26742", "datePublished": "2024-04-03T17:00:31.982Z", "dateReserved": "2024-02-19T14:20:24.167Z", "dateUpdated": "2024-11-05T09:14:54.537Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26795
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
riscv: Sparse-Memory/vmemmap out-of-bounds fix
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26795", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T19:27:22.580328Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T19:27:29.143Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.470Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8af1c121b0102041809bc137ec600d1865eaeedd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5941a90c55d3bfba732b32208d58d997600b44ef" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8310080799b40fd9f2a8b808c657269678c149af" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a278d5c60f21aa15d540abb2f2da6e6d795c3e6e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2a1728c15ec4f45ed9248ae22f626541c179bfbe" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a11dd49dcb9376776193e15641f84fcc1e5980c9" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/riscv/include/asm/pgtable.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "8af1c121b010", "status": "affected", "version": "d95f1a542c3d", "versionType": "git" }, { "lessThan": "5941a90c55d3", "status": "affected", "version": "d95f1a542c3d", "versionType": "git" }, { "lessThan": "8310080799b4", "status": "affected", "version": "d95f1a542c3d", "versionType": "git" }, { "lessThan": "a278d5c60f21", "status": "affected", "version": "d95f1a542c3d", "versionType": "git" }, { "lessThan": "2a1728c15ec4", "status": "affected", "version": "d95f1a542c3d", "versionType": "git" }, { "lessThan": "a11dd49dcb93", "status": "affected", "version": "d95f1a542c3d", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/riscv/include/asm/pgtable.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.4" }, { "lessThan": "5.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.212", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.151", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Sparse-Memory/vmemmap out-of-bounds fix\n\nOffset vmemmap so that the first page of vmemmap will be mapped\nto the first page of physical memory in order to ensure that\nvmemmap\u2019s bounds will be respected during\npfn_to_page()/page_to_pfn() operations.\nThe conversion macros will produce correct SV39/48/57 addresses\nfor every possible/valid DRAM_BASE inside the physical memory limits.\n\nv2:Address Alex\u0027s comments" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:58.089Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/8af1c121b0102041809bc137ec600d1865eaeedd" }, { "url": "https://git.kernel.org/stable/c/5941a90c55d3bfba732b32208d58d997600b44ef" }, { "url": "https://git.kernel.org/stable/c/8310080799b40fd9f2a8b808c657269678c149af" }, { "url": "https://git.kernel.org/stable/c/a278d5c60f21aa15d540abb2f2da6e6d795c3e6e" }, { "url": "https://git.kernel.org/stable/c/2a1728c15ec4f45ed9248ae22f626541c179bfbe" }, { "url": "https://git.kernel.org/stable/c/a11dd49dcb9376776193e15641f84fcc1e5980c9" } ], "title": "riscv: Sparse-Memory/vmemmap out-of-bounds fix", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26795", "datePublished": "2024-04-04T08:20:25.063Z", "dateReserved": "2024-02-19T14:20:24.178Z", "dateUpdated": "2024-11-05T09:15:58.089Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26690
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-06 15:20
Severity ?
EPSS score ?
Summary
net: stmmac: protect updates of 64-bit statistics counters
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26690", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T15:17:50.464139Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-06T15:20:28.318Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.694Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9680b2ab54ba8d72581100e8c45471306101836e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e6af0f082a4b87b99ad033003be2a904a1791b3f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/38cc3c6dcc09dc3a1800b5ec22aef643ca11eab8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/stmicro/stmmac/common.h", "drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c", "drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c", "drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c", "drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c", "drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c", "drivers/net/ethernet/stmicro/stmmac/stmmac_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "9680b2ab54ba", "status": "affected", "version": "133466c3bbe1", "versionType": "git" }, { "lessThan": "e6af0f082a4b", "status": "affected", "version": "133466c3bbe1", "versionType": "git" }, { "lessThan": "38cc3c6dcc09", "status": "affected", "version": "133466c3bbe1", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/stmicro/stmmac/common.h", "drivers/net/ethernet/stmicro/stmmac/dwmac-sun8i.c", "drivers/net/ethernet/stmicro/stmmac/dwmac4_lib.c", "drivers/net/ethernet/stmicro/stmmac/dwmac_lib.c", "drivers/net/ethernet/stmicro/stmmac/dwxgmac2_dma.c", "drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c", "drivers/net/ethernet/stmicro/stmmac/stmmac_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.6" }, { "lessThan": "6.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: stmmac: protect updates of 64-bit statistics counters\n\nAs explained by a comment in \u003clinux/u64_stats_sync.h\u003e, write side of struct\nu64_stats_sync must ensure mutual exclusion, or one seqcount update could\nbe lost on 32-bit platforms, thus blocking readers forever. Such lockups\nhave been observed in real world after stmmac_xmit() on one CPU raced with\nstmmac_napi_poll_tx() on another CPU.\n\nTo fix the issue without introducing a new lock, split the statics into\nthree parts:\n\n1. fields updated only under the tx queue lock,\n2. fields updated only during NAPI poll,\n3. fields updated only from interrupt context,\n\nUpdates to fields in the first two groups are already serialized through\nother locks. It is sufficient to split the existing struct u64_stats_sync\nso that each group has its own.\n\nNote that tx_set_ic_bit is updated from both contexts. Split this counter\nso that each context gets its own, and calculate their sum to get the total\nvalue in stmmac_get_ethtool_stats().\n\nFor the third group, multiple interrupts may be processed by different CPUs\nat the same time, but interrupts on the same CPU will not nest. Move fields\nfrom this group to a newly created per-cpu struct stmmac_pcpu_stats." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:13:57.561Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/9680b2ab54ba8d72581100e8c45471306101836e" }, { "url": "https://git.kernel.org/stable/c/e6af0f082a4b87b99ad033003be2a904a1791b3f" }, { "url": "https://git.kernel.org/stable/c/38cc3c6dcc09dc3a1800b5ec22aef643ca11eab8" } ], "title": "net: stmmac: protect updates of 64-bit statistics counters", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26690", "datePublished": "2024-04-03T14:54:51.709Z", "dateReserved": "2024-02-19T14:20:24.154Z", "dateUpdated": "2024-11-06T15:20:28.318Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26701
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{ "containers": { "cna": { "providerMetadata": { "dateUpdated": "2024-04-03T16:17:51.047Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "rejectedReasons": [ { "lang": "en", "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26701", "dateRejected": "2024-04-03T16:17:51.047Z", "dateReserved": "2024-02-19T14:20:24.157Z", "dateUpdated": "2024-04-03T16:17:51.047Z", "state": "REJECTED" }, "dataType": "CVE_RECORD", "dataVersion": "5.0" }
cve-2024-26688
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-05 09:13
Severity ?
EPSS score ?
Summary
fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.699Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1dde8ef4b7a749ae1bc73617c91775631d167557" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/80d852299987a8037be145a94f41874228f1a773" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/22850c9950a4e43a67299755d11498f3292d02ff" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2e2c07104b4904aed1389a59b25799b95a85b5b9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/13c5a9fb07105557a1fa9efdb4f23d7ef30b7274" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ec78418801ef7b0c22cd6a30145ec480dd48db39" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/79d72c68c58784a3e1cd2378669d51bfd0cb7498" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26688", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:53:03.970404Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:32.587Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/hugetlbfs/inode.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "1dde8ef4b7a7", "status": "affected", "version": "32021982a324", "versionType": "git" }, { "lessThan": "80d852299987", "status": "affected", "version": "32021982a324", "versionType": "git" }, { "lessThan": "22850c9950a4", "status": "affected", "version": "32021982a324", "versionType": "git" }, { "lessThan": "2e2c07104b49", "status": "affected", "version": "32021982a324", "versionType": "git" }, { "lessThan": "13c5a9fb0710", "status": "affected", "version": "32021982a324", "versionType": "git" }, { "lessThan": "ec78418801ef", "status": "affected", "version": "32021982a324", "versionType": "git" }, { "lessThan": "79d72c68c587", "status": "affected", "version": "32021982a324", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/hugetlbfs/inode.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.1" }, { "lessThan": "5.1", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.271", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.212", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.151", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super\n\nWhen configuring a hugetlb filesystem via the fsconfig() syscall, there is\na possible NULL dereference in hugetlbfs_fill_super() caused by assigning\nNULL to ctx-\u003ehstate in hugetlbfs_parse_param() when the requested pagesize\nis non valid.\n\nE.g: Taking the following steps:\n\n fd = fsopen(\"hugetlbfs\", FSOPEN_CLOEXEC);\n fsconfig(fd, FSCONFIG_SET_STRING, \"pagesize\", \"1024\", 0);\n fsconfig(fd, FSCONFIG_CMD_CREATE, NULL, NULL, 0);\n\nGiven that the requested \"pagesize\" is invalid, ctxt-\u003ehstate will be replaced\nwith NULL, losing its previous value, and we will print an error:\n\n ...\n ...\n case Opt_pagesize:\n ps = memparse(param-\u003estring, \u0026rest);\n ctx-\u003ehstate = h;\n if (!ctx-\u003ehstate) {\n pr_err(\"Unsupported page size %lu MB\\n\", ps / SZ_1M);\n return -EINVAL;\n }\n return 0;\n ...\n ...\n\nThis is a problem because later on, we will dereference ctxt-\u003ehstate in\nhugetlbfs_fill_super()\n\n ...\n ...\n sb-\u003es_blocksize = huge_page_size(ctx-\u003ehstate);\n ...\n ...\n\nCausing below Oops.\n\nFix this by replacing cxt-\u003ehstate value only when then pagesize is known\nto be valid.\n\n kernel: hugetlbfs: Unsupported page size 0 MB\n kernel: BUG: kernel NULL pointer dereference, address: 0000000000000028\n kernel: #PF: supervisor read access in kernel mode\n kernel: #PF: error_code(0x0000) - not-present page\n kernel: PGD 800000010f66c067 P4D 800000010f66c067 PUD 1b22f8067 PMD 0\n kernel: Oops: 0000 [#1] PREEMPT SMP PTI\n kernel: CPU: 4 PID: 5659 Comm: syscall Tainted: G E 6.8.0-rc2-default+ #22 5a47c3fef76212addcc6eb71344aabc35190ae8f\n kernel: Hardware name: Intel Corp. GROVEPORT/GROVEPORT, BIOS GVPRCRB1.86B.0016.D04.1705030402 05/03/2017\n kernel: RIP: 0010:hugetlbfs_fill_super+0xb4/0x1a0\n kernel: Code: 48 8b 3b e8 3e c6 ed ff 48 85 c0 48 89 45 20 0f 84 d6 00 00 00 48 b8 ff ff ff ff ff ff ff 7f 4c 89 e7 49 89 44 24 20 48 8b 03 \u003c8b\u003e 48 28 b8 00 10 00 00 48 d3 e0 49 89 44 24 18 48 8b 03 8b 40 28\n kernel: RSP: 0018:ffffbe9960fcbd48 EFLAGS: 00010246\n kernel: RAX: 0000000000000000 RBX: ffff9af5272ae780 RCX: 0000000000372004\n kernel: RDX: ffffffffffffffff RSI: ffffffffffffffff RDI: ffff9af555e9b000\n kernel: RBP: ffff9af52ee66b00 R08: 0000000000000040 R09: 0000000000370004\n kernel: R10: ffffbe9960fcbd48 R11: 0000000000000040 R12: ffff9af555e9b000\n kernel: R13: ffffffffa66b86c0 R14: ffff9af507d2f400 R15: ffff9af507d2f400\n kernel: FS: 00007ffbc0ba4740(0000) GS:ffff9b0bd7000000(0000) knlGS:0000000000000000\n kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n kernel: CR2: 0000000000000028 CR3: 00000001b1ee0000 CR4: 00000000001506f0\n kernel: Call Trace:\n kernel: \u003cTASK\u003e\n kernel: ? __die_body+0x1a/0x60\n kernel: ? page_fault_oops+0x16f/0x4a0\n kernel: ? search_bpf_extables+0x65/0x70\n kernel: ? fixup_exception+0x22/0x310\n kernel: ? exc_page_fault+0x69/0x150\n kernel: ? asm_exc_page_fault+0x22/0x30\n kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10\n kernel: ? hugetlbfs_fill_super+0xb4/0x1a0\n kernel: ? hugetlbfs_fill_super+0x28/0x1a0\n kernel: ? __pfx_hugetlbfs_fill_super+0x10/0x10\n kernel: vfs_get_super+0x40/0xa0\n kernel: ? __pfx_bpf_lsm_capable+0x10/0x10\n kernel: vfs_get_tree+0x25/0xd0\n kernel: vfs_cmd_create+0x64/0xe0\n kernel: __x64_sys_fsconfig+0x395/0x410\n kernel: do_syscall_64+0x80/0x160\n kernel: ? syscall_exit_to_user_mode+0x82/0x240\n kernel: ? do_syscall_64+0x8d/0x160\n kernel: ? syscall_exit_to_user_mode+0x82/0x240\n kernel: ? do_syscall_64+0x8d/0x160\n kernel: ? exc_page_fault+0x69/0x150\n kernel: entry_SYSCALL_64_after_hwframe+0x6e/0x76\n kernel: RIP: 0033:0x7ffbc0cb87c9\n kernel: Code: 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 97 96 0d 00 f7 d8 64 89 01 48\n kernel: RSP: 002b:00007ffc29d2f388 EFLAGS: 00000206 ORIG_RAX: 00000000000001af\n kernel: RAX: fffffffffff\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:13:55.183Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/1dde8ef4b7a749ae1bc73617c91775631d167557" }, { "url": "https://git.kernel.org/stable/c/80d852299987a8037be145a94f41874228f1a773" }, { "url": "https://git.kernel.org/stable/c/22850c9950a4e43a67299755d11498f3292d02ff" }, { "url": "https://git.kernel.org/stable/c/2e2c07104b4904aed1389a59b25799b95a85b5b9" }, { "url": "https://git.kernel.org/stable/c/13c5a9fb07105557a1fa9efdb4f23d7ef30b7274" }, { "url": "https://git.kernel.org/stable/c/ec78418801ef7b0c22cd6a30145ec480dd48db39" }, { "url": "https://git.kernel.org/stable/c/79d72c68c58784a3e1cd2378669d51bfd0cb7498" } ], "title": "fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26688", "datePublished": "2024-04-03T14:54:49.964Z", "dateReserved": "2024-02-19T14:20:24.154Z", "dateUpdated": "2024-11-05T09:13:55.183Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26786
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
iommufd: Fix iopt_access_list_id overwrite bug
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26786", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-15T16:04:45.617050Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-04T16:19:48.130Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.526Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f1fb745ee0a6fe43f1d84ec369c7e6af2310fda9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9526a46cc0c378d381560279bea9aa34c84298a0" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/aeb004c0cd6958e910123a1607634401009c9539" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/iommu/iommufd/io_pagetable.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f1fb745ee0a6", "status": "affected", "version": "9227da7816dd", "versionType": "git" }, { "lessThan": "9526a46cc0c3", "status": "affected", "version": "9227da7816dd", "versionType": "git" }, { "lessThan": "aeb004c0cd69", "status": "affected", "version": "9227da7816dd", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/iommu/iommufd/io_pagetable.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.6" }, { "lessThan": "6.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommufd: Fix iopt_access_list_id overwrite bug\n\nSyzkaller reported the following WARN_ON:\n WARNING: CPU: 1 PID: 4738 at drivers/iommu/iommufd/io_pagetable.c:1360\n\n Call Trace:\n iommufd_access_change_ioas+0x2fe/0x4e0\n iommufd_access_destroy_object+0x50/0xb0\n iommufd_object_remove+0x2a3/0x490\n iommufd_object_destroy_user\n iommufd_access_destroy+0x71/0xb0\n iommufd_test_staccess_release+0x89/0xd0\n __fput+0x272/0xb50\n __fput_sync+0x4b/0x60\n __do_sys_close\n __se_sys_close\n __x64_sys_close+0x8b/0x110\n do_syscall_x64\n\nThe mismatch between the access pointer in the list and the passed-in\npointer is resulting from an overwrite of access-\u003eiopt_access_list_id, in\niopt_add_access(). Called from iommufd_access_change_ioas() when\nxa_alloc() succeeds but iopt_calculate_iova_alignment() fails.\n\nAdd a new_id in iopt_add_access() and only update iopt_access_list_id when\nreturning successfully." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:47.766Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f1fb745ee0a6fe43f1d84ec369c7e6af2310fda9" }, { "url": "https://git.kernel.org/stable/c/9526a46cc0c378d381560279bea9aa34c84298a0" }, { "url": "https://git.kernel.org/stable/c/aeb004c0cd6958e910123a1607634401009c9539" } ], "title": "iommufd: Fix iopt_access_list_id overwrite bug", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26786", "datePublished": "2024-04-04T08:20:19.109Z", "dateReserved": "2024-02-19T14:20:24.178Z", "dateUpdated": "2024-11-05T09:15:47.766Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26749
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.248Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cfa9abb5570c489dabf6f7fb3a066cc576fc8824" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b40328eea93c75a5645891408010141a0159f643" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4e5c73b15d95452c1ba9c771dd013a3fbe052ff3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2134e9906e17b1e5284300fab547869ebacfd7d9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/29e42e1578a10c611b3f1a38f3229b2d664b5d16" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9a07244f614bc417de527b799da779dcae780b5d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26749", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:44.326857Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:16.869Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/usb/cdns3/cdns3-gadget.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "cfa9abb5570c", "status": "affected", "version": "7733f6c32e36", "versionType": "git" }, { "lessThan": "b40328eea93c", "status": "affected", "version": "7733f6c32e36", "versionType": "git" }, { "lessThan": "4e5c73b15d95", "status": "affected", "version": "7733f6c32e36", "versionType": "git" }, { "lessThan": "2134e9906e17", "status": "affected", "version": "7733f6c32e36", "versionType": "git" }, { "lessThan": "29e42e1578a1", "status": "affected", "version": "7733f6c32e36", "versionType": "git" }, { "lessThan": "9a07244f614b", "status": "affected", "version": "7733f6c32e36", "versionType": "git" }, { "lessThan": "cd45f99034b0", "status": "affected", "version": "7733f6c32e36", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/usb/cdns3/cdns3-gadget.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.4" }, { "lessThan": "5.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()\n\n ...\n cdns3_gadget_ep_free_request(\u0026priv_ep-\u003eendpoint, \u0026priv_req-\u003erequest);\n list_del_init(\u0026priv_req-\u003elist);\n ...\n\n\u0027priv_req\u0027 actually free at cdns3_gadget_ep_free_request(). But\nlist_del_init() use priv_req-\u003elist after it.\n\n[ 1542.642868][ T534] BUG: KFENCE: use-after-free read in __list_del_entry_valid+0x10/0xd4\n[ 1542.642868][ T534]\n[ 1542.653162][ T534] Use-after-free read at 0x000000009ed0ba99 (in kfence-#3):\n[ 1542.660311][ T534] __list_del_entry_valid+0x10/0xd4\n[ 1542.665375][ T534] cdns3_gadget_ep_disable+0x1f8/0x388 [cdns3]\n[ 1542.671571][ T534] usb_ep_disable+0x44/0xe4\n[ 1542.675948][ T534] ffs_func_eps_disable+0x64/0xc8\n[ 1542.680839][ T534] ffs_func_set_alt+0x74/0x368\n[ 1542.685478][ T534] ffs_func_disable+0x18/0x28\n\nMove list_del_init() before cdns3_gadget_ep_free_request() to resolve this\nproblem." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:02.583Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/cfa9abb5570c489dabf6f7fb3a066cc576fc8824" }, { "url": "https://git.kernel.org/stable/c/b40328eea93c75a5645891408010141a0159f643" }, { "url": "https://git.kernel.org/stable/c/4e5c73b15d95452c1ba9c771dd013a3fbe052ff3" }, { "url": "https://git.kernel.org/stable/c/2134e9906e17b1e5284300fab547869ebacfd7d9" }, { "url": "https://git.kernel.org/stable/c/29e42e1578a10c611b3f1a38f3229b2d664b5d16" }, { "url": "https://git.kernel.org/stable/c/9a07244f614bc417de527b799da779dcae780b5d" }, { "url": "https://git.kernel.org/stable/c/cd45f99034b0c8c9cb346dd0d6407a95ca3d36f6" } ], "title": "usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26749", "datePublished": "2024-04-03T17:00:35.762Z", "dateReserved": "2024-02-19T14:20:24.169Z", "dateUpdated": "2024-11-05T09:15:02.583Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26736
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
afs: Increase buffer size in afs_update_volume_status()
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26736", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-05T17:35:04.677455Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:32.562Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.959Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/afs/volume.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5c27d85a69fa", "status": "affected", "version": "d2ddc776a458", "versionType": "git" }, { "lessThan": "d9b5e2b7a819", "status": "affected", "version": "d2ddc776a458", "versionType": "git" }, { "lessThan": "e56662160fc2", "status": "affected", "version": "d2ddc776a458", "versionType": "git" }, { "lessThan": "e8530b170e46", "status": "affected", "version": "d2ddc776a458", "versionType": "git" }, { "lessThan": "6e6065dd25b6", "status": "affected", "version": "d2ddc776a458", "versionType": "git" }, { "lessThan": "d34a5e57632b", "status": "affected", "version": "d2ddc776a458", "versionType": "git" }, { "lessThan": "6ea38e2aeb72", "status": "affected", "version": "d2ddc776a458", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/afs/volume.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.15" }, { "lessThan": "4.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nafs: Increase buffer size in afs_update_volume_status()\n\nThe max length of volume-\u003evid value is 20 characters.\nSo increase idbuf[] size up to 24 to avoid overflow.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\n[DH: Actually, it\u0027s 20 + NUL, so increase it to 24 and use snprintf()]" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:47.816Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5c27d85a69fa16a08813ba37ddfb4bbc9a1ed6b5" }, { "url": "https://git.kernel.org/stable/c/d9b5e2b7a8196850383c70d099bfd39e81ab6637" }, { "url": "https://git.kernel.org/stable/c/e56662160fc24d28cb75ac095cc6415ae1bda43e" }, { "url": "https://git.kernel.org/stable/c/e8530b170e464017203e3b8c6c49af6e916aece1" }, { "url": "https://git.kernel.org/stable/c/6e6065dd25b661420fac19c34282b6c626fcd35e" }, { "url": "https://git.kernel.org/stable/c/d34a5e57632bb5ff825196ddd9a48ca403626dfa" }, { "url": "https://git.kernel.org/stable/c/6ea38e2aeb72349cad50e38899b0ba6fbcb2af3d" } ], "title": "afs: Increase buffer size in afs_update_volume_status()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26736", "datePublished": "2024-04-03T17:00:22.693Z", "dateReserved": "2024-02-19T14:20:24.166Z", "dateUpdated": "2024-11-05T09:14:47.816Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26809
Vulnerability from cvelistv5
Published
2024-04-04 09:51
Modified
2024-11-05 09:16
Severity ?
EPSS score ?
Summary
netfilter: nft_set_pipapo: release elements in clone only from destroy path
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.546Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26809", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:50:40.137148Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:44.659Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/netfilter/nft_set_pipapo.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "b36b83297ff4", "status": "affected", "version": "4a6430b99f67", "versionType": "git" }, { "lessThan": "362508506bf5", "status": "affected", "version": "5ccecafc728b", "versionType": "git" }, { "lessThan": "5ad233dc731a", "status": "affected", "version": "9827a0e6e23b", "versionType": "git" }, { "lessThan": "ff9005077141", "status": "affected", "version": "9827a0e6e23b", "versionType": "git" }, { "lessThan": "821e28d5b506", "status": "affected", "version": "9827a0e6e23b", "versionType": "git" }, { "lessThan": "9384b4d85c46", "status": "affected", "version": "9827a0e6e23b", "versionType": "git" }, { "lessThan": "b0e256f3dd2b", "status": "affected", "version": "9827a0e6e23b", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/netfilter/nft_set_pipapo.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.19" }, { "lessThan": "5.19", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.214", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.153", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.83", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.23", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.11", "versionType": "semver" }, { "lessThanOrEqual": "6.8.*", "status": "unaffected", "version": "6.8.2", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.9", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: release elements in clone only from destroy path\n\nClone already always provides a current view of the lookup table, use it\nto destroy the set, otherwise it is possible to destroy elements twice.\n\nThis fix requires:\n\n 212ed75dc5fb (\"netfilter: nf_tables: integrate pipapo into commit protocol\")\n\nwhich came after:\n\n 9827a0e6e23b (\"netfilter: nft_set_pipapo: release elements in clone from abort path\")." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:16:13.839Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/b36b83297ff4910dfc8705402c8abffd4bbf8144" }, { "url": "https://git.kernel.org/stable/c/362508506bf545e9ce18c72a2c48dcbfb891ab9c" }, { "url": "https://git.kernel.org/stable/c/5ad233dc731ab64cdc47b84a5c1f78fff6c024af" }, { "url": "https://git.kernel.org/stable/c/ff90050771412b91e928093ccd8736ae680063c2" }, { "url": "https://git.kernel.org/stable/c/821e28d5b506e6a73ccc367ff792bd894050d48b" }, { "url": "https://git.kernel.org/stable/c/9384b4d85c46ce839f51af01374062ce6318b2f2" }, { "url": "https://git.kernel.org/stable/c/b0e256f3dd2ba6532f37c5c22e07cb07a36031ee" } ], "title": "netfilter: nft_set_pipapo: release elements in clone only from destroy path", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26809", "datePublished": "2024-04-04T09:51:51.245Z", "dateReserved": "2024-02-19T14:20:24.179Z", "dateUpdated": "2024-11-05T09:16:13.839Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26781
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
mptcp: fix possible deadlock in subflow diag
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26781", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T15:25:28.472646Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:22.582Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.451Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/70e5b013538d5e4cb421afed431a5fcd2a5d49ee" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cc32ba2fdf3f8b136619fff551f166ba51ec856d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f27d319df055629480b84b9288a502337b6f2a2e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fa8c776f4c323a9fbc8ddf25edcb962083391430" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d487e7ba1bc7444d5f062c4930ef8436c47c7e63" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d6a9608af9a75d13243d217f6ce1e30e57d56ffe" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/mptcp/diag.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "70e5b013538d", "status": "affected", "version": "8affdbb3e2ef", "versionType": "git" }, { "lessThan": "cc32ba2fdf3f", "status": "affected", "version": "7d6e8d7ee13b", "versionType": "git" }, { "lessThan": "f27d319df055", "status": "affected", "version": "71787c665d09", "versionType": "git" }, { "lessThan": "fa8c776f4c32", "status": "affected", "version": "e074c8297ee4", "versionType": "git" }, { "lessThan": "d487e7ba1bc7", "status": "affected", "version": "298ac00da8e6", "versionType": "git" }, { "lessThan": "d6a9608af9a7", "status": "affected", "version": "b8adb69a7d29", "versionType": "git" } ] }, { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/mptcp/diag.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5.10.212", "status": "affected", "version": "5.10.211", "versionType": "semver" }, { "lessThan": "5.15.151", "status": "affected", "version": "5.15.150", "versionType": "semver" }, { "lessThan": "6.1.81", "status": "affected", "version": "6.1.80", "versionType": "semver" }, { "lessThan": "6.6.21", "status": "affected", "version": "6.6.19", "versionType": "semver" }, { "lessThan": "6.7.9", "status": "affected", "version": "6.7.7", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix possible deadlock in subflow diag\n\nSyzbot and Eric reported a lockdep splat in the subflow diag:\n\n WARNING: possible circular locking dependency detected\n 6.8.0-rc4-syzkaller-00212-g40b9385dd8e6 #0 Not tainted\n\n syz-executor.2/24141 is trying to acquire lock:\n ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at:\n tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline]\n ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at:\n tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137\n\n but task is already holding lock:\n ffffc9000135e488 (\u0026h-\u003elhash2[i].lock){+.+.}-{2:2}, at: spin_lock\n include/linux/spinlock.h:351 [inline]\n ffffc9000135e488 (\u0026h-\u003elhash2[i].lock){+.+.}-{2:2}, at:\n inet_diag_dump_icsk+0x39f/0x1f80 net/ipv4/inet_diag.c:1038\n\n which lock already depends on the new lock.\n\n the existing dependency chain (in reverse order) is:\n\n -\u003e #1 (\u0026h-\u003elhash2[i].lock){+.+.}-{2:2}:\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n __raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]\n _raw_spin_lock+0x2e/0x40 kernel/locking/spinlock.c:154\n spin_lock include/linux/spinlock.h:351 [inline]\n __inet_hash+0x335/0xbe0 net/ipv4/inet_hashtables.c:743\n inet_csk_listen_start+0x23a/0x320 net/ipv4/inet_connection_sock.c:1261\n __inet_listen_sk+0x2a2/0x770 net/ipv4/af_inet.c:217\n inet_listen+0xa3/0x110 net/ipv4/af_inet.c:239\n rds_tcp_listen_init+0x3fd/0x5a0 net/rds/tcp_listen.c:316\n rds_tcp_init_net+0x141/0x320 net/rds/tcp.c:577\n ops_init+0x352/0x610 net/core/net_namespace.c:136\n __register_pernet_operations net/core/net_namespace.c:1214 [inline]\n register_pernet_operations+0x2cb/0x660 net/core/net_namespace.c:1283\n register_pernet_device+0x33/0x80 net/core/net_namespace.c:1370\n rds_tcp_init+0x62/0xd0 net/rds/tcp.c:735\n do_one_initcall+0x238/0x830 init/main.c:1236\n do_initcall_level+0x157/0x210 init/main.c:1298\n do_initcalls+0x3f/0x80 init/main.c:1314\n kernel_init_freeable+0x42f/0x5d0 init/main.c:1551\n kernel_init+0x1d/0x2a0 init/main.c:1441\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242\n\n -\u003e #0 (k-sk_lock-AF_INET6){+.+.}-{0:0}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18ca/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n lock_sock_fast include/net/sock.h:1723 [inline]\n subflow_get_info+0x166/0xd20 net/mptcp/diag.c:28\n tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline]\n tcp_diag_get_aux+0x738/0x830 net/ipv4/tcp_diag.c:137\n inet_sk_diag_fill+0x10ed/0x1e00 net/ipv4/inet_diag.c:345\n inet_diag_dump_icsk+0x55b/0x1f80 net/ipv4/inet_diag.c:1061\n __inet_diag_dump+0x211/0x3a0 net/ipv4/inet_diag.c:1263\n inet_diag_dump_compat+0x1c1/0x2d0 net/ipv4/inet_diag.c:1371\n netlink_dump+0x59b/0xc80 net/netlink/af_netlink.c:2264\n __netlink_dump_start+0x5df/0x790 net/netlink/af_netlink.c:2370\n netlink_dump_start include/linux/netlink.h:338 [inline]\n inet_diag_rcv_msg_compat+0x209/0x4c0 net/ipv4/inet_diag.c:1405\n sock_diag_rcv_msg+0xe7/0x410\n netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543\n sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1367\n netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c:1908\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nAs noted by Eric we can break the lock dependency chain avoid\ndumping \n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:42.144Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/70e5b013538d5e4cb421afed431a5fcd2a5d49ee" }, { "url": "https://git.kernel.org/stable/c/cc32ba2fdf3f8b136619fff551f166ba51ec856d" }, { "url": "https://git.kernel.org/stable/c/f27d319df055629480b84b9288a502337b6f2a2e" }, { "url": "https://git.kernel.org/stable/c/fa8c776f4c323a9fbc8ddf25edcb962083391430" }, { "url": "https://git.kernel.org/stable/c/d487e7ba1bc7444d5f062c4930ef8436c47c7e63" }, { "url": "https://git.kernel.org/stable/c/d6a9608af9a75d13243d217f6ce1e30e57d56ffe" } ], "title": "mptcp: fix possible deadlock in subflow diag", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26781", "datePublished": "2024-04-04T08:20:15.775Z", "dateReserved": "2024-02-19T14:20:24.177Z", "dateUpdated": "2024-11-05T09:15:42.144Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26714
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
interconnect: qcom: sc8180x: Mark CO0 BCM keepalive
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.962Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6616d3c4f8284a7b3ef978c916566bd240cea1c7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d8e36ff40cf9dadb135f3a97341c02c9a7afcc43" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7a3a70dd08e4b7dffc2f86f2c68fc3812804b9d0" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/85e985a4f46e462a37f1875cb74ed380e7c0c2e0" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26714", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:29.730845Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:25.465Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/interconnect/qcom/sc8180x.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "6616d3c4f828", "status": "affected", "version": "9c8c6bac1ae8", "versionType": "git" }, { "lessThan": "d8e36ff40cf9", "status": "affected", "version": "9c8c6bac1ae8", "versionType": "git" }, { "lessThan": "7a3a70dd08e4", "status": "affected", "version": "9c8c6bac1ae8", "versionType": "git" }, { "lessThan": "85e985a4f46e", "status": "affected", "version": "9c8c6bac1ae8", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/interconnect/qcom/sc8180x.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.15" }, { "lessThan": "5.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ninterconnect: qcom: sc8180x: Mark CO0 BCM keepalive\n\nThe CO0 BCM needs to be up at all times, otherwise some hardware (like\nthe UFS controller) loses its connection to the rest of the SoC,\nresulting in a hang of the platform, accompanied by a spectacular\nlogspam.\n\nMark it as keepalive to prevent such cases." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:23.245Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/6616d3c4f8284a7b3ef978c916566bd240cea1c7" }, { "url": "https://git.kernel.org/stable/c/d8e36ff40cf9dadb135f3a97341c02c9a7afcc43" }, { "url": "https://git.kernel.org/stable/c/7a3a70dd08e4b7dffc2f86f2c68fc3812804b9d0" }, { "url": "https://git.kernel.org/stable/c/85e985a4f46e462a37f1875cb74ed380e7c0c2e0" } ], "title": "interconnect: qcom: sc8180x: Mark CO0 BCM keepalive", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26714", "datePublished": "2024-04-03T14:55:15.662Z", "dateReserved": "2024-02-19T14:20:24.160Z", "dateUpdated": "2024-11-05T09:14:23.245Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26728
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
drm/amd/display: fix null-pointer dereference on edid reading
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.935Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26728", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:07.138513Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:21.807Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "2d392f7268a1", "status": "affected", "version": "0e859faf8670", "versionType": "git" }, { "lessThan": "967176179215", "status": "affected", "version": "0e859faf8670", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.7" }, { "lessThan": "6.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: fix null-pointer dereference on edid reading\n\nUse i2c adapter when there isn\u0027t aux_mode in dc_link to fix a\nnull-pointer derefence that happens when running\nigt@kms_force_connector_basic in a system with DCN2.1 and HDMI connector\ndetected as below:\n\n[ +0.178146] BUG: kernel NULL pointer dereference, address: 00000000000004c0\n[ +0.000010] #PF: supervisor read access in kernel mode\n[ +0.000005] #PF: error_code(0x0000) - not-present page\n[ +0.000004] PGD 0 P4D 0\n[ +0.000006] Oops: 0000 [#1] PREEMPT SMP NOPTI\n[ +0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne Not tainted 6.5.0-asdn+ #152\n[ +0.000005] Hardware name: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 07/14/2021\n[ +0.000004] RIP: 0010:i2c_transfer+0xd/0x100\n[ +0.000011] Code: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 \u003c48\u003e 8b 47 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16\n[ +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246\n[ +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080\n[ +0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI: 00000000000004b0\n[ +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980\n[ +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080\n[ +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f\n[ +0.000004] FS: 00007f9ad2176c40(0000) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000\n[ +0.000003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ +0.000004] CR2: 00000000000004c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0\n[ +0.000003] PKRU: 55555554\n[ +0.000003] Call Trace:\n[ +0.000006] \u003cTASK\u003e\n[ +0.000006] ? __die+0x23/0x70\n[ +0.000011] ? page_fault_oops+0x17d/0x4c0\n[ +0.000008] ? preempt_count_add+0x6e/0xa0\n[ +0.000008] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000011] ? exc_page_fault+0x7f/0x180\n[ +0.000009] ? asm_exc_page_fault+0x26/0x30\n[ +0.000013] ? i2c_transfer+0xd/0x100\n[ +0.000010] drm_do_probe_ddc_edid+0xc2/0x140 [drm]\n[ +0.000067] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000006] ? _drm_do_get_edid+0x97/0x3c0 [drm]\n[ +0.000043] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\n[ +0.000042] edid_block_read+0x3b/0xd0 [drm]\n[ +0.000043] _drm_do_get_edid+0xb6/0x3c0 [drm]\n[ +0.000041] ? __pfx_drm_do_probe_ddc_edid+0x10/0x10 [drm]\n[ +0.000043] drm_edid_read_custom+0x37/0xd0 [drm]\n[ +0.000044] amdgpu_dm_connector_mode_valid+0x129/0x1d0 [amdgpu]\n[ +0.000153] drm_connector_mode_valid+0x3b/0x60 [drm_kms_helper]\n[ +0.000000] __drm_helper_update_and_validate+0xfe/0x3c0 [drm_kms_helper]\n[ +0.000000] ? amdgpu_dm_connector_get_modes+0xb6/0x520 [amdgpu]\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000000] drm_helper_probe_single_connector_modes+0x2ab/0x540 [drm_kms_helper]\n[ +0.000000] status_store+0xb2/0x1f0 [drm]\n[ +0.000000] kernfs_fop_write_iter+0x136/0x1d0\n[ +0.000000] vfs_write+0x24d/0x440\n[ +0.000000] ksys_write+0x6f/0xf0\n[ +0.000000] do_syscall_64+0x60/0xc0\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000000] ? syscall_exit_to_user_mode+0x2b/0x40\n[ +0.000000] ? srso_alias_return_thunk+0x5/0x7f\n[ +0.000000] ? do_syscall_64+0x6c/0xc0\n[ +0.000000] ? do_syscall_64+0x6c/0xc0\n[ +0.000000] entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n[ +0.000000] RIP: 0033:0x7f9ad46b4b00\n[ +0.000000] Code: 40 00 48 8b 15 19 b3 0d 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 80 3d e1 3a 0e 00 00 74 17 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 48 83 ec 28 48 89\n[ +0.000000] RSP: 002b:00007ffcbd3bd6d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\n[ +0.000000] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f9ad46b4b00\n[ +0.000000] RDX: 0000000000000002 RSI: 00007f9ad48a7417 RDI: 0000000000000009\n[ +0.000000] RBP: 0000000000000002 R08\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:38.951Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145" }, { "url": "https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777" } ], "title": "drm/amd/display: fix null-pointer dereference on edid reading", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26728", "datePublished": "2024-04-03T17:00:16.776Z", "dateReserved": "2024-02-19T14:20:24.164Z", "dateUpdated": "2024-11-05T09:14:38.951Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26689
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-05 09:13
Severity ?
EPSS score ?
Summary
ceph: prevent use-after-free in encode_cap_msg()
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.664Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8180d0c27b93a6eb60da1b08ea079e3926328214" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/70e329b440762390258a6fe8c0de93c9fdd56c77" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f3f98d7d84b31828004545e29fd7262b9f444139" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ae20db45e482303a20e56f2db667a9d9c54ac7e7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7958c1bf5b03c6f1f58e724dbdec93f8f60b96fc" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cda4672da1c26835dcbd7aec2bfed954eda9b5ef" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26689", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T19:26:55.316031Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-15T19:27:03.603Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/ceph/caps.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "8180d0c27b93", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "70e329b44076", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "f3f98d7d84b3", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "ae20db45e482", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "7958c1bf5b03", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "cda4672da1c2", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/ceph/caps.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: prevent use-after-free in encode_cap_msg()\n\nIn fs/ceph/caps.c, in encode_cap_msg(), \"use after free\" error was\ncaught by KASAN at this line - \u0027ceph_buffer_get(arg-\u003exattr_buf);\u0027. This\nimplies before the refcount could be increment here, it was freed.\n\nIn same file, in \"handle_cap_grant()\" refcount is decremented by this\nline - \u0027ceph_buffer_put(ci-\u003ei_xattrs.blob);\u0027. It appears that a race\noccurred and resource was freed by the latter line before the former\nline could increment it.\n\nencode_cap_msg() is called by __send_cap() and __send_cap() is called by\nceph_check_caps() after calling __prep_cap(). __prep_cap() is where\narg-\u003exattr_buf is assigned to ci-\u003ei_xattrs.blob. This is the spot where\nthe refcount must be increased to prevent \"use after free\" error." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:13:56.461Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/8180d0c27b93a6eb60da1b08ea079e3926328214" }, { "url": "https://git.kernel.org/stable/c/70e329b440762390258a6fe8c0de93c9fdd56c77" }, { "url": "https://git.kernel.org/stable/c/f3f98d7d84b31828004545e29fd7262b9f444139" }, { "url": "https://git.kernel.org/stable/c/ae20db45e482303a20e56f2db667a9d9c54ac7e7" }, { "url": "https://git.kernel.org/stable/c/7958c1bf5b03c6f1f58e724dbdec93f8f60b96fc" }, { "url": "https://git.kernel.org/stable/c/cda4672da1c26835dcbd7aec2bfed954eda9b5ef" } ], "title": "ceph: prevent use-after-free in encode_cap_msg()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26689", "datePublished": "2024-04-03T14:54:50.885Z", "dateReserved": "2024-02-19T14:20:24.154Z", "dateUpdated": "2024-11-05T09:13:56.461Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26772
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26772", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T19:16:02.816411Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-01T15:30:43.236Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.428Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5a6dcc4ad0f7f7fa8e8d127b5526e7c5f2d38a43" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6b92b1bc16d691c95b152c6dbf027ad64315668d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ffeb72a80a82aba59a6774b0611f792e0ed3b0b7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8de8305a25bfda607fc13475ebe84b978c96d7ff" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d639102f4cbd4cb65d1225dba3b9265596aab586" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d3bbe77a76bc52e9d4d0a120f1509be36e25c916" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/21dbe20589c7f48e9c5d336ce6402bcebfa6d76a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/832698373a25950942c04a512daa652c18a9b513" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/ext4/mballoc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5a6dcc4ad0f7", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "6b92b1bc16d6", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "ffeb72a80a82", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "8de8305a25bf", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "d639102f4cbd", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "d3bbe77a76bc", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "21dbe20589c7", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "832698373a25", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/ext4/mballoc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.308", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()\n\nPlaces the logic for checking if the group\u0027s block bitmap is corrupt under\nthe protection of the group lock to avoid allocating blocks from the group\nwith a corrupted block bitmap." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:31.662Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5a6dcc4ad0f7f7fa8e8d127b5526e7c5f2d38a43" }, { "url": "https://git.kernel.org/stable/c/6b92b1bc16d691c95b152c6dbf027ad64315668d" }, { "url": "https://git.kernel.org/stable/c/ffeb72a80a82aba59a6774b0611f792e0ed3b0b7" }, { "url": "https://git.kernel.org/stable/c/8de8305a25bfda607fc13475ebe84b978c96d7ff" }, { "url": "https://git.kernel.org/stable/c/d639102f4cbd4cb65d1225dba3b9265596aab586" }, { "url": "https://git.kernel.org/stable/c/d3bbe77a76bc52e9d4d0a120f1509be36e25c916" }, { "url": "https://git.kernel.org/stable/c/21dbe20589c7f48e9c5d336ce6402bcebfa6d76a" }, { "url": "https://git.kernel.org/stable/c/832698373a25950942c04a512daa652c18a9b513" } ], "title": "ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26772", "datePublished": "2024-04-03T17:00:58.733Z", "dateReserved": "2024-02-19T14:20:24.176Z", "dateUpdated": "2024-11-05T09:15:31.662Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26707
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.854Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0d8011a878fdf96123bc0d6a12e2fe7ced5fddfb" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/de769423b2f053182a41317c4db5a927e90622a0" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/56440799fc4621c279df16176f83a995d056023a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/923dea2a7ea9e1ef5ac4031fba461c1cc92e32b8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/547545e50c913861219947ce490c68a1776b9b51" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/37e8c97e539015637cb920d3e6f1e404f707a06e" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26707", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:36.137987Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:32:53.817Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/hsr/hsr_device.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "0d8011a878fd", "status": "affected", "version": "121c33b07b31", "versionType": "git" }, { "lessThan": "de769423b2f0", "status": "affected", "version": "121c33b07b31", "versionType": "git" }, { "lessThan": "56440799fc46", "status": "affected", "version": "121c33b07b31", "versionType": "git" }, { "lessThan": "923dea2a7ea9", "status": "affected", "version": "121c33b07b31", "versionType": "git" }, { "lessThan": "547545e50c91", "status": "affected", "version": "121c33b07b31", "versionType": "git" }, { "lessThan": "37e8c97e5390", "status": "affected", "version": "121c33b07b31", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/hsr/hsr_device.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.9" }, { "lessThan": "5.9", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()\n\nSyzkaller reported [1] hitting a warning after failing to allocate\nresources for skb in hsr_init_skb(). Since a WARN_ONCE() call will\nnot help much in this case, it might be prudent to switch to\nnetdev_warn_once(). At the very least it will suppress syzkaller\nreports such as [1].\n\nJust in case, use netdev_warn_once() in send_prp_supervision_frame()\nfor similar reasons.\n\n[1]\nHSR: Could not send supervision frame\nWARNING: CPU: 1 PID: 85 at net/hsr/hsr_device.c:294 send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294\nRIP: 0010:send_hsr_supervision_frame+0x60a/0x810 net/hsr/hsr_device.c:294\n...\nCall Trace:\n \u003cIRQ\u003e\n hsr_announce+0x114/0x370 net/hsr/hsr_device.c:382\n call_timer_fn+0x193/0x590 kernel/time/timer.c:1700\n expire_timers kernel/time/timer.c:1751 [inline]\n __run_timers+0x764/0xb20 kernel/time/timer.c:2022\n run_timer_softirq+0x58/0xd0 kernel/time/timer.c:2035\n __do_softirq+0x21a/0x8de kernel/softirq.c:553\n invoke_softirq kernel/softirq.c:427 [inline]\n __irq_exit_rcu kernel/softirq.c:632 [inline]\n irq_exit_rcu+0xb7/0x120 kernel/softirq.c:644\n sysvec_apic_timer_interrupt+0x95/0xb0 arch/x86/kernel/apic/apic.c:1076\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:649\n...\n\nThis issue is also found in older kernels (at least up to 5.10)." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:15.463Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/0d8011a878fdf96123bc0d6a12e2fe7ced5fddfb" }, { "url": "https://git.kernel.org/stable/c/de769423b2f053182a41317c4db5a927e90622a0" }, { "url": "https://git.kernel.org/stable/c/56440799fc4621c279df16176f83a995d056023a" }, { "url": "https://git.kernel.org/stable/c/923dea2a7ea9e1ef5ac4031fba461c1cc92e32b8" }, { "url": "https://git.kernel.org/stable/c/547545e50c913861219947ce490c68a1776b9b51" }, { "url": "https://git.kernel.org/stable/c/37e8c97e539015637cb920d3e6f1e404f707a06e" } ], "title": "net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26707", "datePublished": "2024-04-03T14:55:10.262Z", "dateReserved": "2024-02-19T14:20:24.158Z", "dateUpdated": "2024-11-05T09:14:15.463Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26687
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-05 09:13
Severity ?
EPSS score ?
Summary
xen/events: close evtchn after mapping cleanup
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.637Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9470f5b2503cae994098dea9682aee15b313fa44" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ea592baf9e41779fe9a0424c03dd2f324feca3b3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/585a344af6bcac222608a158fc2830ff02712af5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/20980195ec8d2e41653800c45c8c367fa1b1f2b4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9be71aa12afa91dfe457b3fb4a444c42b1ee036b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fa765c4b4aed2d64266b694520ecb025c862c5a9" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26687", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:53:07.213399Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:32.707Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/xen/events/events_base.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "9470f5b2503c", "status": "affected", "version": "d46a78b05c0e", "versionType": "git" }, { "lessThan": "0fc88aeb2e32", "status": "affected", "version": "d46a78b05c0e", "versionType": "git" }, { "lessThan": "ea592baf9e41", "status": "affected", "version": "d46a78b05c0e", "versionType": "git" }, { "lessThan": "585a344af6bc", "status": "affected", "version": "d46a78b05c0e", "versionType": "git" }, { "lessThan": "20980195ec8d", "status": "affected", "version": "d46a78b05c0e", "versionType": "git" }, { "lessThan": "9be71aa12afa", "status": "affected", "version": "d46a78b05c0e", "versionType": "git" }, { "lessThan": "fa765c4b4aed", "status": "affected", "version": "d46a78b05c0e", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/xen/events/events_base.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "2.6.37" }, { "lessThan": "2.6.37", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.274", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.215", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.154", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/events: close evtchn after mapping cleanup\n\nshutdown_pirq and startup_pirq are not taking the\nirq_mapping_update_lock because they can\u0027t due to lock inversion. Both\nare called with the irq_desc-\u003elock being taking. The lock order,\nhowever, is first irq_mapping_update_lock and then irq_desc-\u003elock.\n\nThis opens multiple races:\n- shutdown_pirq can be interrupted by a function that allocates an event\n channel:\n\n CPU0 CPU1\n shutdown_pirq {\n xen_evtchn_close(e)\n __startup_pirq {\n EVTCHNOP_bind_pirq\n -\u003e returns just freed evtchn e\n set_evtchn_to_irq(e, irq)\n }\n xen_irq_info_cleanup() {\n set_evtchn_to_irq(e, -1)\n }\n }\n\n Assume here event channel e refers here to the same event channel\n number.\n After this race the evtchn_to_irq mapping for e is invalid (-1).\n\n- __startup_pirq races with __unbind_from_irq in a similar way. Because\n __startup_pirq doesn\u0027t take irq_mapping_update_lock it can grab the\n evtchn that __unbind_from_irq is currently freeing and cleaning up. In\n this case even though the event channel is allocated, its mapping can\n be unset in evtchn_to_irq.\n\nThe fix is to first cleanup the mappings and then close the event\nchannel. In this way, when an event channel gets allocated it\u0027s\npotential previous evtchn_to_irq mappings are guaranteed to be unset already.\nThis is also the reverse order of the allocation where first the event\nchannel is allocated and then the mappings are setup.\n\nOn a 5.10 kernel prior to commit 3fcdaf3d7634 (\"xen/events: modify internal\n[un]bind interfaces\"), we hit a BUG like the following during probing of NVMe\ndevices. The issue is that during nvme_setup_io_queues, pci_free_irq\nis called for every device which results in a call to shutdown_pirq.\nWith many nvme devices it\u0027s therefore likely to hit this race during\nboot because there will be multiple calls to shutdown_pirq and\nstartup_pirq are running potentially in parallel.\n\n ------------[ cut here ]------------\n blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled\n kernel BUG at drivers/xen/events/events_base.c:499!\n invalid opcode: 0000 [#1] SMP PTI\n CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1\n Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006\n Workqueue: nvme-reset-wq nvme_reset_work\n RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0\n Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff \u003c0f\u003e 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00\n RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046\n RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006\n RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff\n RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed\n R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002\n FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n ? show_trace_log_lvl+0x1c1/0x2d9\n ? show_trace_log_lvl+0x1c1/0x2d9\n ? set_affinity_irq+0xdc/0x1c0\n ? __die_body.cold+0x8/0xd\n ? die+0x2b/0x50\n ? do_trap+0x90/0x110\n ? bind_evtchn_to_cpu+0xdf/0xf0\n ? do_error_trap+0x65/0x80\n ? bind_evtchn_to_cpu+0xdf/0xf0\n ? exc_invalid_op+0x4e/0x70\n ? bind_evtchn_to_cpu+0xdf/0xf0\n ? asm_exc_invalid_op+0x12/0x20\n ? bind_evtchn_to_cpu+0xdf/0x\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:13:54.073Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/9470f5b2503cae994098dea9682aee15b313fa44" }, { "url": "https://git.kernel.org/stable/c/0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd" }, { "url": "https://git.kernel.org/stable/c/ea592baf9e41779fe9a0424c03dd2f324feca3b3" }, { "url": "https://git.kernel.org/stable/c/585a344af6bcac222608a158fc2830ff02712af5" }, { "url": "https://git.kernel.org/stable/c/20980195ec8d2e41653800c45c8c367fa1b1f2b4" }, { "url": "https://git.kernel.org/stable/c/9be71aa12afa91dfe457b3fb4a444c42b1ee036b" }, { "url": "https://git.kernel.org/stable/c/fa765c4b4aed2d64266b694520ecb025c862c5a9" } ], "title": "xen/events: close evtchn after mapping cleanup", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26687", "datePublished": "2024-04-03T14:54:49.250Z", "dateReserved": "2024-02-19T14:20:24.154Z", "dateUpdated": "2024-11-05T09:13:54.073Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26732
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
net: implement lockless setsockopt(SO_PEEK_OFF)
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26732", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T19:28:35.916343Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T19:28:53.102Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.930Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/897f75e2cde8a5f9f7529b55249af1fa4248c83b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/56667da7399eb19af857e30f41bea89aa6fa812c" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/core/sock.c", "net/ipv4/udp.c", "net/unix/af_unix.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "897f75e2cde8", "status": "affected", "version": "859051dd165e", "versionType": "git" }, { "lessThan": "56667da7399e", "status": "affected", "version": "859051dd165e", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/core/sock.c", "net/ipv4/udp.c", "net/unix/af_unix.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.7" }, { "lessThan": "6.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: implement lockless setsockopt(SO_PEEK_OFF)\n\nsyzbot reported a lockdep violation [1] involving af_unix\nsupport of SO_PEEK_OFF.\n\nSince SO_PEEK_OFF is inherently not thread safe (it uses a per-socket\nsk_peek_off field), there is really no point to enforce a pointless\nthread safety in the kernel.\n\nAfter this patch :\n\n- setsockopt(SO_PEEK_OFF) no longer acquires the socket lock.\n\n- skb_consume_udp() no longer has to acquire the socket lock.\n\n- af_unix no longer needs a special version of sk_set_peek_off(),\n because it does not lock u-\u003eiolock anymore.\n\nAs a followup, we could replace prot-\u003eset_peek_off to be a boolean\nand avoid an indirect call, since we always use sk_set_peek_off().\n\n[1]\n\nWARNING: possible circular locking dependency detected\n6.8.0-rc4-syzkaller-00267-g0f1dd5e91e2b #0 Not tainted\n\nsyz-executor.2/30025 is trying to acquire lock:\n ffff8880765e7d80 (\u0026u-\u003eiolock){+.+.}-{3:3}, at: unix_set_peek_off+0x26/0xa0 net/unix/af_unix.c:789\n\nbut task is already holding lock:\n ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1691 [inline]\n ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sockopt_lock_sock net/core/sock.c:1060 [inline]\n ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sk_setsockopt+0xe52/0x3360 net/core/sock.c:1193\n\nwhich lock already depends on the new lock.\n\nthe existing dependency chain (in reverse order) is:\n\n-\u003e #1 (sk_lock-AF_UNIX){+.+.}-{0:0}:\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n lock_sock_nested+0x48/0x100 net/core/sock.c:3524\n lock_sock include/net/sock.h:1691 [inline]\n __unix_dgram_recvmsg+0x1275/0x12c0 net/unix/af_unix.c:2415\n sock_recvmsg_nosec+0x18e/0x1d0 net/socket.c:1046\n ____sys_recvmsg+0x3c0/0x470 net/socket.c:2801\n ___sys_recvmsg net/socket.c:2845 [inline]\n do_recvmmsg+0x474/0xae0 net/socket.c:2939\n __sys_recvmmsg net/socket.c:3018 [inline]\n __do_sys_recvmmsg net/socket.c:3041 [inline]\n __se_sys_recvmmsg net/socket.c:3034 [inline]\n __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3034\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\n-\u003e #0 (\u0026u-\u003eiolock){+.+.}-{3:3}:\n check_prev_add kernel/locking/lockdep.c:3134 [inline]\n check_prevs_add kernel/locking/lockdep.c:3253 [inline]\n validate_chain+0x18ca/0x58e0 kernel/locking/lockdep.c:3869\n __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137\n lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754\n __mutex_lock_common kernel/locking/mutex.c:608 [inline]\n __mutex_lock+0x136/0xd70 kernel/locking/mutex.c:752\n unix_set_peek_off+0x26/0xa0 net/unix/af_unix.c:789\n sk_setsockopt+0x207e/0x3360\n do_sock_setsockopt+0x2fb/0x720 net/socket.c:2307\n __sys_setsockopt+0x1ad/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nother info that might help us debug this:\n\n Possible unsafe locking scenario:\n\n CPU0 CPU1\n ---- ----\n lock(sk_lock-AF_UNIX);\n lock(\u0026u-\u003eiolock);\n lock(sk_lock-AF_UNIX);\n lock(\u0026u-\u003eiolock);\n\n *** DEADLOCK ***\n\n1 lock held by syz-executor.2/30025:\n #0: ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: lock_sock include/net/sock.h:1691 [inline]\n #0: ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sockopt_lock_sock net/core/sock.c:1060 [inline]\n #0: ffff8880765e7930 (sk_lock-AF_UNIX){+.+.}-{0:0}, at: sk_setsockopt+0xe52/0x3360 net/core/sock.c:1193\n\nstack backtrace:\nCPU: 0 PID: 30025 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-00267-g0f1dd5e91e2b #0\nHardware name: Google Google C\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:43.384Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/897f75e2cde8a5f9f7529b55249af1fa4248c83b" }, { "url": "https://git.kernel.org/stable/c/56667da7399eb19af857e30f41bea89aa6fa812c" } ], "title": "net: implement lockless setsockopt(SO_PEEK_OFF)", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26732", "datePublished": "2024-04-03T17:00:19.722Z", "dateReserved": "2024-02-19T14:20:24.165Z", "dateUpdated": "2024-11-05T09:14:43.384Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26769
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
nvmet-fc: avoid deadlock on delete association path
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26769", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-16T14:13:29.356049Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-01T15:27:15.624Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.328Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5e0bc09a52b6169ce90f7ac6e195791adb16cec4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9e6987f8937a7bd7516aa52f25cb7e12c0c92ee8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/eaf0971fdabf2a93c1429dc6bedf3bbe85dffa30" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1d86f79287206deec36d63b89c741cf542b6cadd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/710c69dbaccdac312e32931abcb8499c1525d397" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/nvme/target/fc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5e0bc09a52b6", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "9e6987f8937a", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "eaf0971fdabf", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "1d86f7928720", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "710c69dbaccd", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/nvme/target/fc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-fc: avoid deadlock on delete association path\n\nWhen deleting an association the shutdown path is deadlocking because we\ntry to flush the nvmet_wq nested. Avoid this by deadlock by deferring\nthe put work into its own work item." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:26.770Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5e0bc09a52b6169ce90f7ac6e195791adb16cec4" }, { "url": "https://git.kernel.org/stable/c/9e6987f8937a7bd7516aa52f25cb7e12c0c92ee8" }, { "url": "https://git.kernel.org/stable/c/eaf0971fdabf2a93c1429dc6bedf3bbe85dffa30" }, { "url": "https://git.kernel.org/stable/c/1d86f79287206deec36d63b89c741cf542b6cadd" }, { "url": "https://git.kernel.org/stable/c/710c69dbaccdac312e32931abcb8499c1525d397" } ], "title": "nvmet-fc: avoid deadlock on delete association path", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26769", "datePublished": "2024-04-03T17:00:56.019Z", "dateReserved": "2024-02-19T14:20:24.175Z", "dateUpdated": "2024-11-05T09:15:26.770Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26793
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.475Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/01129059d5141d62fae692f7a336ae3bc712d3eb" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ec92aa2cab6f0048f10d6aa4f025c5885cb1a1b6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e668b92a3a01429923fd5ca13e99642aab47de69" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9376d059a705c5dfaac566c2d09891242013ae16" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/abd32d7f5c0294c1b2454c5a3b13b18446bac627" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/93dd420bc41531c9a31498b9538ca83ba6ec191e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5366969a19a8a0d2ffb3d27ef6e8905e5e4216f8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/616d82c3cfa2a2146dd7e3ae47bda7e877ee549e" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26793", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:50:52.672497Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:48.724Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/gtp.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "01129059d514", "status": "affected", "version": "459aa660eb1d", "versionType": "git" }, { "lessThan": "ec92aa2cab6f", "status": "affected", "version": "459aa660eb1d", "versionType": "git" }, { "lessThan": "e668b92a3a01", "status": "affected", "version": "459aa660eb1d", "versionType": "git" }, { "lessThan": "9376d059a705", "status": "affected", "version": "459aa660eb1d", "versionType": "git" }, { "lessThan": "abd32d7f5c02", "status": "affected", "version": "459aa660eb1d", "versionType": "git" }, { "lessThan": "93dd420bc415", "status": "affected", "version": "459aa660eb1d", "versionType": "git" }, { "lessThan": "5366969a19a8", "status": "affected", "version": "459aa660eb1d", "versionType": "git" }, { "lessThan": "616d82c3cfa2", "status": "affected", "version": "459aa660eb1d", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/gtp.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.7" }, { "lessThan": "4.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.309", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.271", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.212", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.151", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix use-after-free and null-ptr-deref in gtp_newlink()\n\nThe gtp_link_ops operations structure for the subsystem must be\nregistered after registering the gtp_net_ops pernet operations structure.\n\nSyzkaller hit \u0027general protection fault in gtp_genl_dump_pdp\u0027 bug:\n\n[ 1010.702740] gtp: GTP module unloaded\n[ 1010.715877] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI\n[ 1010.715888] KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]\n[ 1010.715895] CPU: 1 PID: 128616 Comm: a.out Not tainted 6.8.0-rc6-std-def-alt1 #1\n[ 1010.715899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014\n[ 1010.715908] RIP: 0010:gtp_newlink+0x4d7/0x9c0 [gtp]\n[ 1010.715915] Code: 80 3c 02 00 0f 85 41 04 00 00 48 8b bb d8 05 00 00 e8 ed f6 ff ff 48 89 c2 48 89 c5 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 4f 04 00 00 4c 89 e2 4c 8b 6d 00 48 b8 00 00 00\n[ 1010.715920] RSP: 0018:ffff888020fbf180 EFLAGS: 00010203\n[ 1010.715929] RAX: dffffc0000000000 RBX: ffff88800399c000 RCX: 0000000000000000\n[ 1010.715933] RDX: 0000000000000001 RSI: ffffffff84805280 RDI: 0000000000000282\n[ 1010.715938] RBP: 000000000000000d R08: 0000000000000001 R09: 0000000000000000\n[ 1010.715942] R10: 0000000000000001 R11: 0000000000000001 R12: ffff88800399cc80\n[ 1010.715947] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000400\n[ 1010.715953] FS: 00007fd1509ab5c0(0000) GS:ffff88805b300000(0000) knlGS:0000000000000000\n[ 1010.715958] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1010.715962] CR2: 0000000000000000 CR3: 000000001c07a000 CR4: 0000000000750ee0\n[ 1010.715968] PKRU: 55555554\n[ 1010.715972] Call Trace:\n[ 1010.715985] ? __die_body.cold+0x1a/0x1f\n[ 1010.715995] ? die_addr+0x43/0x70\n[ 1010.716002] ? exc_general_protection+0x199/0x2f0\n[ 1010.716016] ? asm_exc_general_protection+0x1e/0x30\n[ 1010.716026] ? gtp_newlink+0x4d7/0x9c0 [gtp]\n[ 1010.716034] ? gtp_net_exit+0x150/0x150 [gtp]\n[ 1010.716042] __rtnl_newlink+0x1063/0x1700\n[ 1010.716051] ? rtnl_setlink+0x3c0/0x3c0\n[ 1010.716063] ? is_bpf_text_address+0xc0/0x1f0\n[ 1010.716070] ? kernel_text_address.part.0+0xbb/0xd0\n[ 1010.716076] ? __kernel_text_address+0x56/0xa0\n[ 1010.716084] ? unwind_get_return_address+0x5a/0xa0\n[ 1010.716091] ? create_prof_cpu_mask+0x30/0x30\n[ 1010.716098] ? arch_stack_walk+0x9e/0xf0\n[ 1010.716106] ? stack_trace_save+0x91/0xd0\n[ 1010.716113] ? stack_trace_consume_entry+0x170/0x170\n[ 1010.716121] ? __lock_acquire+0x15c5/0x5380\n[ 1010.716139] ? mark_held_locks+0x9e/0xe0\n[ 1010.716148] ? kmem_cache_alloc_trace+0x35f/0x3c0\n[ 1010.716155] ? __rtnl_newlink+0x1700/0x1700\n[ 1010.716160] rtnl_newlink+0x69/0xa0\n[ 1010.716166] rtnetlink_rcv_msg+0x43b/0xc50\n[ 1010.716172] ? rtnl_fdb_dump+0x9f0/0x9f0\n[ 1010.716179] ? lock_acquire+0x1fe/0x560\n[ 1010.716188] ? netlink_deliver_tap+0x12f/0xd50\n[ 1010.716196] netlink_rcv_skb+0x14d/0x440\n[ 1010.716202] ? rtnl_fdb_dump+0x9f0/0x9f0\n[ 1010.716208] ? netlink_ack+0xab0/0xab0\n[ 1010.716213] ? netlink_deliver_tap+0x202/0xd50\n[ 1010.716220] ? netlink_deliver_tap+0x218/0xd50\n[ 1010.716226] ? __virt_addr_valid+0x30b/0x590\n[ 1010.716233] netlink_unicast+0x54b/0x800\n[ 1010.716240] ? netlink_attachskb+0x870/0x870\n[ 1010.716248] ? __check_object_size+0x2de/0x3b0\n[ 1010.716254] netlink_sendmsg+0x938/0xe40\n[ 1010.716261] ? netlink_unicast+0x800/0x800\n[ 1010.716269] ? __import_iovec+0x292/0x510\n[ 1010.716276] ? netlink_unicast+0x800/0x800\n[ 1010.716284] __sock_sendmsg+0x159/0x190\n[ 1010.716290] ____sys_sendmsg+0x712/0x880\n[ 1010.716297] ? sock_write_iter+0x3d0/0x3d0\n[ 1010.716304] ? __ia32_sys_recvmmsg+0x270/0x270\n[ 1010.716309] ? lock_acquire+0x1fe/0x560\n[ 1010.716315] ? drain_array_locked+0x90/0x90\n[ 1010.716324] ___sys_sendmsg+0xf8/0x170\n[ 1010.716331] ? sendmsg_copy_msghdr+0x170/0x170\n[ 1010.716337] ? lockdep_init_map\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:55.831Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/01129059d5141d62fae692f7a336ae3bc712d3eb" }, { "url": "https://git.kernel.org/stable/c/ec92aa2cab6f0048f10d6aa4f025c5885cb1a1b6" }, { "url": "https://git.kernel.org/stable/c/e668b92a3a01429923fd5ca13e99642aab47de69" }, { "url": "https://git.kernel.org/stable/c/9376d059a705c5dfaac566c2d09891242013ae16" }, { "url": "https://git.kernel.org/stable/c/abd32d7f5c0294c1b2454c5a3b13b18446bac627" }, { "url": "https://git.kernel.org/stable/c/93dd420bc41531c9a31498b9538ca83ba6ec191e" }, { "url": "https://git.kernel.org/stable/c/5366969a19a8a0d2ffb3d27ef6e8905e5e4216f8" }, { "url": "https://git.kernel.org/stable/c/616d82c3cfa2a2146dd7e3ae47bda7e877ee549e" } ], "title": "gtp: fix use-after-free and null-ptr-deref in gtp_newlink()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26793", "datePublished": "2024-04-04T08:20:23.771Z", "dateReserved": "2024-02-19T14:20:24.178Z", "dateUpdated": "2024-11-05T09:15:55.831Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26804
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:16
Severity ?
EPSS score ?
Summary
net: ip_tunnel: prevent perpetual headroom growth
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26804", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T16:19:38.104949Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:20.600Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.557Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f81e94d2dcd2397137edcb8b85f4c5bed5d22383" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2e95350fe9db9d53c701075060ac8ac883b68aee" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/afec0c5cd2ed71ca95a8b36a5e6d03333bf34282" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ab63de24ebea36fe73ac7121738595d704b66d96" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/049d7989c67e8dd50f07a2096dbafdb41331fb9b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/ipv4/ip_tunnel.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f81e94d2dcd2", "status": "affected", "version": "243aad830e8a", "versionType": "git" }, { "lessThan": "2e95350fe9db", "status": "affected", "version": "243aad830e8a", "versionType": "git" }, { "lessThan": "afec0c5cd2ed", "status": "affected", "version": "243aad830e8a", "versionType": "git" }, { "lessThan": "ab63de24ebea", "status": "affected", "version": "243aad830e8a", "versionType": "git" }, { "lessThan": "a0a1db40b23e", "status": "affected", "version": "243aad830e8a", "versionType": "git" }, { "lessThan": "049d7989c67e", "status": "affected", "version": "243aad830e8a", "versionType": "git" }, { "lessThan": "5ae1e9922bbd", "status": "affected", "version": "243aad830e8a", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/ipv4/ip_tunnel.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "2.6.34" }, { "lessThan": "2.6.34", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.271", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.212", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.151", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ip_tunnel: prevent perpetual headroom growth\n\nsyzkaller triggered following kasan splat:\nBUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170\nRead of size 1 at addr ffff88812fb4000e by task syz-executor183/5191\n[..]\n kasan_report+0xda/0x110 mm/kasan/report.c:588\n __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170\n skb_flow_dissect_flow_keys include/linux/skbuff.h:1514 [inline]\n ___skb_get_hash net/core/flow_dissector.c:1791 [inline]\n __skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856\n skb_get_hash include/linux/skbuff.h:1556 [inline]\n ip_tunnel_xmit+0x1855/0x33c0 net/ipv4/ip_tunnel.c:748\n ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564\n __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349\n dev_queue_xmit include/linux/netdevice.h:3134 [inline]\n neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592\n ...\n ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235\n ip_finish_output+0x31/0x310 net/ipv4/ip_output.c:323\n ..\n iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82\n ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831\n ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665\n __netdev_start_xmit include/linux/netdevice.h:4940 [inline]\n netdev_start_xmit include/linux/netdevice.h:4954 [inline]\n xmit_one net/core/dev.c:3548 [inline]\n dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564\n ...\n\nThe splat occurs because skb-\u003edata points past skb-\u003ehead allocated area.\nThis is because neigh layer does:\n __skb_pull(skb, skb_network_offset(skb));\n\n... but skb_network_offset() returns a negative offset and __skb_pull()\narg is unsigned. IOW, we skb-\u003edata gets \"adjusted\" by a huge value.\n\nThe negative value is returned because skb-\u003ehead and skb-\u003edata distance is\nmore than 64k and skb-\u003enetwork_header (u16) has wrapped around.\n\nThe bug is in the ip_tunnel infrastructure, which can cause\ndev-\u003eneeded_headroom to increment ad infinitum.\n\nThe syzkaller reproducer consists of packets getting routed via a gre\ntunnel, and route of gre encapsulated packets pointing at another (ipip)\ntunnel. The ipip encapsulation finds gre0 as next output device.\n\nThis results in the following pattern:\n\n1). First packet is to be sent out via gre0.\nRoute lookup found an output device, ipip0.\n\n2).\nip_tunnel_xmit for gre0 bumps gre0-\u003eneeded_headroom based on the future\noutput device, rt.dev-\u003eneeded_headroom (ipip0).\n\n3).\nip output / start_xmit moves skb on to ipip0. which runs the same\ncode path again (xmit recursion).\n\n4).\nRouting step for the post-gre0-encap packet finds gre0 as output device\nto use for ipip0 encapsulated packet.\n\ntunl0-\u003eneeded_headroom is then incremented based on the (already bumped)\ngre0 device headroom.\n\nThis repeats for every future packet:\n\ngre0-\u003eneeded_headroom gets inflated because previous packets\u0027 ipip0 step\nincremented rt-\u003edev (gre0) headroom, and ipip0 incremented because gre0\nneeded_headroom was increased.\n\nFor each subsequent packet, gre/ipip0-\u003eneeded_headroom grows until\npost-expand-head reallocations result in a skb-\u003ehead/data distance of\nmore than 64k.\n\nOnce that happens, skb-\u003enetwork_header (u16) wraps around when\npskb_expand_head tries to make sure that skb_network_offset() is unchanged\nafter the headroom expansion/reallocation.\n\nAfter this skb_network_offset(skb) returns a different (and negative)\nresult post headroom expansion.\n\nThe next trip to neigh layer (or anything else that would __skb_pull the\nnetwork header) makes skb-\u003edata point to a memory location outside\nskb-\u003ehead area.\n\nv2: Cap the needed_headroom update to an arbitarily chosen upperlimit to\nprevent perpetual increase instead of dropping the headroom increment\ncompletely." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:16:08.237Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f81e94d2dcd2397137edcb8b85f4c5bed5d22383" }, { "url": "https://git.kernel.org/stable/c/2e95350fe9db9d53c701075060ac8ac883b68aee" }, { "url": "https://git.kernel.org/stable/c/afec0c5cd2ed71ca95a8b36a5e6d03333bf34282" }, { "url": "https://git.kernel.org/stable/c/ab63de24ebea36fe73ac7121738595d704b66d96" }, { "url": "https://git.kernel.org/stable/c/a0a1db40b23e8ff86dea2786c5ea1470bb23ecb9" }, { "url": "https://git.kernel.org/stable/c/049d7989c67e8dd50f07a2096dbafdb41331fb9b" }, { "url": "https://git.kernel.org/stable/c/5ae1e9922bbdbaeb9cfbe91085ab75927488ac0f" } ], "title": "net: ip_tunnel: prevent perpetual headroom growth", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26804", "datePublished": "2024-04-04T08:20:31.305Z", "dateReserved": "2024-02-19T14:20:24.179Z", "dateUpdated": "2024-11-05T09:16:08.237Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26748
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
usb: cdns3: fix memory double free when handle zero packet
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26748", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-05T17:31:00.230088Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:02.965Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.207Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/aad6132ae6e4809e375431f8defd1521985e44e7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1e204a8e9eb514e22a6567fb340ebb47df3f3a48" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3a2a909942b5335b7ea66366d84261b3ed5f89c8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9a52b694b066f299d8b9800854a8503457a8b64c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/70e8038813f9d3e72df966748ebbc40efe466019" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/92d20406a3d4ff3e8be667c79209dc9ed31df5b3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5fd9e45f1ebcd57181358af28506e8a661a260b3" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/usb/cdns3/cdns3-gadget.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "aad6132ae6e4", "status": "affected", "version": "7733f6c32e36", "versionType": "git" }, { "lessThan": "1e204a8e9eb5", "status": "affected", "version": "7733f6c32e36", "versionType": "git" }, { "lessThan": "3a2a909942b5", "status": "affected", "version": "7733f6c32e36", "versionType": "git" }, { "lessThan": "9a52b694b066", "status": "affected", "version": "7733f6c32e36", "versionType": "git" }, { "lessThan": "70e8038813f9", "status": "affected", "version": "7733f6c32e36", "versionType": "git" }, { "lessThan": "92d20406a3d4", "status": "affected", "version": "7733f6c32e36", "versionType": "git" }, { "lessThan": "5fd9e45f1ebc", "status": "affected", "version": "7733f6c32e36", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/usb/cdns3/cdns3-gadget.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.4" }, { "lessThan": "5.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: cdns3: fix memory double free when handle zero packet\n\n829 if (request-\u003ecomplete) {\n830 spin_unlock(\u0026priv_dev-\u003elock);\n831 usb_gadget_giveback_request(\u0026priv_ep-\u003eendpoint,\n832 request);\n833 spin_lock(\u0026priv_dev-\u003elock);\n834 }\n835\n836 if (request-\u003ebuf == priv_dev-\u003ezlp_buf)\n837 cdns3_gadget_ep_free_request(\u0026priv_ep-\u003eendpoint, request);\n\nDriver append an additional zero packet request when queue a packet, which\nlength mod max packet size is 0. When transfer complete, run to line 831,\nusb_gadget_giveback_request() will free this requestion. 836 condition is\ntrue, so cdns3_gadget_ep_free_request() free this request again.\n\nLog:\n\n[ 1920.140696][ T150] BUG: KFENCE: use-after-free read in cdns3_gadget_giveback+0x134/0x2c0 [cdns3]\n[ 1920.140696][ T150]\n[ 1920.151837][ T150] Use-after-free read at 0x000000003d1cd10b (in kfence-#36):\n[ 1920.159082][ T150] cdns3_gadget_giveback+0x134/0x2c0 [cdns3]\n[ 1920.164988][ T150] cdns3_transfer_completed+0x438/0x5f8 [cdns3]\n\nAdd check at line 829, skip call usb_gadget_giveback_request() if it is\nadditional zero length packet request. Needn\u0027t call\nusb_gadget_giveback_request() because it is allocated in this driver." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:01.394Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/aad6132ae6e4809e375431f8defd1521985e44e7" }, { "url": "https://git.kernel.org/stable/c/1e204a8e9eb514e22a6567fb340ebb47df3f3a48" }, { "url": "https://git.kernel.org/stable/c/3a2a909942b5335b7ea66366d84261b3ed5f89c8" }, { "url": "https://git.kernel.org/stable/c/9a52b694b066f299d8b9800854a8503457a8b64c" }, { "url": "https://git.kernel.org/stable/c/70e8038813f9d3e72df966748ebbc40efe466019" }, { "url": "https://git.kernel.org/stable/c/92d20406a3d4ff3e8be667c79209dc9ed31df5b3" }, { "url": "https://git.kernel.org/stable/c/5fd9e45f1ebcd57181358af28506e8a661a260b3" } ], "title": "usb: cdns3: fix memory double free when handle zero packet", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26748", "datePublished": "2024-04-03T17:00:35.087Z", "dateReserved": "2024-02-19T14:20:24.168Z", "dateUpdated": "2024-11-05T09:15:01.394Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26759
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
mm/swap: fix race when skipping swapcache
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26759", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-08T14:03:53.009974Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:35.865Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.279Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2dedda77d4493f3e92e414b272bfa60f1f51ed95" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/305152314df82b22cf9b181f3dc5fc411002079a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d183a4631acfc7af955c02a02e739cec15f5234d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/13ddaf26be324a7f951891ecd9ccd04466d27458" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "include/linux/swap.h", "mm/memory.c", "mm/swap.h", "mm/swapfile.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "2dedda77d449", "status": "affected", "version": "0bcac06f27d7", "versionType": "git" }, { "lessThan": "305152314df8", "status": "affected", "version": "0bcac06f27d7", "versionType": "git" }, { "lessThan": "d183a4631acf", "status": "affected", "version": "0bcac06f27d7", "versionType": "git" }, { "lessThan": "13ddaf26be32", "status": "affected", "version": "0bcac06f27d7", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "include/linux/swap.h", "mm/memory.c", "mm/swap.h", "mm/swapfile.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.15" }, { "lessThan": "4.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/swap: fix race when skipping swapcache\n\nWhen skipping swapcache for SWP_SYNCHRONOUS_IO, if two or more threads\nswapin the same entry at the same time, they get different pages (A, B). \nBefore one thread (T0) finishes the swapin and installs page (A) to the\nPTE, another thread (T1) could finish swapin of page (B), swap_free the\nentry, then swap out the possibly modified page reusing the same entry. \nIt breaks the pte_same check in (T0) because PTE value is unchanged,\ncausing ABA problem. Thread (T0) will install a stalled page (A) into the\nPTE and cause data corruption.\n\nOne possible callstack is like this:\n\nCPU0 CPU1\n---- ----\ndo_swap_page() do_swap_page() with same entry\n\u003cdirect swapin path\u003e \u003cdirect swapin path\u003e\n\u003calloc page A\u003e \u003calloc page B\u003e\nswap_read_folio() \u003c- read to page A swap_read_folio() \u003c- read to page B\n\u003cslow on later locks or interrupt\u003e \u003cfinished swapin first\u003e\n... set_pte_at()\n swap_free() \u003c- entry is free\n \u003cwrite to page B, now page A stalled\u003e\n \u003cswap out page B to same swap entry\u003e\npte_same() \u003c- Check pass, PTE seems\n unchanged, but page A\n is stalled!\nswap_free() \u003c- page B content lost!\nset_pte_at() \u003c- staled page A installed!\n\nAnd besides, for ZRAM, swap_free() allows the swap device to discard the\nentry content, so even if page (B) is not modified, if swap_read_folio()\non CPU0 happens later than swap_free() on CPU1, it may also cause data\nloss.\n\nTo fix this, reuse swapcache_prepare which will pin the swap entry using\nthe cache flag, and allow only one thread to swap it in, also prevent any\nparallel code from putting the entry in the cache. Release the pin after\nPT unlocked.\n\nRacers just loop and wait since it\u0027s a rare and very short event. A\nschedule_timeout_uninterruptible(1) call is added to avoid repeated page\nfaults wasting too much CPU, causing livelock or adding too much noise to\nperf statistics. A similar livelock issue was described in commit\n029c4628b2eb (\"mm: swap: get rid of livelock in swapin readahead\")\n\nReproducer:\n\nThis race issue can be triggered easily using a well constructed\nreproducer and patched brd (with a delay in read path) [1]:\n\nWith latest 6.8 mainline, race caused data loss can be observed easily:\n$ gcc -g -lpthread test-thread-swap-race.c \u0026\u0026 ./a.out\n Polulating 32MB of memory region...\n Keep swapping out...\n Starting round 0...\n Spawning 65536 workers...\n 32746 workers spawned, wait for done...\n Round 0: Error on 0x5aa00, expected 32746, got 32743, 3 data loss!\n Round 0: Error on 0x395200, expected 32746, got 32743, 3 data loss!\n Round 0: Error on 0x3fd000, expected 32746, got 32737, 9 data loss!\n Round 0 Failed, 15 data loss!\n\nThis reproducer spawns multiple threads sharing the same memory region\nusing a small swap device. Every two threads updates mapped pages one by\none in opposite direction trying to create a race, with one dedicated\nthread keep swapping out the data out using madvise.\n\nThe reproducer created a reproduce rate of about once every 5 minutes, so\nthe race should be totally possible in production.\n\nAfter this patch, I ran the reproducer for over a few hundred rounds and\nno data loss observed.\n\nPerformance overhead is minimal, microbenchmark swapin 10G from 32G\nzram:\n\nBefore: 10934698 us\nAfter: 11157121 us\nCached: 13155355 us (Dropping SWP_SYNCHRONOUS_IO flag)\n\n[kasong@tencent.com: v4]\n Link: https://lkml.kernel.org/r/20240219082040.7495-1-ryncsn@gmail.com" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:13.980Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/2dedda77d4493f3e92e414b272bfa60f1f51ed95" }, { "url": "https://git.kernel.org/stable/c/305152314df82b22cf9b181f3dc5fc411002079a" }, { "url": "https://git.kernel.org/stable/c/d183a4631acfc7af955c02a02e739cec15f5234d" }, { "url": "https://git.kernel.org/stable/c/13ddaf26be324a7f951891ecd9ccd04466d27458" } ], "title": "mm/swap: fix race when skipping swapcache", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26759", "datePublished": "2024-04-03T17:00:43.288Z", "dateReserved": "2024-02-19T14:20:24.170Z", "dateUpdated": "2024-11-05T09:15:13.980Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26788
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
dmaengine: fsl-qdma: init irq after reg initialization
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26788", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T15:30:20.690408Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:46.809Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.469Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9579a21e99fe8dab22a253050ddff28d340d74e1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a69c8bbb946936ac4eb6a6ae1e849435aa8d947d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/677102a930643c31f1b4c512b041407058bdfef8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/87a39071e0b639f45e05d296cc0538eef44ec0bd" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/dma/fsl-qdma.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "3cc5fb824c21", "status": "affected", "version": "b092529e0aa0", "versionType": "git" }, { "lessThan": "9579a21e99fe", "status": "affected", "version": "b092529e0aa0", "versionType": "git" }, { "lessThan": "4529c084a320", "status": "affected", "version": "b092529e0aa0", "versionType": "git" }, { "lessThan": "474d521da890", "status": "affected", "version": "b092529e0aa0", "versionType": "git" }, { "lessThan": "a69c8bbb9469", "status": "affected", "version": "b092529e0aa0", "versionType": "git" }, { "lessThan": "677102a93064", "status": "affected", "version": "b092529e0aa0", "versionType": "git" }, { "lessThan": "87a39071e0b6", "status": "affected", "version": "b092529e0aa0", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/dma/fsl-qdma.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.1" }, { "lessThan": "5.1", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.271", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.212", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.151", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: fsl-qdma: init irq after reg initialization\n\nInitialize the qDMA irqs after the registers are configured so that\ninterrupts that may have been pending from a primary kernel don\u0027t get\nprocessed by the irq handler before it is ready to and cause panic with\nthe following trace:\n\n Call trace:\n fsl_qdma_queue_handler+0xf8/0x3e8\n __handle_irq_event_percpu+0x78/0x2b0\n handle_irq_event_percpu+0x1c/0x68\n handle_irq_event+0x44/0x78\n handle_fasteoi_irq+0xc8/0x178\n generic_handle_irq+0x24/0x38\n __handle_domain_irq+0x90/0x100\n gic_handle_irq+0x5c/0xb8\n el1_irq+0xb8/0x180\n _raw_spin_unlock_irqrestore+0x14/0x40\n __setup_irq+0x4bc/0x798\n request_threaded_irq+0xd8/0x190\n devm_request_threaded_irq+0x74/0xe8\n fsl_qdma_probe+0x4d4/0xca8\n platform_drv_probe+0x50/0xa0\n really_probe+0xe0/0x3f8\n driver_probe_device+0x64/0x130\n device_driver_attach+0x6c/0x78\n __driver_attach+0xbc/0x158\n bus_for_each_dev+0x5c/0x98\n driver_attach+0x20/0x28\n bus_add_driver+0x158/0x220\n driver_register+0x60/0x110\n __platform_driver_register+0x44/0x50\n fsl_qdma_driver_init+0x18/0x20\n do_one_initcall+0x48/0x258\n kernel_init_freeable+0x1a4/0x23c\n kernel_init+0x10/0xf8\n ret_from_fork+0x10/0x18" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:50.074Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478" }, { "url": "https://git.kernel.org/stable/c/9579a21e99fe8dab22a253050ddff28d340d74e1" }, { "url": "https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b" }, { "url": "https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99" }, { "url": "https://git.kernel.org/stable/c/a69c8bbb946936ac4eb6a6ae1e849435aa8d947d" }, { "url": "https://git.kernel.org/stable/c/677102a930643c31f1b4c512b041407058bdfef8" }, { "url": "https://git.kernel.org/stable/c/87a39071e0b639f45e05d296cc0538eef44ec0bd" } ], "title": "dmaengine: fsl-qdma: init irq after reg initialization", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26788", "datePublished": "2024-04-04T08:20:20.410Z", "dateReserved": "2024-02-19T14:20:24.178Z", "dateUpdated": "2024-11-05T09:15:50.074Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26803
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:16
Severity ?
EPSS score ?
Summary
net: veth: clear GRO when clearing XDP even when down
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.524Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f011c103e654d83dc85f057a7d1bd0960d02831c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7985d73961bbb4e726c1be7b9cd26becc7be8325" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/16edf51f33f52dff70ed455bc40a6cc443c04664" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8f7a3894e58e6f5d5815533cfde60e3838947941" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fe9f801355f0b47668419f30f1fac1cf4539e736" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26803", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:50:46.385244Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:47.163Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/veth.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f011c103e654", "status": "affected", "version": "d3256efd8e8b", "versionType": "git" }, { "lessThan": "7985d73961bb", "status": "affected", "version": "d3256efd8e8b", "versionType": "git" }, { "lessThan": "16edf51f33f5", "status": "affected", "version": "d3256efd8e8b", "versionType": "git" }, { "lessThan": "8f7a3894e58e", "status": "affected", "version": "d3256efd8e8b", "versionType": "git" }, { "lessThan": "fe9f801355f0", "status": "affected", "version": "d3256efd8e8b", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/veth.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.13" }, { "lessThan": "5.13", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.151", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: veth: clear GRO when clearing XDP even when down\n\nveth sets NETIF_F_GRO automatically when XDP is enabled,\nbecause both features use the same NAPI machinery.\n\nThe logic to clear NETIF_F_GRO sits in veth_disable_xdp() which\nis called both on ndo_stop and when XDP is turned off.\nTo avoid the flag from being cleared when the device is brought\ndown, the clearing is skipped when IFF_UP is not set.\nBringing the device down should indeed not modify its features.\n\nUnfortunately, this means that clearing is also skipped when\nXDP is disabled _while_ the device is down. And there\u0027s nothing\non the open path to bring the device features back into sync.\nIOW if user enables XDP, disables it and then brings the device\nup we\u0027ll end up with a stray GRO flag set but no NAPI instances.\n\nWe don\u0027t depend on the GRO flag on the datapath, so the datapath\nwon\u0027t crash. We will crash (or hang), however, next time features\nare sync\u0027ed (either by user via ethtool or peer changing its config).\nThe GRO flag will go away, and veth will try to disable the NAPIs.\nBut the open path never created them since XDP was off, the GRO flag\nwas a stray. If NAPI was initialized before we\u0027ll hang in napi_disable().\nIf it never was we\u0027ll crash trying to stop uninitialized hrtimer.\n\nMove the GRO flag updates to the XDP enable / disable paths,\ninstead of mixing them with the ndo_open / ndo_close paths." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:16:07.141Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f011c103e654d83dc85f057a7d1bd0960d02831c" }, { "url": "https://git.kernel.org/stable/c/7985d73961bbb4e726c1be7b9cd26becc7be8325" }, { "url": "https://git.kernel.org/stable/c/16edf51f33f52dff70ed455bc40a6cc443c04664" }, { "url": "https://git.kernel.org/stable/c/8f7a3894e58e6f5d5815533cfde60e3838947941" }, { "url": "https://git.kernel.org/stable/c/fe9f801355f0b47668419f30f1fac1cf4539e736" } ], "title": "net: veth: clear GRO when clearing XDP even when down", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26803", "datePublished": "2024-04-04T08:20:30.656Z", "dateReserved": "2024-02-19T14:20:24.179Z", "dateUpdated": "2024-11-05T09:16:07.141Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26717
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
HID: i2c-hid-of: fix NULL-deref on failed power up
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.683Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/62f5d219edbd174829aa18d4b3d97cd5fefbb783" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4cad91344a62536a2949873bad6365fbb6232776" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e28d6b63aeecbda450935fb58db0e682ea8212d3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/00aab7dcb2267f2aef59447602f34501efe1a07f" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26717", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:26.621999Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:24.749Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/hid/i2c-hid/i2c-hid-of.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "62f5d219edbd", "status": "affected", "version": "b33752c30023", "versionType": "git" }, { "lessThan": "d7d7a0e3b6f5", "status": "affected", "version": "b33752c30023", "versionType": "git" }, { "lessThan": "4cad91344a62", "status": "affected", "version": "b33752c30023", "versionType": "git" }, { "lessThan": "e28d6b63aeec", "status": "affected", "version": "b33752c30023", "versionType": "git" }, { "lessThan": "00aab7dcb226", "status": "affected", "version": "b33752c30023", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/hid/i2c-hid/i2c-hid-of.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.12" }, { "lessThan": "5.12", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: i2c-hid-of: fix NULL-deref on failed power up\n\nA while back the I2C HID implementation was split in an ACPI and OF\npart, but the new OF driver never initialises the client pointer which\nis dereferenced on power-up failures." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:26.560Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/62f5d219edbd174829aa18d4b3d97cd5fefbb783" }, { "url": "https://git.kernel.org/stable/c/d7d7a0e3b6f5adc45f23667cbb919e99093a5b5c" }, { "url": "https://git.kernel.org/stable/c/4cad91344a62536a2949873bad6365fbb6232776" }, { "url": "https://git.kernel.org/stable/c/e28d6b63aeecbda450935fb58db0e682ea8212d3" }, { "url": "https://git.kernel.org/stable/c/00aab7dcb2267f2aef59447602f34501efe1a07f" } ], "title": "HID: i2c-hid-of: fix NULL-deref on failed power up", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26717", "datePublished": "2024-04-03T14:55:18.063Z", "dateReserved": "2024-02-19T14:20:24.161Z", "dateUpdated": "2024-11-05T09:14:26.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26789
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
crypto: arm64/neonbs - fix out-of-bounds access on short input
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26789", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T15:13:15.619626Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-01T14:46:58.156Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.508Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/034e2d70b5c7f578200ad09955aeb2aa65d1164a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1291d278b5574819a7266568ce4c28bce9438705" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9e8ecd4908b53941ab6f0f51584ab80c6c6606c4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1c0cf6d19690141002889d72622b90fc01562ce4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/arm64/crypto/aes-neonbs-glue.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "034e2d70b5c7", "status": "affected", "version": "fc074e130051", "versionType": "git" }, { "lessThan": "1291d278b557", "status": "affected", "version": "fc074e130051", "versionType": "git" }, { "lessThan": "9e8ecd4908b5", "status": "affected", "version": "fc074e130051", "versionType": "git" }, { "lessThan": "1c0cf6d19690", "status": "affected", "version": "fc074e130051", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/arm64/crypto/aes-neonbs-glue.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.18" }, { "lessThan": "5.18", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: arm64/neonbs - fix out-of-bounds access on short input\n\nThe bit-sliced implementation of AES-CTR operates on blocks of 128\nbytes, and will fall back to the plain NEON version for tail blocks or\ninputs that are shorter than 128 bytes to begin with.\n\nIt will call straight into the plain NEON asm helper, which performs all\nmemory accesses in granules of 16 bytes (the size of a NEON register).\nFor this reason, the associated plain NEON glue code will copy inputs\nshorter than 16 bytes into a temporary buffer, given that this is a rare\noccurrence and it is not worth the effort to work around this in the asm\ncode.\n\nThe fallback from the bit-sliced NEON version fails to take this into\naccount, potentially resulting in out-of-bounds accesses. So clone the\nsame workaround, and use a temp buffer for short in/outputs." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:51.189Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/034e2d70b5c7f578200ad09955aeb2aa65d1164a" }, { "url": "https://git.kernel.org/stable/c/1291d278b5574819a7266568ce4c28bce9438705" }, { "url": "https://git.kernel.org/stable/c/9e8ecd4908b53941ab6f0f51584ab80c6c6606c4" }, { "url": "https://git.kernel.org/stable/c/1c0cf6d19690141002889d72622b90fc01562ce4" } ], "title": "crypto: arm64/neonbs - fix out-of-bounds access on short input", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26789", "datePublished": "2024-04-04T08:20:21.077Z", "dateReserved": "2024-02-19T14:20:24.178Z", "dateUpdated": "2024-11-05T09:15:51.189Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26698
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26698", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:03:45.740958Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:08.824Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.951Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9ec807e7b6f5fcf9499f3baa69f254bb239a847f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7656372ae190e54e8c8cf1039725a5ea59fdf84a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/48a8ccccffbae10c91d31fc872db5c31aba07518" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/22a77c0f5b8233237731df3288d067af51a2fd7b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0e8875de9dad12805ff66e92cd5edea6a421f1cd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e0526ec5360a48ad3ab2e26e802b0532302a7e11" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/hyperv/netvsc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "9ec807e7b6f5", "status": "affected", "version": "ac5047671758", "versionType": "git" }, { "lessThan": "7656372ae190", "status": "affected", "version": "ac5047671758", "versionType": "git" }, { "lessThan": "48a8ccccffba", "status": "affected", "version": "ac5047671758", "versionType": "git" }, { "lessThan": "22a77c0f5b82", "status": "affected", "version": "ac5047671758", "versionType": "git" }, { "lessThan": "0e8875de9dad", "status": "affected", "version": "ac5047671758", "versionType": "git" }, { "lessThan": "e0526ec5360a", "status": "affected", "version": "ac5047671758", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/hyperv/netvsc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.8" }, { "lessThan": "5.8", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Fix race condition between netvsc_probe and netvsc_remove\n\nIn commit ac5047671758 (\"hv_netvsc: Disable NAPI before closing the\nVMBus channel\"), napi_disable was getting called for all channels,\nincluding all subchannels without confirming if they are enabled or not.\n\nThis caused hv_netvsc getting hung at napi_disable, when netvsc_probe()\nhas finished running but nvdev-\u003esubchan_work has not started yet.\nnetvsc_subchan_work() -\u003e rndis_set_subchannel() has not created the\nsub-channels and because of that netvsc_sc_open() is not running.\nnetvsc_remove() calls cancel_work_sync(\u0026nvdev-\u003esubchan_work), for which\nnetvsc_subchan_work did not run.\n\nnetif_napi_add() sets the bit NAPI_STATE_SCHED because it ensures NAPI\ncannot be scheduled. Then netvsc_sc_open() -\u003e napi_enable will clear the\nNAPIF_STATE_SCHED bit, so it can be scheduled. napi_disable() does the\nopposite.\n\nNow during netvsc_device_remove(), when napi_disable is called for those\nsubchannels, napi_disable gets stuck on infinite msleep.\n\nThis fix addresses this problem by ensuring that napi_disable() is not\ngetting called for non-enabled NAPI struct.\nBut netif_napi_del() is still necessary for these non-enabled NAPI struct\nfor cleanup purpose.\n\nCall trace:\n[ 654.559417] task:modprobe state:D stack: 0 pid: 2321 ppid: 1091 flags:0x00004002\n[ 654.568030] Call Trace:\n[ 654.571221] \u003cTASK\u003e\n[ 654.573790] __schedule+0x2d6/0x960\n[ 654.577733] schedule+0x69/0xf0\n[ 654.581214] schedule_timeout+0x87/0x140\n[ 654.585463] ? __bpf_trace_tick_stop+0x20/0x20\n[ 654.590291] msleep+0x2d/0x40\n[ 654.593625] napi_disable+0x2b/0x80\n[ 654.597437] netvsc_device_remove+0x8a/0x1f0 [hv_netvsc]\n[ 654.603935] rndis_filter_device_remove+0x194/0x1c0 [hv_netvsc]\n[ 654.611101] ? do_wait_intr+0xb0/0xb0\n[ 654.615753] netvsc_remove+0x7c/0x120 [hv_netvsc]\n[ 654.621675] vmbus_remove+0x27/0x40 [hv_vmbus]" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:06.556Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/9ec807e7b6f5fcf9499f3baa69f254bb239a847f" }, { "url": "https://git.kernel.org/stable/c/7656372ae190e54e8c8cf1039725a5ea59fdf84a" }, { "url": "https://git.kernel.org/stable/c/48a8ccccffbae10c91d31fc872db5c31aba07518" }, { "url": "https://git.kernel.org/stable/c/22a77c0f5b8233237731df3288d067af51a2fd7b" }, { "url": "https://git.kernel.org/stable/c/0e8875de9dad12805ff66e92cd5edea6a421f1cd" }, { "url": "https://git.kernel.org/stable/c/e0526ec5360a48ad3ab2e26e802b0532302a7e11" } ], "title": "hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26698", "datePublished": "2024-04-03T14:54:58.577Z", "dateReserved": "2024-02-19T14:20:24.157Z", "dateUpdated": "2024-11-05T09:14:06.556Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26754
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.216Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f0ecdfa679189d26aedfe24212d4e69e42c2c861" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f8cbd1791900b5d96466eede8e9439a5b9ca4de7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2e534fd15e5c2ca15821c897352cf0e8a3e30dca" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a576308800be28f2eaa099e7caad093b97d66e77" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3963f16cc7643b461271989b712329520374ad2a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ba6b8b02a3314e62571a540efa96560888c5f03e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5013bd54d283eda5262c9ae3bcc966d01daf8576" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/136cfaca22567a03bbb3bf53a43d8cb5748b80ec" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26754", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:37.587111Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:15.622Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/gtp.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f0ecdfa67918", "status": "affected", "version": "459aa660eb1d", "versionType": "git" }, { "lessThan": "f8cbd1791900", "status": "affected", "version": "459aa660eb1d", "versionType": "git" }, { "lessThan": "2e534fd15e5c", "status": "affected", "version": "459aa660eb1d", "versionType": "git" }, { "lessThan": "a576308800be", "status": "affected", "version": "459aa660eb1d", "versionType": "git" }, { "lessThan": "3963f16cc764", "status": "affected", "version": "459aa660eb1d", "versionType": "git" }, { "lessThan": "ba6b8b02a331", "status": "affected", "version": "459aa660eb1d", "versionType": "git" }, { "lessThan": "5013bd54d283", "status": "affected", "version": "459aa660eb1d", "versionType": "git" }, { "lessThan": "136cfaca2256", "status": "affected", "version": "459aa660eb1d", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/gtp.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.7" }, { "lessThan": "4.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.308", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()\n\nThe gtp_net_ops pernet operations structure for the subsystem must be\nregistered before registering the generic netlink family.\n\nSyzkaller hit \u0027general protection fault in gtp_genl_dump_pdp\u0027 bug:\n\ngeneral protection fault, probably for non-canonical address\n0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN NOPTI\nKASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\nCPU: 1 PID: 5826 Comm: gtp Not tainted 6.8.0-rc3-std-def-alt1 #1\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.0-alt1 04/01/2014\nRIP: 0010:gtp_genl_dump_pdp+0x1be/0x800 [gtp]\nCode: c6 89 c6 e8 64 e9 86 df 58 45 85 f6 0f 85 4e 04 00 00 e8 c5 ee 86\n df 48 8b 54 24 18 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 \u003c80\u003e\n 3c 02 00 0f 85 de 05 00 00 48 8b 44 24 18 4c 8b 30 4c 39 f0 74\nRSP: 0018:ffff888014107220 EFLAGS: 00010202\nRAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000\nRDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff88800fcda588 R14: 0000000000000001 R15: 0000000000000000\nFS: 00007f1be4eb05c0(0000) GS:ffff88806ce80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1be4e766cf CR3: 000000000c33e000 CR4: 0000000000750ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? show_regs+0x90/0xa0\n ? die_addr+0x50/0xd0\n ? exc_general_protection+0x148/0x220\n ? asm_exc_general_protection+0x22/0x30\n ? gtp_genl_dump_pdp+0x1be/0x800 [gtp]\n ? __alloc_skb+0x1dd/0x350\n ? __pfx___alloc_skb+0x10/0x10\n genl_dumpit+0x11d/0x230\n netlink_dump+0x5b9/0xce0\n ? lockdep_hardirqs_on_prepare+0x253/0x430\n ? __pfx_netlink_dump+0x10/0x10\n ? kasan_save_track+0x10/0x40\n ? __kasan_kmalloc+0x9b/0xa0\n ? genl_start+0x675/0x970\n __netlink_dump_start+0x6fc/0x9f0\n genl_family_rcv_msg_dumpit+0x1bb/0x2d0\n ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10\n ? genl_op_from_small+0x2a/0x440\n ? cap_capable+0x1d0/0x240\n ? __pfx_genl_start+0x10/0x10\n ? __pfx_genl_dumpit+0x10/0x10\n ? __pfx_genl_done+0x10/0x10\n ? security_capable+0x9d/0xe0" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:08.118Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f0ecdfa679189d26aedfe24212d4e69e42c2c861" }, { "url": "https://git.kernel.org/stable/c/f8cbd1791900b5d96466eede8e9439a5b9ca4de7" }, { "url": "https://git.kernel.org/stable/c/2e534fd15e5c2ca15821c897352cf0e8a3e30dca" }, { "url": "https://git.kernel.org/stable/c/a576308800be28f2eaa099e7caad093b97d66e77" }, { "url": "https://git.kernel.org/stable/c/3963f16cc7643b461271989b712329520374ad2a" }, { "url": "https://git.kernel.org/stable/c/ba6b8b02a3314e62571a540efa96560888c5f03e" }, { "url": "https://git.kernel.org/stable/c/5013bd54d283eda5262c9ae3bcc966d01daf8576" }, { "url": "https://git.kernel.org/stable/c/136cfaca22567a03bbb3bf53a43d8cb5748b80ec" } ], "title": "gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26754", "datePublished": "2024-04-03T17:00:39.079Z", "dateReserved": "2024-02-19T14:20:24.170Z", "dateUpdated": "2024-11-05T09:15:08.118Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26708
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
mptcp: really cope with fastopen race
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26708", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:54:23.010833Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-04T21:56:45.799Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.552Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4bfe217e075d04e63c092df9d40c608e598c2ef2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e158fb9679d15a2317ec13b4f6301bd26265df2f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/337cebbd850f94147cee05252778f8f78b8c337f" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/mptcp/protocol.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "4bfe217e075d", "status": "affected", "version": "1e777f39b4d7", "versionType": "git" }, { "lessThan": "e158fb9679d1", "status": "affected", "version": "1e777f39b4d7", "versionType": "git" }, { "lessThan": "337cebbd850f", "status": "affected", "version": "1e777f39b4d7", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/mptcp/protocol.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.2" }, { "lessThan": "6.2", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: really cope with fastopen race\n\nFastopen and PM-trigger subflow shutdown can race, as reported by\nsyzkaller.\n\nIn my first attempt to close such race, I missed the fact that\nthe subflow status can change again before the subflow_state_change\ncallback is invoked.\n\nAddress the issue additionally copying with all the states directly\nreachable from TCP_FIN_WAIT1." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:16.566Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/4bfe217e075d04e63c092df9d40c608e598c2ef2" }, { "url": "https://git.kernel.org/stable/c/e158fb9679d15a2317ec13b4f6301bd26265df2f" }, { "url": "https://git.kernel.org/stable/c/337cebbd850f94147cee05252778f8f78b8c337f" } ], "title": "mptcp: really cope with fastopen race", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26708", "datePublished": "2024-04-03T14:55:11.054Z", "dateReserved": "2024-02-19T14:20:24.158Z", "dateUpdated": "2024-11-05T09:14:16.566Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26779
Vulnerability from cvelistv5
Published
2024-04-03 17:01
Modified
2024-11-06 21:39
Severity ?
EPSS score ?
Summary
wifi: mac80211: fix race condition on enabling fast-xmit
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26779", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T19:22:50.891620Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-06T21:39:37.576Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.469Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/76fad1174a0cae6fc857b9f88b261a2e4f07d587" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/85720b69aef177318f4a18efbcc4302228a340e5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5ffab99e070b9f8ae0cf60c3c3602b84eee818dd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/88c18fd06608b3adee547102505d715f21075c9d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/eb39bb548bf974acad7bd6780fe11f9e6652d696" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/54b79d8786964e2f840e8a2ec4a9f9a50f3d4954" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/281280276b70c822f55ce15b661f6d1d3228aaa9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/mac80211/sta_info.c", "net/mac80211/tx.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "76fad1174a0c", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "85720b69aef1", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "5ffab99e070b", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "88c18fd06608", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "eb39bb548bf9", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "54b79d878696", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "281280276b70", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "bcbc84af1183", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/mac80211/sta_info.c", "net/mac80211/tx.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.308", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: fix race condition on enabling fast-xmit\n\nfast-xmit must only be enabled after the sta has been uploaded to the driver,\notherwise it could end up passing the not-yet-uploaded sta via drv_tx calls\nto the driver, leading to potential crashes because of uninitialized drv_priv\ndata.\nAdd a missing sta-\u003euploaded check and re-check fast xmit after inserting a sta." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:39.965Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/76fad1174a0cae6fc857b9f88b261a2e4f07d587" }, { "url": "https://git.kernel.org/stable/c/85720b69aef177318f4a18efbcc4302228a340e5" }, { "url": "https://git.kernel.org/stable/c/5ffab99e070b9f8ae0cf60c3c3602b84eee818dd" }, { "url": "https://git.kernel.org/stable/c/88c18fd06608b3adee547102505d715f21075c9d" }, { "url": "https://git.kernel.org/stable/c/eb39bb548bf974acad7bd6780fe11f9e6652d696" }, { "url": "https://git.kernel.org/stable/c/54b79d8786964e2f840e8a2ec4a9f9a50f3d4954" }, { "url": "https://git.kernel.org/stable/c/281280276b70c822f55ce15b661f6d1d3228aaa9" }, { "url": "https://git.kernel.org/stable/c/bcbc84af1183c8cf3d1ca9b78540c2185cd85e7f" } ], "title": "wifi: mac80211: fix race condition on enabling fast-xmit", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26779", "datePublished": "2024-04-03T17:01:09.807Z", "dateReserved": "2024-02-19T14:20:24.177Z", "dateUpdated": "2024-11-06T21:39:37.576Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26705
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
parisc: BTLB: Fix crash when setting up BTLB at CPU bringup
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26705", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T17:48:41.158959Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:58.261Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.680Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/54944f45470af5965fb9c28cf962ec30f38a8f5b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/aa52be55276614d33f22fbe7da36c40d6432d10b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/913b9d443a0180cf0de3548f1ab3149378998486" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/parisc/kernel/cache.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "54944f45470a", "status": "affected", "version": "e5ef93d02d6c", "versionType": "git" }, { "lessThan": "aa52be552766", "status": "affected", "version": "e5ef93d02d6c", "versionType": "git" }, { "lessThan": "913b9d443a01", "status": "affected", "version": "e5ef93d02d6c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/parisc/kernel/cache.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.6" }, { "lessThan": "6.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: BTLB: Fix crash when setting up BTLB at CPU bringup\n\nWhen using hotplug and bringing up a 32-bit CPU, ask the firmware about the\nBTLB information to set up the static (block) TLB entries.\n\nFor that write access to the static btlb_info struct is needed, but\nsince it is marked __ro_after_init the kernel segfaults with missing\nwrite permissions.\n\nFix the crash by dropping the __ro_after_init annotation." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:13.211Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/54944f45470af5965fb9c28cf962ec30f38a8f5b" }, { "url": "https://git.kernel.org/stable/c/aa52be55276614d33f22fbe7da36c40d6432d10b" }, { "url": "https://git.kernel.org/stable/c/913b9d443a0180cf0de3548f1ab3149378998486" } ], "title": "parisc: BTLB: Fix crash when setting up BTLB at CPU bringup", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26705", "datePublished": "2024-04-03T14:55:08.733Z", "dateReserved": "2024-02-19T14:20:24.158Z", "dateUpdated": "2024-11-05T09:14:13.211Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26782
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
mptcp: fix double-free on socket dismantle
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.370Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f74362a004225df935863dea6eb7d82daaa5b16e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4a4eeb6912538c2d0b158e8d11b62d96c1dada4e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d93fd40c62397326046902a2c5cb75af50882a85" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ce0809ada38dca8d6d41bb57ab40494855c30582" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/85933e80d077c9ae2227226beb86c22f464059cc" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/10048689def7e40a4405acda16fdc6477d4ecc5c" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26782", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:05.325955Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:51.835Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/mptcp/protocol.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f74362a00422", "status": "affected", "version": "cf7da0d66cc1", "versionType": "git" }, { "lessThan": "4a4eeb691253", "status": "affected", "version": "cf7da0d66cc1", "versionType": "git" }, { "lessThan": "d93fd40c6239", "status": "affected", "version": "cf7da0d66cc1", "versionType": "git" }, { "lessThan": "ce0809ada38d", "status": "affected", "version": "cf7da0d66cc1", "versionType": "git" }, { "lessThan": "85933e80d077", "status": "affected", "version": "cf7da0d66cc1", "versionType": "git" }, { "lessThan": "10048689def7", "status": "affected", "version": "cf7da0d66cc1", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/mptcp/protocol.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.6" }, { "lessThan": "5.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.212", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.151", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix double-free on socket dismantle\n\nwhen MPTCP server accepts an incoming connection, it clones its listener\nsocket. However, the pointer to \u0027inet_opt\u0027 for the new socket has the same\nvalue as the original one: as a consequence, on program exit it\u0027s possible\nto observe the following splat:\n\n BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0\n Free of addr ffff888485950880 by task swapper/25/0\n\n CPU: 25 PID: 0 Comm: swapper/25 Kdump: loaded Not tainted 6.8.0-rc1+ #609\n Hardware name: Supermicro SYS-6027R-72RF/X9DRH-7TF/7F/iTF/iF, BIOS 3.0 07/26/2013\n Call Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x32/0x50\n print_report+0xca/0x620\n kasan_report_invalid_free+0x64/0x90\n __kasan_slab_free+0x1aa/0x1f0\n kfree+0xed/0x2e0\n inet_sock_destruct+0x54f/0x8b0\n __sk_destruct+0x48/0x5b0\n rcu_do_batch+0x34e/0xd90\n rcu_core+0x559/0xac0\n __do_softirq+0x183/0x5a4\n irq_exit_rcu+0x12d/0x170\n sysvec_apic_timer_interrupt+0x6b/0x80\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n asm_sysvec_apic_timer_interrupt+0x16/0x20\n RIP: 0010:cpuidle_enter_state+0x175/0x300\n Code: 30 00 0f 84 1f 01 00 00 83 e8 01 83 f8 ff 75 e5 48 83 c4 18 44 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc fb 45 85 ed \u003c0f\u003e 89 60 ff ff ff 48 c1 e5 06 48 c7 43 18 00 00 00 00 48 83 44 2b\n RSP: 0018:ffff888481cf7d90 EFLAGS: 00000202\n RAX: 0000000000000000 RBX: ffff88887facddc8 RCX: 0000000000000000\n RDX: 1ffff1110ff588b1 RSI: 0000000000000019 RDI: ffff88887fac4588\n RBP: 0000000000000004 R08: 0000000000000002 R09: 0000000000043080\n R10: 0009b02ea273363f R11: ffff88887fabf42b R12: ffffffff932592e0\n R13: 0000000000000004 R14: 0000000000000000 R15: 00000022c880ec80\n cpuidle_enter+0x4a/0xa0\n do_idle+0x310/0x410\n cpu_startup_entry+0x51/0x60\n start_secondary+0x211/0x270\n secondary_startup_64_no_verify+0x184/0x18b\n \u003c/TASK\u003e\n\n Allocated by task 6853:\n kasan_save_stack+0x1c/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0xa6/0xb0\n __kmalloc+0x1eb/0x450\n cipso_v4_sock_setattr+0x96/0x360\n netlbl_sock_setattr+0x132/0x1f0\n selinux_netlbl_socket_post_create+0x6c/0x110\n selinux_socket_post_create+0x37b/0x7f0\n security_socket_post_create+0x63/0xb0\n __sock_create+0x305/0x450\n __sys_socket_create.part.23+0xbd/0x130\n __sys_socket+0x37/0xb0\n __x64_sys_socket+0x6f/0xb0\n do_syscall_64+0x83/0x160\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\n Freed by task 6858:\n kasan_save_stack+0x1c/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x3b/0x60\n __kasan_slab_free+0x12c/0x1f0\n kfree+0xed/0x2e0\n inet_sock_destruct+0x54f/0x8b0\n __sk_destruct+0x48/0x5b0\n subflow_ulp_release+0x1f0/0x250\n tcp_cleanup_ulp+0x6e/0x110\n tcp_v4_destroy_sock+0x5a/0x3a0\n inet_csk_destroy_sock+0x135/0x390\n tcp_fin+0x416/0x5c0\n tcp_data_queue+0x1bc8/0x4310\n tcp_rcv_state_process+0x15a3/0x47b0\n tcp_v4_do_rcv+0x2c1/0x990\n tcp_v4_rcv+0x41fb/0x5ed0\n ip_protocol_deliver_rcu+0x6d/0x9f0\n ip_local_deliver_finish+0x278/0x360\n ip_local_deliver+0x182/0x2c0\n ip_rcv+0xb5/0x1c0\n __netif_receive_skb_one_core+0x16e/0x1b0\n process_backlog+0x1e3/0x650\n __napi_poll+0xa6/0x500\n net_rx_action+0x740/0xbb0\n __do_softirq+0x183/0x5a4\n\n The buggy address belongs to the object at ffff888485950880\n which belongs to the cache kmalloc-64 of size 64\n The buggy address is located 0 bytes inside of\n 64-byte region [ffff888485950880, ffff8884859508c0)\n\n The buggy address belongs to the physical page:\n page:0000000056d1e95e refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888485950700 pfn:0x485950\n flags: 0x57ffffc0000800(slab|node=1|zone=2|lastcpupid=0x1fffff)\n page_type: 0xffffffff()\n raw: 0057ffffc0000800 ffff88810004c640 ffffea00121b8ac0 dead000000000006\n raw: ffff888485950700 0000000000200019 00000001ffffffff 0000000000000000\n page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888485950780: fa fb fb\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:43.251Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f74362a004225df935863dea6eb7d82daaa5b16e" }, { "url": "https://git.kernel.org/stable/c/4a4eeb6912538c2d0b158e8d11b62d96c1dada4e" }, { "url": "https://git.kernel.org/stable/c/d93fd40c62397326046902a2c5cb75af50882a85" }, { "url": "https://git.kernel.org/stable/c/ce0809ada38dca8d6d41bb57ab40494855c30582" }, { "url": "https://git.kernel.org/stable/c/85933e80d077c9ae2227226beb86c22f464059cc" }, { "url": "https://git.kernel.org/stable/c/10048689def7e40a4405acda16fdc6477d4ecc5c" } ], "title": "mptcp: fix double-free on socket dismantle", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26782", "datePublished": "2024-04-04T08:20:16.472Z", "dateReserved": "2024-02-19T14:20:24.177Z", "dateUpdated": "2024-11-05T09:15:43.251Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26774
Vulnerability from cvelistv5
Published
2024-04-03 17:01
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.371Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/687061cfaa2ac3095170e136dd9c29a4974f41d4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8b40eb2e716b503f7a4e1090815a17b1341b2150" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f32d2a745b02123258026e105a008f474f896d6a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8cf9cc602cfb40085967c0d140e32691c8b71cf3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/993bf0f4c393b3667830918f9247438a8f6fdb5b" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26774", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:21.311447Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:10.554Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/ext4/mballoc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "687061cfaa2a", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "8b40eb2e716b", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "f32d2a745b02", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "8cf9cc602cfb", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "993bf0f4c393", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/ext4/mballoc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt\n\nDetermine if bb_fragments is 0 instead of determining bb_free to eliminate\nthe risk of dividing by zero when the block bitmap is corrupted." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:33.978Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/687061cfaa2ac3095170e136dd9c29a4974f41d4" }, { "url": "https://git.kernel.org/stable/c/8b40eb2e716b503f7a4e1090815a17b1341b2150" }, { "url": "https://git.kernel.org/stable/c/f32d2a745b02123258026e105a008f474f896d6a" }, { "url": "https://git.kernel.org/stable/c/8cf9cc602cfb40085967c0d140e32691c8b71cf3" }, { "url": "https://git.kernel.org/stable/c/993bf0f4c393b3667830918f9247438a8f6fdb5b" } ], "title": "ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26774", "datePublished": "2024-04-03T17:01:00.618Z", "dateReserved": "2024-02-19T14:20:24.176Z", "dateUpdated": "2024-11-05T09:15:33.978Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26721
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.016Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ff5999fb03f467e1e7159f0ddb199c787f7512b9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/962ac2dce56bb3aad1f82a4bbe3ada57a020287c" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26721", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:16.898186Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:32:52.594Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/i915/display/intel_vdsc_regs.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "ff5999fb03f4", "status": "affected", "version": "bd077259d0a9", "versionType": "git" }, { "lessThan": "962ac2dce56b", "status": "affected", "version": "bd077259d0a9", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/i915/display/intel_vdsc_regs.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.7" }, { "lessThan": "6.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address\n\nCommit bd077259d0a9 (\"drm/i915/vdsc: Add function to read any PPS\nregister\") defines a new macro to calculate the DSC PPS register\naddresses with PPS number as an input. This macro correctly calculates\nthe addresses till PPS 11 since the addresses increment by 4. So in that\ncase the following macro works correctly to give correct register\naddress:\n\n_MMIO(_DSCA_PPS_0 + (pps) * 4)\n\nHowever after PPS 11, the register address for PPS 12 increments by 12\nbecause of RC Buffer memory allocation in between. Because of this\ndiscontinuity in the address space, the macro calculates wrong addresses\nfor PPS 12 - 16 resulting into incorrect DSC PPS parameter value\nread/writes causing DSC corruption.\n\nThis fixes it by correcting this macro to add the offset of 12 for PPS\n\u003e=12.\n\nv3: Add correct paranthesis for pps argument (Jani Nikula)\n\n(cherry picked from commit 6074be620c31dc2ae11af96a1a5ea95580976fb5)" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:31.099Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/ff5999fb03f467e1e7159f0ddb199c787f7512b9" }, { "url": "https://git.kernel.org/stable/c/962ac2dce56bb3aad1f82a4bbe3ada57a020287c" } ], "title": "drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26721", "datePublished": "2024-04-03T14:55:20.995Z", "dateReserved": "2024-02-19T14:20:24.162Z", "dateUpdated": "2024-11-05T09:14:31.099Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26762
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
cxl/pci: Skip to handle RAS errors if CXL.mem device is detached
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26762", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-05T18:38:38.263308Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:18.559Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/21e5e84f3f63fdf44e49642a6e45cd895e921a84" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/eef5c7b28dbecd6b141987a96db6c54e49828102" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/cxl/core/pci.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "21e5e84f3f63", "status": "affected", "version": "6ac07883dbb5", "versionType": "git" }, { "lessThan": "eef5c7b28dbe", "status": "affected", "version": "6ac07883dbb5", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/cxl/core/pci.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.7" }, { "lessThan": "6.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/pci: Skip to handle RAS errors if CXL.mem device is detached\n\nThe PCI AER model is an awkward fit for CXL error handling. While the\nexpectation is that a PCI device can escalate to link reset to recover\nfrom an AER event, the same reset on CXL amounts to a surprise memory\nhotplug of massive amounts of memory.\n\nAt present, the CXL error handler attempts some optimistic error\nhandling to unbind the device from the cxl_mem driver after reaping some\nRAS register values. This results in a \"hopeful\" attempt to unplug the\nmemory, but there is no guarantee that will succeed.\n\nA subsequent AER notification after the memdev unbind event can no\nlonger assume the registers are mapped. Check for memdev bind before\nreaping status register values to avoid crashes of the form:\n\n BUG: unable to handle page fault for address: ffa00000195e9100\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n [...]\n RIP: 0010:__cxl_handle_ras+0x30/0x110 [cxl_core]\n [...]\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x24/0x70\n ? page_fault_oops+0x82/0x160\n ? kernelmode_fixup_or_oops+0x84/0x110\n ? exc_page_fault+0x113/0x170\n ? asm_exc_page_fault+0x26/0x30\n ? __pfx_dpc_reset_link+0x10/0x10\n ? __cxl_handle_ras+0x30/0x110 [cxl_core]\n ? find_cxl_port+0x59/0x80 [cxl_core]\n cxl_handle_rp_ras+0xbc/0xd0 [cxl_core]\n cxl_error_detected+0x6c/0xf0 [cxl_core]\n report_error_detected+0xc7/0x1c0\n pci_walk_bus+0x73/0x90\n pcie_do_recovery+0x23f/0x330\n\nLonger term, the unbind and PCI_ERS_RESULT_DISCONNECT behavior might\nneed to be replaced with a new PCI_ERS_RESULT_PANIC." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:17.351Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/21e5e84f3f63fdf44e49642a6e45cd895e921a84" }, { "url": "https://git.kernel.org/stable/c/eef5c7b28dbecd6b141987a96db6c54e49828102" } ], "title": "cxl/pci: Skip to handle RAS errors if CXL.mem device is detached", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26762", "datePublished": "2024-04-03T17:00:45.655Z", "dateReserved": "2024-02-19T14:20:24.172Z", "dateUpdated": "2024-11-05T09:15:17.351Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26792
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
btrfs: fix double free of anonymous device after snapshot creation failure
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.341Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c34adc20b91a8e55e048b18d63f4f4ae003ecf8f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/eb3441093aad251418921246fc3b224fd1575701" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c8ab7521665bd0f8bc4a900244d1d5a7095cc3b9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e2b54eaf28df0c978626c9736b94f003b523b451" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26792", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:50:55.740284Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:49.282Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/btrfs/disk-io.c", "fs/btrfs/disk-io.h", "fs/btrfs/ioctl.c", "fs/btrfs/transaction.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "c34adc20b91a", "status": "affected", "version": "66b317a2fc45", "versionType": "git" }, { "lessThan": "eb3441093aad", "status": "affected", "version": "833775656d44", "versionType": "git" }, { "lessThan": "c8ab7521665b", "status": "affected", "version": "5a172344bfda", "versionType": "git" }, { "lessThan": "e2b54eaf28df", "status": "affected", "version": "e03ee2fe873e", "versionType": "git" } ] }, { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/btrfs/disk-io.c", "fs/btrfs/disk-io.h", "fs/btrfs/ioctl.c", "fs/btrfs/transaction.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "6.1.81", "status": "affected", "version": "6.1.79", "versionType": "semver" }, { "lessThan": "6.6.21", "status": "affected", "version": "6.6.18", "versionType": "semver" }, { "lessThan": "6.7.9", "status": "affected", "version": "6.7.6", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix double free of anonymous device after snapshot creation failure\n\nWhen creating a snapshot we may do a double free of an anonymous device\nin case there\u0027s an error committing the transaction. The second free may\nresult in freeing an anonymous device number that was allocated by some\nother subsystem in the kernel or another btrfs filesystem.\n\nThe steps that lead to this:\n\n1) At ioctl.c:create_snapshot() we allocate an anonymous device number\n and assign it to pending_snapshot-\u003eanon_dev;\n\n2) Then we call btrfs_commit_transaction() and end up at\n transaction.c:create_pending_snapshot();\n\n3) There we call btrfs_get_new_fs_root() and pass it the anonymous device\n number stored in pending_snapshot-\u003eanon_dev;\n\n4) btrfs_get_new_fs_root() frees that anonymous device number because\n btrfs_lookup_fs_root() returned a root - someone else did a lookup\n of the new root already, which could some task doing backref walking;\n\n5) After that some error happens in the transaction commit path, and at\n ioctl.c:create_snapshot() we jump to the \u0027fail\u0027 label, and after\n that we free again the same anonymous device number, which in the\n meanwhile may have been reallocated somewhere else, because\n pending_snapshot-\u003eanon_dev still has the same value as in step 1.\n\nRecently syzbot ran into this and reported the following trace:\n\n ------------[ cut here ]------------\n ida_free called for id=51 which is not allocated.\n WARNING: CPU: 1 PID: 31038 at lib/idr.c:525 ida_free+0x370/0x420 lib/idr.c:525\n Modules linked in:\n CPU: 1 PID: 31038 Comm: syz-executor.2 Not tainted 6.8.0-rc4-syzkaller-00410-gc02197fc9076 #0\n Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\n RIP: 0010:ida_free+0x370/0x420 lib/idr.c:525\n Code: 10 42 80 3c 28 (...)\n RSP: 0018:ffffc90015a67300 EFLAGS: 00010246\n RAX: be5130472f5dd000 RBX: 0000000000000033 RCX: 0000000000040000\n RDX: ffffc90009a7a000 RSI: 000000000003ffff RDI: 0000000000040000\n RBP: ffffc90015a673f0 R08: ffffffff81577992 R09: 1ffff92002b4cdb4\n R10: dffffc0000000000 R11: fffff52002b4cdb5 R12: 0000000000000246\n R13: dffffc0000000000 R14: ffffffff8e256b80 R15: 0000000000000246\n FS: 00007fca3f4b46c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f167a17b978 CR3: 000000001ed26000 CR4: 0000000000350ef0\n Call Trace:\n \u003cTASK\u003e\n btrfs_get_root_ref+0xa48/0xaf0 fs/btrfs/disk-io.c:1346\n create_pending_snapshot+0xff2/0x2bc0 fs/btrfs/transaction.c:1837\n create_pending_snapshots+0x195/0x1d0 fs/btrfs/transaction.c:1931\n btrfs_commit_transaction+0xf1c/0x3740 fs/btrfs/transaction.c:2404\n create_snapshot+0x507/0x880 fs/btrfs/ioctl.c:848\n btrfs_mksubvol+0x5d0/0x750 fs/btrfs/ioctl.c:998\n btrfs_mksnapshot+0xb5/0xf0 fs/btrfs/ioctl.c:1044\n __btrfs_ioctl_snap_create+0x387/0x4b0 fs/btrfs/ioctl.c:1306\n btrfs_ioctl_snap_create_v2+0x1ca/0x400 fs/btrfs/ioctl.c:1393\n btrfs_ioctl+0xa74/0xd40\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:871 [inline]\n __se_sys_ioctl+0xfe/0x170 fs/ioctl.c:857\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n RIP: 0033:0x7fca3e67dda9\n Code: 28 00 00 00 (...)\n RSP: 002b:00007fca3f4b40c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 00007fca3e7abf80 RCX: 00007fca3e67dda9\n RDX: 00000000200005c0 RSI: 0000000050009417 RDI: 0000000000000003\n RBP: 00007fca3e6ca47a R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 000000000000000b R14: 00007fca3e7abf80 R15: 00007fff6bf95658\n \u003c/TASK\u003e\n\nWhere we get an explicit message where we attempt to free an anonymous\ndevice number that is not currently allocated. It happens in a different\ncode path from the example below, at btrfs_get_root_ref(), so this change\nmay not fix the case triggered by sy\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:54.697Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/c34adc20b91a8e55e048b18d63f4f4ae003ecf8f" }, { "url": "https://git.kernel.org/stable/c/eb3441093aad251418921246fc3b224fd1575701" }, { "url": "https://git.kernel.org/stable/c/c8ab7521665bd0f8bc4a900244d1d5a7095cc3b9" }, { "url": "https://git.kernel.org/stable/c/e2b54eaf28df0c978626c9736b94f003b523b451" } ], "title": "btrfs: fix double free of anonymous device after snapshot creation failure", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26792", "datePublished": "2024-04-04T08:20:23.075Z", "dateReserved": "2024-02-19T14:20:24.178Z", "dateUpdated": "2024-11-05T09:15:54.697Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26692
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-05 09:13
Severity ?
EPSS score ?
Summary
smb: Fix regression in writes when non-standard maximum write size negotiated
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.775Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4145ccff546ea868428b3e0fe6818c6261b574a9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/63c35afd50e28b49c5b75542045a8c42b696dab9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4860abb91f3d7fbaf8147d54782149bb1fc45892" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26692", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:53:00.719188Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:31.032Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/smb/client/connect.c", "fs/smb/client/fs_context.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "4145ccff546e", "status": "affected", "version": "d08089f649a0", "versionType": "git" }, { "lessThan": "63c35afd50e2", "status": "affected", "version": "d08089f649a0", "versionType": "git" }, { "lessThan": "4860abb91f3d", "status": "affected", "version": "d08089f649a0", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/smb/client/connect.c", "fs/smb/client/fs_context.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.3" }, { "lessThan": "6.3", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: Fix regression in writes when non-standard maximum write size negotiated\n\nThe conversion to netfs in the 6.3 kernel caused a regression when\nmaximum write size is set by the server to an unexpected value which is\nnot a multiple of 4096 (similarly if the user overrides the maximum\nwrite size by setting mount parm \"wsize\", but sets it to a value that\nis not a multiple of 4096). When negotiated write size is not a\nmultiple of 4096 the netfs code can skip the end of the final\npage when doing large sequential writes, causing data corruption.\n\nThis section of code is being rewritten/removed due to a large\nnetfs change, but until that point (ie for the 6.3 kernel until now)\nwe can not support non-standard maximum write sizes.\n\nAdd a warning if a user specifies a wsize on mount that is not\na multiple of 4096 (and round down), also add a change where we\nround down the maximum write size if the server negotiates a value\nthat is not a multiple of 4096 (we also have to check to make sure that\nwe do not round it down to zero)." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:13:59.708Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/4145ccff546ea868428b3e0fe6818c6261b574a9" }, { "url": "https://git.kernel.org/stable/c/63c35afd50e28b49c5b75542045a8c42b696dab9" }, { "url": "https://git.kernel.org/stable/c/4860abb91f3d7fbaf8147d54782149bb1fc45892" } ], "title": "smb: Fix regression in writes when non-standard maximum write size negotiated", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26692", "datePublished": "2024-04-03T14:54:53.343Z", "dateReserved": "2024-02-19T14:20:24.155Z", "dateUpdated": "2024-11-05T09:13:59.708Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26784
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26784", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T19:27:05.325313Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T19:27:12.883Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.469Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f6aaf131e4d4a9a26040ecc018eb70ab8b3d355d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/eb5555d422d0fc325e1574a7353d3c616f82d8b5" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/pmdomain/arm/scmi_perf_domain.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f6aaf131e4d4", "status": "affected", "version": "2af23ceb8624", "versionType": "git" }, { "lessThan": "eb5555d422d0", "status": "affected", "version": "2af23ceb8624", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/pmdomain/arm/scmi_perf_domain.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.7" }, { "lessThan": "6.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: arm: Fix NULL dereference on scmi_perf_domain removal\n\nOn unloading of the scmi_perf_domain module got the below splat, when in\nthe DT provided to the system under test the \u0027#power-domain-cells\u0027 property\nwas missing. Indeed, this particular setup causes the probe to bail out\nearly without giving any error, which leads to the -\u003eremove() callback gets\nto run too, but without all the expected initialized structures in place.\n\nAdd a check and bail out early on remove too.\n\n Call trace:\n scmi_perf_domain_remove+0x28/0x70 [scmi_perf_domain]\n scmi_dev_remove+0x28/0x40 [scmi_core]\n device_remove+0x54/0x90\n device_release_driver_internal+0x1dc/0x240\n driver_detach+0x58/0xa8\n bus_remove_driver+0x78/0x108\n driver_unregister+0x38/0x70\n scmi_driver_unregister+0x28/0x180 [scmi_core]\n scmi_perf_domain_driver_exit+0x18/0xb78 [scmi_perf_domain]\n __arm64_sys_delete_module+0x1a8/0x2c0\n invoke_syscall+0x50/0x128\n el0_svc_common.constprop.0+0x48/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x34/0xb8\n el0t_64_sync_handler+0x100/0x130\n el0t_64_sync+0x190/0x198\n Code: a90153f3 f9403c14 f9414800 955f8a05 (b9400a80)\n ---[ end trace 0000000000000000 ]---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:45.545Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f6aaf131e4d4a9a26040ecc018eb70ab8b3d355d" }, { "url": "https://git.kernel.org/stable/c/eb5555d422d0fc325e1574a7353d3c616f82d8b5" } ], "title": "pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26784", "datePublished": "2024-04-04T08:20:17.836Z", "dateReserved": "2024-02-19T14:20:24.177Z", "dateUpdated": "2024-11-05T09:15:45.545Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26768
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-07 19:36
Severity ?
EPSS score ?
Summary
LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC]
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26768", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T19:30:26.181836Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-07T19:36:27.034Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.501Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/88e189bd16e5889e44a41b3309558ebab78b9280" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0f6810e39898af2d2cabd9313e4dbc945fb5dfdd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4551b30525cf3d2f026b92401ffe241eb04dfebe" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/loongarch/include/asm/acpi.h", "arch/loongarch/kernel/acpi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "88e189bd16e5", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "0f6810e39898", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "4551b30525cf", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/loongarch/include/asm/acpi.h", "arch/loongarch/kernel/acpi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC]\n\nWith default config, the value of NR_CPUS is 64. When HW platform has\nmore then 64 cpus, system will crash on these platforms. MAX_CORE_PIC\nis the maximum cpu number in MADT table (max physical number) which can\nexceed the supported maximum cpu number (NR_CPUS, max logical number),\nbut kernel should not crash. Kernel should boot cpus with NR_CPUS, let\nthe remainder cpus stay in BIOS.\n\nThe potential crash reason is that the array acpi_core_pic[NR_CPUS] can\nbe overflowed when parsing MADT table, and it is obvious that CORE_PIC\nshould be corresponding to physical core rather than logical core, so it\nis better to define the array as acpi_core_pic[MAX_CORE_PIC].\n\nWith the patch, system can boot up 64 vcpus with qemu parameter -smp 128,\notherwise system will crash with the following message.\n\n[ 0.000000] CPU 0 Unable to handle kernel paging request at virtual address 0000420000004259, era == 90000000037a5f0c, ra == 90000000037a46ec\n[ 0.000000] Oops[#1]:\n[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 6.8.0-rc2+ #192\n[ 0.000000] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022\n[ 0.000000] pc 90000000037a5f0c ra 90000000037a46ec tp 9000000003c90000 sp 9000000003c93d60\n[ 0.000000] a0 0000000000000019 a1 9000000003d93bc0 a2 0000000000000000 a3 9000000003c93bd8\n[ 0.000000] a4 9000000003c93a74 a5 9000000083c93a67 a6 9000000003c938f0 a7 0000000000000005\n[ 0.000000] t0 0000420000004201 t1 0000000000000000 t2 0000000000000001 t3 0000000000000001\n[ 0.000000] t4 0000000000000003 t5 0000000000000000 t6 0000000000000030 t7 0000000000000063\n[ 0.000000] t8 0000000000000014 u0 ffffffffffffffff s9 0000000000000000 s0 9000000003caee98\n[ 0.000000] s1 90000000041b0480 s2 9000000003c93da0 s3 9000000003c93d98 s4 9000000003c93d90\n[ 0.000000] s5 9000000003caa000 s6 000000000a7fd000 s7 000000000f556b60 s8 000000000e0a4330\n[ 0.000000] ra: 90000000037a46ec platform_init+0x214/0x250\n[ 0.000000] ERA: 90000000037a5f0c efi_runtime_init+0x30/0x94\n[ 0.000000] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n[ 0.000000] PRMD: 00000000 (PPLV0 -PIE -PWE)\n[ 0.000000] EUEN: 00000000 (-FPE -SXE -ASXE -BTE)\n[ 0.000000] ECFG: 00070800 (LIE=11 VS=7)\n[ 0.000000] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n[ 0.000000] BADV: 0000420000004259\n[ 0.000000] PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)\n[ 0.000000] Modules linked in:\n[ 0.000000] Process swapper (pid: 0, threadinfo=(____ptrval____), task=(____ptrval____))\n[ 0.000000] Stack : 9000000003c93a14 9000000003800898 90000000041844f8 90000000037a46ec\n[ 0.000000] 000000000a7fd000 0000000008290000 0000000000000000 0000000000000000\n[ 0.000000] 0000000000000000 0000000000000000 00000000019d8000 000000000f556b60\n[ 0.000000] 000000000a7fd000 000000000f556b08 9000000003ca7700 9000000003800000\n[ 0.000000] 9000000003c93e50 9000000003800898 9000000003800108 90000000037a484c\n[ 0.000000] 000000000e0a4330 000000000f556b60 000000000a7fd000 000000000f556b08\n[ 0.000000] 9000000003ca7700 9000000004184000 0000000000200000 000000000e02b018\n[ 0.000000] 000000000a7fd000 90000000037a0790 9000000003800108 0000000000000000\n[ 0.000000] 0000000000000000 000000000e0a4330 000000000f556b60 000000000a7fd000\n[ 0.000000] 000000000f556b08 000000000eaae298 000000000eaa5040 0000000000200000\n[ 0.000000] ...\n[ 0.000000] Call Trace:\n[ 0.000000] [\u003c90000000037a5f0c\u003e] efi_runtime_init+0x30/0x94\n[ 0.000000] [\u003c90000000037a46ec\u003e] platform_init+0x214/0x250\n[ 0.000000] [\u003c90000000037a484c\u003e] setup_arch+0x124/0x45c\n[ 0.000000] [\u003c90000000037a0790\u003e] start_kernel+0x90/0x670\n[ 0.000000] [\u003c900000000378b0d8\u003e] kernel_entry+0xd8/0xdc" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:24.383Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/88e189bd16e5889e44a41b3309558ebab78b9280" }, { "url": "https://git.kernel.org/stable/c/0f6810e39898af2d2cabd9313e4dbc945fb5dfdd" }, { "url": "https://git.kernel.org/stable/c/4551b30525cf3d2f026b92401ffe241eb04dfebe" } ], "title": "LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC]", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26768", "datePublished": "2024-04-03T17:00:50.135Z", "dateReserved": "2024-02-19T14:20:24.173Z", "dateUpdated": "2024-11-07T19:36:27.034Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26763
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
dm-crypt: don't modify the data when using authenticated encryption
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.305Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b80478281e4d0f7" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26763", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:31.262032Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:13.692Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/md/dm-crypt.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "43a202bd5529", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "0dccbb93538f", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "3c652f6fa1e1", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "1a4371db68a3", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "e08c2a8d27e9", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "64ba01a36598", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "d9e3763a505e", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "50c70240097c", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/md/dm-crypt.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.308", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-crypt: don\u0027t modify the data when using authenticated encryption\n\nIt was said that authenticated encryption could produce invalid tag when\nthe data that is being encrypted is modified [1]. So, fix this problem by\ncopying the data into the clone bio first and then encrypt them inside the\nclone bio.\n\nThis may reduce performance, but it is needed to prevent the user from\ncorrupting the device by writing data with O_DIRECT and modifying them at\nthe same time.\n\n[1] https://lore.kernel.org/all/20240207004723.GA35324@sol.localdomain/T/" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:18.446Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e" }, { "url": "https://git.kernel.org/stable/c/0dccbb93538fe89a86c6de31d4b1c8c560848eaa" }, { "url": "https://git.kernel.org/stable/c/3c652f6fa1e1f9f02c3fbf359d260ad153ec5f90" }, { "url": "https://git.kernel.org/stable/c/1a4371db68a31076afbe56ecce34fbbe6c80c529" }, { "url": "https://git.kernel.org/stable/c/e08c2a8d27e989f0f5b0888792643027d7e691e6" }, { "url": "https://git.kernel.org/stable/c/64ba01a365980755732972523600a961c4266b75" }, { "url": "https://git.kernel.org/stable/c/d9e3763a505e50ba3bd22846f2a8db99429fb857" }, { "url": "https://git.kernel.org/stable/c/50c70240097ce41fe6bce6478b80478281e4d0f7" } ], "title": "dm-crypt: don\u0027t modify the data when using authenticated encryption", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26763", "datePublished": "2024-04-03T17:00:46.308Z", "dateReserved": "2024-02-19T14:20:24.172Z", "dateUpdated": "2024-11-05T09:15:18.446Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26761
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26761", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:38:51.943125Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:31.762Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.361Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/031217128990d7f0ab8c46db1afb3cf1e075fd29" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2cc1a530ab31c65b52daf3cb5d0883c8b614ea69" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3a3181a71935774bda2398451256d7441426420b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0cab687205986491302cd2e440ef1d253031c221" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/cxl/core/pci.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "031217128990", "status": "affected", "version": "34e37b4c432c", "versionType": "git" }, { "lessThan": "2cc1a530ab31", "status": "affected", "version": "34e37b4c432c", "versionType": "git" }, { "lessThan": "3a3181a71935", "status": "affected", "version": "34e37b4c432c", "versionType": "git" }, { "lessThan": "0cab68720598", "status": "affected", "version": "34e37b4c432c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/cxl/core/pci.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.19" }, { "lessThan": "5.19", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window\n\nThe Linux CXL subsystem is built on the assumption that HPA == SPA.\nThat is, the host physical address (HPA) the HDM decoder registers are\nprogrammed with are system physical addresses (SPA).\n\nDuring HDM decoder setup, the DVSEC CXL range registers (cxl-3.1,\n8.1.3.8) are checked if the memory is enabled and the CXL range is in\na HPA window that is described in a CFMWS structure of the CXL host\nbridge (cxl-3.1, 9.18.1.3).\n\nNow, if the HPA is not an SPA, the CXL range does not match a CFMWS\nwindow and the CXL memory range will be disabled then. The HDM decoder\nstops working which causes system memory being disabled and further a\nsystem hang during HDM decoder initialization, typically when a CXL\nenabled kernel boots.\n\nPrevent a system hang and do not disable the HDM decoder if the\ndecoder\u0027s CXL range is not found in a CFMWS window.\n\nNote the change only fixes a hardware hang, but does not implement\nHPA/SPA translation. Support for this can be added in a follow on\npatch series." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:16.217Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/031217128990d7f0ab8c46db1afb3cf1e075fd29" }, { "url": "https://git.kernel.org/stable/c/2cc1a530ab31c65b52daf3cb5d0883c8b614ea69" }, { "url": "https://git.kernel.org/stable/c/3a3181a71935774bda2398451256d7441426420b" }, { "url": "https://git.kernel.org/stable/c/0cab687205986491302cd2e440ef1d253031c221" } ], "title": "cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26761", "datePublished": "2024-04-03T17:00:44.934Z", "dateReserved": "2024-02-19T14:20:24.171Z", "dateUpdated": "2024-11-05T09:15:16.217Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26807
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:16
Severity ?
EPSS score ?
Summary
spi: cadence-qspi: fix pointer reference in runtime PM hooks
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.598Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26807", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:50:43.187812Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:46.008Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/spi/spi-cadence-quadspi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "03f1573c9587", "status": "affected", "version": "2087e85bb66e", "versionType": "git" }, { "lessThan": "34e1d5c4407c", "status": "affected", "version": "2087e85bb66e", "versionType": "git" }, { "lessThan": "32ce3bb57b6b", "status": "affected", "version": "2087e85bb66e", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/spi/spi-cadence-quadspi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.4" }, { "lessThan": "6.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBoth cadence-quadspi -\u003eruntime_suspend() and -\u003eruntime_resume()\nimplementations start with:\n\n\tstruct cqspi_st *cqspi = dev_get_drvdata(dev);\n\tstruct spi_controller *host = dev_get_drvdata(dev);\n\nThis obviously cannot be correct, unless \"struct cqspi_st\" is the\nfirst member of \" struct spi_controller\", or the other way around, but\nit is not the case. \"struct spi_controller\" is allocated by\ndevm_spi_alloc_host(), which allocates an extra amount of memory for\nprivate data, used to store \"struct cqspi_st\".\n\nThe -\u003eprobe() function of the cadence-quadspi driver then sets the\ndevice drvdata to store the address of the \"struct cqspi_st\"\nstructure. Therefore:\n\n\tstruct cqspi_st *cqspi = dev_get_drvdata(dev);\n\nis correct, but:\n\n\tstruct spi_controller *host = dev_get_drvdata(dev);\n\nis not, as it makes \"host\" point not to a \"struct spi_controller\" but\nto the same \"struct cqspi_st\" structure as above.\n\nThis obviously leads to bad things (memory corruption, kernel crashes)\ndirectly during -\u003eprobe(), as -\u003eprobe() enables the device using PM\nruntime, leading the -\u003eruntime_resume() hook being called, which in\nturns calls spi_controller_resume() with the wrong pointer.\n\nThis has at least been reported [0] to cause a kernel crash, but the\nexact behavior will depend on the memory contents.\n\n[0] https://lore.kernel.org/all/20240226121803.5a7r5wkpbbowcxgx@dhruva/\n\nThis issue potentially affects all platforms that are currently using\nthe cadence-quadspi driver." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:16:11.564Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61" }, { "url": "https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03" }, { "url": "https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc" } ], "title": "spi: cadence-qspi: fix pointer reference in runtime PM hooks", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26807", "datePublished": "2024-04-04T08:20:34.155Z", "dateReserved": "2024-02-19T14:20:24.179Z", "dateUpdated": "2024-11-05T09:16:11.564Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26709
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26709", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:05:58.062446Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:05.160Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.569Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c90fdea9cac9eb419fc266e75d625cb60c8f7f6c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0846dd77c8349ec92ca0079c9c71d130f34cb192" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/powerpc/kernel/iommu.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "c90fdea9cac9", "status": "affected", "version": "a8ca9fc9134c", "versionType": "git" }, { "lessThan": "0846dd77c834", "status": "affected", "version": "a8ca9fc9134c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/powerpc/kernel/iommu.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.7" }, { "lessThan": "6.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/iommu: Fix the missing iommu_group_put() during platform domain attach\n\nThe function spapr_tce_platform_iommu_attach_dev() is missing to call\niommu_group_put() when the domain is already set. This refcount leak\nshows up with BUG_ON() during DLPAR remove operation as:\n\n KernelBug: Kernel bug in state \u0027None\u0027: kernel BUG at arch/powerpc/platforms/pseries/iommu.c:100!\n Oops: Exception in kernel mode, sig: 5 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=8192 NUMA pSeries\n \u003csnip\u003e\n Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_016) hv:phyp pSeries\n NIP: c0000000000ff4d4 LR: c0000000000ff4cc CTR: 0000000000000000\n REGS: c0000013aed5f840 TRAP: 0700 Tainted: G I (6.8.0-rc3-autotest-g99bd3cb0d12e)\n MSR: 8000000000029033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 44002402 XER: 20040000\n CFAR: c000000000a0d170 IRQMASK: 0\n ...\n NIP iommu_reconfig_notifier+0x94/0x200\n LR iommu_reconfig_notifier+0x8c/0x200\n Call Trace:\n iommu_reconfig_notifier+0x8c/0x200 (unreliable)\n notifier_call_chain+0xb8/0x19c\n blocking_notifier_call_chain+0x64/0x98\n of_reconfig_notify+0x44/0xdc\n of_detach_node+0x78/0xb0\n ofdt_write.part.0+0x86c/0xbb8\n proc_reg_write+0xf4/0x150\n vfs_write+0xf8/0x488\n ksys_write+0x84/0x140\n system_call_exception+0x138/0x330\n system_call_vectored_common+0x15c/0x2ec\n\nThe patch adds the missing iommu_group_put() call." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:17.660Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/c90fdea9cac9eb419fc266e75d625cb60c8f7f6c" }, { "url": "https://git.kernel.org/stable/c/0846dd77c8349ec92ca0079c9c71d130f34cb192" } ], "title": "powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26709", "datePublished": "2024-04-03T14:55:11.868Z", "dateReserved": "2024-02-19T14:20:24.159Z", "dateUpdated": "2024-11-05T09:14:17.660Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26750
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
af_unix: Drop oob_skb ref before purging queue in GC.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.217Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6c480d0f131862645d172ca9e25dc152b1a5c3a6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c4c795b21dd23d9514ae1c6646c3fb2c78b5be60" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e9eac260369d0cf57ea53df95427125725507a0d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/43ba9e331559a30000c862eea313248707afa787" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/aa82ac51d63328714645c827775d64dbfd9941f3" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26750", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:11.547250Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:53.425Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/unix/garbage.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "6c480d0f1318", "status": "affected", "version": "36f7371de977", "versionType": "git" }, { "lessThan": "c4c795b21dd2", "status": "affected", "version": "2a3d40b4025f", "versionType": "git" }, { "lessThan": "e9eac260369d", "status": "affected", "version": "69e0f04460f4", "versionType": "git" }, { "lessThan": "43ba9e331559", "status": "affected", "version": "cb8890318dde", "versionType": "git" }, { "lessThan": "aa82ac51d633", "status": "affected", "version": "25236c91b5ab", "versionType": "git" } ] }, { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/unix/garbage.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5.15.151", "status": "affected", "version": "5.15.149", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Drop oob_skb ref before purging queue in GC.\n\nsyzbot reported another task hung in __unix_gc(). [0]\n\nThe current while loop assumes that all of the left candidates\nhave oob_skb and calling kfree_skb(oob_skb) releases the remaining\ncandidates.\n\nHowever, I missed a case that oob_skb has self-referencing fd and\nanother fd and the latter sk is placed before the former in the\ncandidate list. Then, the while loop never proceeds, resulting\nthe task hung.\n\n__unix_gc() has the same loop just before purging the collected skb,\nso we can call kfree_skb(oob_skb) there and let __skb_queue_purge()\nrelease all inflight sockets.\n\n[0]:\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 2784 Comm: kworker/u4:8 Not tainted 6.8.0-rc4-syzkaller-01028-g71b605d32017 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024\nWorkqueue: events_unbound __unix_gc\nRIP: 0010:__sanitizer_cov_trace_pc+0x0/0x70 kernel/kcov.c:200\nCode: 89 fb e8 23 00 00 00 48 8b 3d 84 f5 1a 0c 48 89 de 5b e9 43 26 57 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 \u003cf3\u003e 0f 1e fa 48 8b 04 24 65 48 8b 0d 90 52 70 7e 65 8b 15 91 52 70\nRSP: 0018:ffffc9000a17fa78 EFLAGS: 00000287\nRAX: ffffffff8a0a6108 RBX: ffff88802b6c2640 RCX: ffff88802c0b3b80\nRDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000\nRBP: ffffc9000a17fbf0 R08: ffffffff89383f1d R09: 1ffff1100ee5ff84\nR10: dffffc0000000000 R11: ffffed100ee5ff85 R12: 1ffff110056d84ee\nR13: ffffc9000a17fae0 R14: 0000000000000000 R15: ffffffff8f47b840\nFS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ffef5687ff8 CR3: 0000000029b34000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cNMI\u003e\n \u003c/NMI\u003e\n \u003cTASK\u003e\n __unix_gc+0xe69/0xf40 net/unix/garbage.c:343\n process_one_work kernel/workqueue.c:2633 [inline]\n process_scheduled_works+0x913/0x1420 kernel/workqueue.c:2706\n worker_thread+0xa5f/0x1000 kernel/workqueue.c:2787\n kthread+0x2ef/0x390 kernel/kthread.c:388\n ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:242\n \u003c/TASK\u003e" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:03.672Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/6c480d0f131862645d172ca9e25dc152b1a5c3a6" }, { "url": "https://git.kernel.org/stable/c/c4c795b21dd23d9514ae1c6646c3fb2c78b5be60" }, { "url": "https://git.kernel.org/stable/c/e9eac260369d0cf57ea53df95427125725507a0d" }, { "url": "https://git.kernel.org/stable/c/43ba9e331559a30000c862eea313248707afa787" }, { "url": "https://git.kernel.org/stable/c/aa82ac51d63328714645c827775d64dbfd9941f3" } ], "title": "af_unix: Drop oob_skb ref before purging queue in GC.", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26750", "datePublished": "2024-04-04T08:20:14.494Z", "dateReserved": "2024-02-19T14:20:24.169Z", "dateUpdated": "2024-11-05T09:15:03.672Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26802
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:16
Severity ?
EPSS score ?
Summary
stmmac: Clear variable when destroying workqueue
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26802", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-05T18:39:40.644650Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:39.143Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.590Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8e99556301172465c8fe33c7f78c39a3d4ce8462" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/17ccd9798fe0beda3db212cfa3ebe373f605cbd6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/699b103e48ce32d03fc86c35b37ee8ae4288c7e3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f72cf22dccc94038cbbaa1029cb575bf52e5cbc8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8af411bbba1f457c33734795f024d0ef26d0963f" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/stmicro/stmmac/stmmac_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "8e9955630117", "status": "affected", "version": "5a5586112b92", "versionType": "git" }, { "lessThan": "17ccd9798fe0", "status": "affected", "version": "5a5586112b92", "versionType": "git" }, { "lessThan": "699b103e48ce", "status": "affected", "version": "5a5586112b92", "versionType": "git" }, { "lessThan": "f72cf22dccc9", "status": "affected", "version": "5a5586112b92", "versionType": "git" }, { "lessThan": "8af411bbba1f", "status": "affected", "version": "5a5586112b92", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/ethernet/stmicro/stmmac/stmmac_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.13" }, { "lessThan": "5.13", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.151", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstmmac: Clear variable when destroying workqueue\n\nCurrently when suspending driver and stopping workqueue it is checked whether\nworkqueue is not NULL and if so, it is destroyed.\nFunction destroy_workqueue() does drain queue and does clear variable, but\nit does not set workqueue variable to NULL. This can cause kernel/module\npanic if code attempts to clear workqueue that was not initialized.\n\nThis scenario is possible when resuming suspended driver in stmmac_resume(),\nbecause there is no handling for failed stmmac_hw_setup(),\nwhich can fail and return if DMA engine has failed to initialize,\nand workqueue is initialized after DMA engine.\nShould DMA engine fail to initialize, resume will proceed normally,\nbut interface won\u0027t work and TX queue will eventually timeout,\ncausing \u0027Reset adapter\u0027 error.\nThis then does destroy workqueue during reset process.\nAnd since workqueue is initialized after DMA engine and can be skipped,\nit will cause kernel/module panic.\n\nTo secure against this possible crash, set workqueue variable to NULL when\ndestroying workqueue.\n\nLog/backtrace from crash goes as follows:\n[88.031977]------------[ cut here ]------------\n[88.031985]NETDEV WATCHDOG: eth0 (sxgmac): transmit queue 1 timed out\n[88.032017]WARNING: CPU: 0 PID: 0 at net/sched/sch_generic.c:477 dev_watchdog+0x390/0x398\n \u003cSkipping backtrace for watchdog timeout\u003e\n[88.032251]---[ end trace e70de432e4d5c2c0 ]---\n[88.032282]sxgmac 16d88000.ethernet eth0: Reset adapter.\n[88.036359]------------[ cut here ]------------\n[88.036519]Call trace:\n[88.036523] flush_workqueue+0x3e4/0x430\n[88.036528] drain_workqueue+0xc4/0x160\n[88.036533] destroy_workqueue+0x40/0x270\n[88.036537] stmmac_fpe_stop_wq+0x4c/0x70\n[88.036541] stmmac_release+0x278/0x280\n[88.036546] __dev_close_many+0xcc/0x158\n[88.036551] dev_close_many+0xbc/0x190\n[88.036555] dev_close.part.0+0x70/0xc0\n[88.036560] dev_close+0x24/0x30\n[88.036564] stmmac_service_task+0x110/0x140\n[88.036569] process_one_work+0x1d8/0x4a0\n[88.036573] worker_thread+0x54/0x408\n[88.036578] kthread+0x164/0x170\n[88.036583] ret_from_fork+0x10/0x20\n[88.036588]---[ end trace e70de432e4d5c2c1 ]---\n[88.036597]Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:16:06.027Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/8e99556301172465c8fe33c7f78c39a3d4ce8462" }, { "url": "https://git.kernel.org/stable/c/17ccd9798fe0beda3db212cfa3ebe373f605cbd6" }, { "url": "https://git.kernel.org/stable/c/699b103e48ce32d03fc86c35b37ee8ae4288c7e3" }, { "url": "https://git.kernel.org/stable/c/f72cf22dccc94038cbbaa1029cb575bf52e5cbc8" }, { "url": "https://git.kernel.org/stable/c/8af411bbba1f457c33734795f024d0ef26d0963f" } ], "title": "stmmac: Clear variable when destroying workqueue", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26802", "datePublished": "2024-04-04T08:20:29.919Z", "dateReserved": "2024-02-19T14:20:24.179Z", "dateUpdated": "2024-11-05T09:16:06.027Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26731
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-06 21:26
Severity ?
EPSS score ?
Summary
bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26731", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:10:44.552667Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-06T21:26:34.391Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.980Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4588b13abcbd561ec67f5b3c1cb2eff690990a54" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9b099ed46dcaf1403c531ff02c3d7400fa37fa26" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d61608a4e394f23e0dca099df9eb8e555453d949" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4cd12c6065dfcdeba10f49949bffcf383b3952d8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/core/skmsg.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "4588b13abcbd", "status": "affected", "version": "dd628fc697ee", "versionType": "git" }, { "lessThan": "9b099ed46dca", "status": "affected", "version": "6df7f764cd3c", "versionType": "git" }, { "lessThan": "d61608a4e394", "status": "affected", "version": "6df7f764cd3c", "versionType": "git" }, { "lessThan": "4cd12c6065df", "status": "affected", "version": "6df7f764cd3c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/core/skmsg.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.4" }, { "lessThan": "6.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()\n\nsyzbot reported the following NULL pointer dereference issue [1]:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000000\n [...]\n RIP: 0010:0x0\n [...]\n Call Trace:\n \u003cTASK\u003e\n sk_psock_verdict_data_ready+0x232/0x340 net/core/skmsg.c:1230\n unix_stream_sendmsg+0x9b4/0x1230 net/unix/af_unix.c:2293\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x221/0x270 net/socket.c:745\n ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667\n do_syscall_64+0xf9/0x240\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n\nIf sk_psock_verdict_data_ready() and sk_psock_stop_verdict() are called\nconcurrently, psock-\u003esaved_data_ready can be NULL, causing the above issue.\n\nThis patch fixes this issue by calling the appropriate data ready function\nusing the sk_psock_data_ready() helper and protecting it from concurrency\nwith sk-\u003esk_callback_lock." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:42.271Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/4588b13abcbd561ec67f5b3c1cb2eff690990a54" }, { "url": "https://git.kernel.org/stable/c/9b099ed46dcaf1403c531ff02c3d7400fa37fa26" }, { "url": "https://git.kernel.org/stable/c/d61608a4e394f23e0dca099df9eb8e555453d949" }, { "url": "https://git.kernel.org/stable/c/4cd12c6065dfcdeba10f49949bffcf383b3952d8" } ], "title": "bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26731", "datePublished": "2024-04-03T17:00:18.823Z", "dateReserved": "2024-02-19T14:20:24.164Z", "dateUpdated": "2024-11-06T21:26:34.391Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26743
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
RDMA/qedr: Fix qedr_create_user_qp error flow
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26743", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T19:28:14.309187Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T19:28:21.844Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.229Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5639414a52a29336ffa1ede80a67c6d927acbc5a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/135e5465fefa463c5ec93c4eede48b9fedac894a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7f31a244c753aacf40b71d01f03ca6742f81bbbc" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/95175dda017cd4982cd47960536fa1de003d3298" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bab8875c06ebda5e01c5c4cab30022aed85c14e6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5ba4e6d5863c53e937f49932dee0ecb004c65928" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/infiniband/hw/qedr/verbs.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5639414a52a2", "status": "affected", "version": "df15856132bc", "versionType": "git" }, { "lessThan": "135e5465fefa", "status": "affected", "version": "df15856132bc", "versionType": "git" }, { "lessThan": "7f31a244c753", "status": "affected", "version": "df15856132bc", "versionType": "git" }, { "lessThan": "95175dda017c", "status": "affected", "version": "df15856132bc", "versionType": "git" }, { "lessThan": "bab8875c06eb", "status": "affected", "version": "df15856132bc", "versionType": "git" }, { "lessThan": "5ba4e6d5863c", "status": "affected", "version": "df15856132bc", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/infiniband/hw/qedr/verbs.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.11" }, { "lessThan": "4.11", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/qedr: Fix qedr_create_user_qp error flow\n\nAvoid the following warning by making sure to free the allocated\nresources in case that qedr_init_user_queue() fail.\n\n-----------[ cut here ]-----------\nWARNING: CPU: 0 PID: 143192 at drivers/infiniband/core/rdma_core.c:874 uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nModules linked in: tls target_core_user uio target_core_pscsi target_core_file target_core_iblock ib_srpt ib_srp scsi_transport_srp nfsd nfs_acl rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs 8021q garp mrp stp llc ext4 mbcache jbd2 opa_vnic ib_umad ib_ipoib sunrpc rdma_ucm ib_isert iscsi_target_mod target_core_mod ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_cm hfi1 intel_rapl_msr intel_rapl_common mgag200 qedr sb_edac drm_shmem_helper rdmavt x86_pkg_temp_thermal drm_kms_helper intel_powerclamp ib_uverbs coretemp i2c_algo_bit kvm_intel dell_wmi_descriptor ipmi_ssif sparse_keymap kvm ib_core rfkill syscopyarea sysfillrect video sysimgblt irqbypass ipmi_si ipmi_devintf fb_sys_fops rapl iTCO_wdt mxm_wmi iTCO_vendor_support intel_cstate pcspkr dcdbas intel_uncore ipmi_msghandler lpc_ich acpi_power_meter mei_me mei fuse drm xfs libcrc32c qede sd_mod ahci libahci t10_pi sg crct10dif_pclmul crc32_pclmul crc32c_intel qed libata tg3\nghash_clmulni_intel megaraid_sas crc8 wmi [last unloaded: ib_srpt]\nCPU: 0 PID: 143192 Comm: fi_rdm_tagged_p Kdump: loaded Not tainted 5.14.0-408.el9.x86_64 #1\nHardware name: Dell Inc. PowerEdge R430/03XKDV, BIOS 2.14.0 01/25/2022\nRIP: 0010:uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nCode: 5d 41 5c 41 5d 41 5e e9 0f 26 1b dd 48 89 df e8 67 6a ff ff 49 8b 86 10 01 00 00 48 85 c0 74 9c 4c 89 e7 e8 83 c0 cb dd eb 92 \u003c0f\u003e 0b eb be 0f 0b be 04 00 00 00 48 89 df e8 8e f5 ff ff e9 6d ff\nRSP: 0018:ffffb7c6cadfbc60 EFLAGS: 00010286\nRAX: ffff8f0889ee3f60 RBX: ffff8f088c1a5200 RCX: 00000000802a0016\nRDX: 00000000802a0017 RSI: 0000000000000001 RDI: ffff8f0880042600\nRBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000\nR10: ffff8f11fffd5000 R11: 0000000000039000 R12: ffff8f0d5b36cd80\nR13: ffff8f088c1a5250 R14: ffff8f1206d91000 R15: 0000000000000000\nFS: 0000000000000000(0000) GS:ffff8f11d7c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000147069200e20 CR3: 00000001c7210002 CR4: 00000000001706f0\nCall Trace:\n\u003cTASK\u003e\n? show_trace_log_lvl+0x1c4/0x2df\n? show_trace_log_lvl+0x1c4/0x2df\n? ib_uverbs_close+0x1f/0xb0 [ib_uverbs]\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\n? __warn+0x81/0x110\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\n? report_bug+0x10a/0x140\n? handle_bug+0x3c/0x70\n? exc_invalid_op+0x14/0x70\n? asm_exc_invalid_op+0x16/0x20\n? uverbs_destroy_ufile_hw+0xcf/0xf0 [ib_uverbs]\nib_uverbs_close+0x1f/0xb0 [ib_uverbs]\n__fput+0x94/0x250\ntask_work_run+0x5c/0x90\ndo_exit+0x270/0x4a0\ndo_group_exit+0x2d/0x90\nget_signal+0x87c/0x8c0\narch_do_signal_or_restart+0x25/0x100\n? ib_uverbs_ioctl+0xc2/0x110 [ib_uverbs]\nexit_to_user_mode_loop+0x9c/0x130\nexit_to_user_mode_prepare+0xb6/0x100\nsyscall_exit_to_user_mode+0x12/0x40\ndo_syscall_64+0x69/0x90\n? syscall_exit_work+0x103/0x130\n? syscall_exit_to_user_mode+0x22/0x40\n? do_syscall_64+0x69/0x90\n? syscall_exit_work+0x103/0x130\n? syscall_exit_to_user_mode+0x22/0x40\n? do_syscall_64+0x69/0x90\n? do_syscall_64+0x69/0x90\n? common_interrupt+0x43/0xa0\nentry_SYSCALL_64_after_hwframe+0x72/0xdc\nRIP: 0033:0x1470abe3ec6b\nCode: Unable to access opcode bytes at RIP 0x1470abe3ec41.\nRSP: 002b:00007fff13ce9108 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\nRAX: fffffffffffffffc RBX: 00007fff13ce9218 RCX: 00001470abe3ec6b\nRDX: 00007fff13ce9200 RSI: 00000000c0181b01 RDI: 0000000000000004\nRBP: 00007fff13ce91e0 R08: 0000558d9655da10 R09: 0000558d9655dd00\nR10: 00007fff13ce95c0 R11: 0000000000000246 R12: 00007fff13ce9358\nR13: 0000000000000013 R14: 0000558d9655db50 R15: 00007fff13ce9470\n\u003c/TASK\u003e\n--[ end trace 888a9b92e04c5c97 ]--" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:55.749Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5639414a52a29336ffa1ede80a67c6d927acbc5a" }, { "url": "https://git.kernel.org/stable/c/135e5465fefa463c5ec93c4eede48b9fedac894a" }, { "url": "https://git.kernel.org/stable/c/7f31a244c753aacf40b71d01f03ca6742f81bbbc" }, { "url": "https://git.kernel.org/stable/c/95175dda017cd4982cd47960536fa1de003d3298" }, { "url": "https://git.kernel.org/stable/c/bab8875c06ebda5e01c5c4cab30022aed85c14e6" }, { "url": "https://git.kernel.org/stable/c/5ba4e6d5863c53e937f49932dee0ecb004c65928" } ], "title": "RDMA/qedr: Fix qedr_create_user_qp error flow", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26743", "datePublished": "2024-04-03T17:00:32.634Z", "dateReserved": "2024-02-19T14:20:24.167Z", "dateUpdated": "2024-11-05T09:14:55.749Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26730
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
hwmon: (nct6775) Fix access to temperature configuration registers
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.970Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f006c45a3ea424f8f6c8e4b9283bc245ce2a4d0f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c196387820c9214c5ceaff56d77303c82514b8b1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d56e460e19ea8382f813eb489730248ec8d7eb73" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26730", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:03.714243Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:21.224Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/hwmon/nct6775-core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f006c45a3ea4", "status": "affected", "version": "b7f1f7b2523a", "versionType": "git" }, { "lessThan": "c196387820c9", "status": "affected", "version": "b7f1f7b2523a", "versionType": "git" }, { "lessThan": "d56e460e19ea", "status": "affected", "version": "b7f1f7b2523a", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/hwmon/nct6775-core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.6" }, { "lessThan": "6.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (nct6775) Fix access to temperature configuration registers\n\nThe number of temperature configuration registers does\nnot always match the total number of temperature registers.\nThis can result in access errors reported if KASAN is enabled.\n\nBUG: KASAN: global-out-of-bounds in nct6775_probe+0x5654/0x6fe9 nct6775_core" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:41.160Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f006c45a3ea424f8f6c8e4b9283bc245ce2a4d0f" }, { "url": "https://git.kernel.org/stable/c/c196387820c9214c5ceaff56d77303c82514b8b1" }, { "url": "https://git.kernel.org/stable/c/d56e460e19ea8382f813eb489730248ec8d7eb73" } ], "title": "hwmon: (nct6775) Fix access to temperature configuration registers", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26730", "datePublished": "2024-04-03T17:00:18.186Z", "dateReserved": "2024-02-19T14:20:24.164Z", "dateUpdated": "2024-11-05T09:14:41.160Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26695
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.671Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/58054faf3bd29cd0b949b77efcb6157f66f401ed" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7535ec350a5f09b5756a7607f5582913f21200f4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8731fe001a60581794ed9cf65da8cd304846a6fb" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/88aa493f393d2ee38ac140e1f6ac1881346e85d4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b5909f197f3b26aebedca7d8ac7b688fd993a266" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ccb88e9549e7cfd8bcd511c538f437e20026e983" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26695", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:57.346229Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:32:55.424Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/crypto/ccp/sev-dev.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "58054faf3bd2", "status": "affected", "version": "87af9b0b4566", "versionType": "git" }, { "lessThan": "7535ec350a5f", "status": "affected", "version": "f831d2882c84", "versionType": "git" }, { "lessThan": "8731fe001a60", "status": "affected", "version": "1b05ece0c931", "versionType": "git" }, { "lessThan": "88aa493f393d", "status": "affected", "version": "1b05ece0c931", "versionType": "git" }, { "lessThan": "b5909f197f3b", "status": "affected", "version": "1b05ece0c931", "versionType": "git" }, { "lessThan": "ccb88e9549e7", "status": "affected", "version": "1b05ece0c931", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/crypto/ccp/sev-dev.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.0" }, { "lessThan": "6.0", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked\n\nThe SEV platform device can be shutdown with a null psp_master,\ne.g., using DEBUG_TEST_DRIVER_REMOVE. Found using KASAN:\n\n[ 137.148210] ccp 0000:23:00.1: enabling device (0000 -\u003e 0002)\n[ 137.162647] ccp 0000:23:00.1: no command queues available\n[ 137.170598] ccp 0000:23:00.1: sev enabled\n[ 137.174645] ccp 0000:23:00.1: psp enabled\n[ 137.178890] general protection fault, probably for non-canonical address 0xdffffc000000001e: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC KASAN NOPTI\n[ 137.182693] KASAN: null-ptr-deref in range [0x00000000000000f0-0x00000000000000f7]\n[ 137.182693] CPU: 93 PID: 1 Comm: swapper/0 Not tainted 6.8.0-rc1+ #311\n[ 137.182693] RIP: 0010:__sev_platform_shutdown_locked+0x51/0x180\n[ 137.182693] Code: 08 80 3c 08 00 0f 85 0e 01 00 00 48 8b 1d 67 b6 01 08 48 b8 00 00 00 00 00 fc ff df 48 8d bb f0 00 00 00 48 89 f9 48 c1 e9 03 \u003c80\u003e 3c 01 00 0f 85 fe 00 00 00 48 8b 9b f0 00 00 00 48 85 db 74 2c\n[ 137.182693] RSP: 0018:ffffc900000cf9b0 EFLAGS: 00010216\n[ 137.182693] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 000000000000001e\n[ 137.182693] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00000000000000f0\n[ 137.182693] RBP: ffffc900000cf9c8 R08: 0000000000000000 R09: fffffbfff58f5a66\n[ 137.182693] R10: ffffc900000cf9c8 R11: ffffffffac7ad32f R12: ffff8881e5052c28\n[ 137.182693] R13: ffff8881e5052c28 R14: ffff8881758e43e8 R15: ffffffffac64abf8\n[ 137.182693] FS: 0000000000000000(0000) GS:ffff889de7000000(0000) knlGS:0000000000000000\n[ 137.182693] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 137.182693] CR2: 0000000000000000 CR3: 0000001cf7c7e000 CR4: 0000000000350ef0\n[ 137.182693] Call Trace:\n[ 137.182693] \u003cTASK\u003e\n[ 137.182693] ? show_regs+0x6c/0x80\n[ 137.182693] ? __die_body+0x24/0x70\n[ 137.182693] ? die_addr+0x4b/0x80\n[ 137.182693] ? exc_general_protection+0x126/0x230\n[ 137.182693] ? asm_exc_general_protection+0x2b/0x30\n[ 137.182693] ? __sev_platform_shutdown_locked+0x51/0x180\n[ 137.182693] sev_firmware_shutdown.isra.0+0x1e/0x80\n[ 137.182693] sev_dev_destroy+0x49/0x100\n[ 137.182693] psp_dev_destroy+0x47/0xb0\n[ 137.182693] sp_destroy+0xbb/0x240\n[ 137.182693] sp_pci_remove+0x45/0x60\n[ 137.182693] pci_device_remove+0xaa/0x1d0\n[ 137.182693] device_remove+0xc7/0x170\n[ 137.182693] really_probe+0x374/0xbe0\n[ 137.182693] ? srso_return_thunk+0x5/0x5f\n[ 137.182693] __driver_probe_device+0x199/0x460\n[ 137.182693] driver_probe_device+0x4e/0xd0\n[ 137.182693] __driver_attach+0x191/0x3d0\n[ 137.182693] ? __pfx___driver_attach+0x10/0x10\n[ 137.182693] bus_for_each_dev+0x100/0x190\n[ 137.182693] ? __pfx_bus_for_each_dev+0x10/0x10\n[ 137.182693] ? __kasan_check_read+0x15/0x20\n[ 137.182693] ? srso_return_thunk+0x5/0x5f\n[ 137.182693] ? _raw_spin_unlock+0x27/0x50\n[ 137.182693] driver_attach+0x41/0x60\n[ 137.182693] bus_add_driver+0x2a8/0x580\n[ 137.182693] driver_register+0x141/0x480\n[ 137.182693] __pci_register_driver+0x1d6/0x2a0\n[ 137.182693] ? srso_return_thunk+0x5/0x5f\n[ 137.182693] ? esrt_sysfs_init+0x1cd/0x5d0\n[ 137.182693] ? __pfx_sp_mod_init+0x10/0x10\n[ 137.182693] sp_pci_init+0x22/0x30\n[ 137.182693] sp_mod_init+0x14/0x30\n[ 137.182693] ? __pfx_sp_mod_init+0x10/0x10\n[ 137.182693] do_one_initcall+0xd1/0x470\n[ 137.182693] ? __pfx_do_one_initcall+0x10/0x10\n[ 137.182693] ? parameq+0x80/0xf0\n[ 137.182693] ? srso_return_thunk+0x5/0x5f\n[ 137.182693] ? __kmalloc+0x3b0/0x4e0\n[ 137.182693] ? kernel_init_freeable+0x92d/0x1050\n[ 137.182693] ? kasan_populate_vmalloc_pte+0x171/0x190\n[ 137.182693] ? srso_return_thunk+0x5/0x5f\n[ 137.182693] kernel_init_freeable+0xa64/0x1050\n[ 137.182693] ? __pfx_kernel_init+0x10/0x10\n[ 137.182693] kernel_init+0x24/0x160\n[ 137.182693] ? __switch_to_asm+0x3e/0x70\n[ 137.182693] ret_from_fork+0x40/0x80\n[ 137.182693] ? __pfx_kernel_init+0x1\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:03.153Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/58054faf3bd29cd0b949b77efcb6157f66f401ed" }, { "url": "https://git.kernel.org/stable/c/7535ec350a5f09b5756a7607f5582913f21200f4" }, { "url": "https://git.kernel.org/stable/c/8731fe001a60581794ed9cf65da8cd304846a6fb" }, { "url": "https://git.kernel.org/stable/c/88aa493f393d2ee38ac140e1f6ac1881346e85d4" }, { "url": "https://git.kernel.org/stable/c/b5909f197f3b26aebedca7d8ac7b688fd993a266" }, { "url": "https://git.kernel.org/stable/c/ccb88e9549e7cfd8bcd511c538f437e20026e983" } ], "title": "crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26695", "datePublished": "2024-04-03T14:54:56.184Z", "dateReserved": "2024-02-19T14:20:24.156Z", "dateUpdated": "2024-11-05T09:14:03.153Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26740
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
net/sched: act_mirred: use the backlog for mirred ingress
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.957Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7c787888d164689da8b1b115f3ef562c1e843af4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/60ddea1600bc476e0f5e02bce0e29a460ccbf0be" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/52f671db18823089a02f07efc04efdb2272ddc17" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26740", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:50.686758Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:17.875Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/sched/act_mirred.c", "tools/testing/selftests/net/forwarding/tc_actions.sh" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "7c787888d164", "status": "affected", "version": "53592b364001", "versionType": "git" }, { "lessThan": "60ddea1600bc", "status": "affected", "version": "53592b364001", "versionType": "git" }, { "lessThan": "52f671db1882", "status": "affected", "version": "53592b364001", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/sched/act_mirred.c", "tools/testing/selftests/net/forwarding/tc_actions.sh" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.10" }, { "lessThan": "4.10", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: use the backlog for mirred ingress\n\nThe test Davide added in commit ca22da2fbd69 (\"act_mirred: use the backlog\nfor nested calls to mirred ingress\") hangs our testing VMs every 10 or so\nruns, with the familiar tcp_v4_rcv -\u003e tcp_v4_rcv deadlock reported by\nlockdep.\n\nThe problem as previously described by Davide (see Link) is that\nif we reverse flow of traffic with the redirect (egress -\u003e ingress)\nwe may reach the same socket which generated the packet. And we may\nstill be holding its socket lock. The common solution to such deadlocks\nis to put the packet in the Rx backlog, rather than run the Rx path\ninline. Do that for all egress -\u003e ingress reversals, not just once\nwe started to nest mirred calls.\n\nIn the past there was a concern that the backlog indirection will\nlead to loss of error reporting / less accurate stats. But the current\nworkaround does not seem to address the issue." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:52.264Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/7c787888d164689da8b1b115f3ef562c1e843af4" }, { "url": "https://git.kernel.org/stable/c/60ddea1600bc476e0f5e02bce0e29a460ccbf0be" }, { "url": "https://git.kernel.org/stable/c/52f671db18823089a02f07efc04efdb2272ddc17" } ], "title": "net/sched: act_mirred: use the backlog for mirred ingress", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26740", "datePublished": "2024-04-03T17:00:25.534Z", "dateReserved": "2024-02-19T14:20:24.166Z", "dateUpdated": "2024-11-05T09:14:52.264Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26746
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
dmaengine: idxd: Ensure safe user copy of completion record
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26746", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T16:00:23.530084Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:37.499Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.241Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5e3022ea42e490a36ec6f2cfa6fc603deb0bace4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bb71e040323175e18c233a9afef32ba14fa64eb7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d3ea125df37dc37972d581b74a5d3785c3f283ab" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/dma/idxd/init.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5e3022ea42e4", "status": "affected", "version": "c2f156bf168f", "versionType": "git" }, { "lessThan": "bb71e0403231", "status": "affected", "version": "c2f156bf168f", "versionType": "git" }, { "lessThan": "d3ea125df37d", "status": "affected", "version": "c2f156bf168f", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/dma/idxd/init.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.4" }, { "lessThan": "6.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Ensure safe user copy of completion record\n\nIf CONFIG_HARDENED_USERCOPY is enabled, copying completion record from\nevent log cache to user triggers a kernel bug.\n\n[ 1987.159822] usercopy: Kernel memory exposure attempt detected from SLUB object \u0027dsa0\u0027 (offset 74, size 31)!\n[ 1987.170845] ------------[ cut here ]------------\n[ 1987.176086] kernel BUG at mm/usercopy.c:102!\n[ 1987.180946] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n[ 1987.186866] CPU: 17 PID: 528 Comm: kworker/17:1 Not tainted 6.8.0-rc2+ #5\n[ 1987.194537] Hardware name: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.86B.2492.D03.2307181620 07/18/2023\n[ 1987.206405] Workqueue: wq0.0 idxd_evl_fault_work [idxd]\n[ 1987.212338] RIP: 0010:usercopy_abort+0x72/0x90\n[ 1987.217381] Code: 58 65 9c 50 48 c7 c2 17 85 61 9c 57 48 c7 c7 98 fd 6b 9c 48 0f 44 d6 48 c7 c6 b3 08 62 9c 4c 89 d1 49 0f 44 f3 e8 1e 2e d5 ff \u003c0f\u003e 0b 49 c7 c1 9e 42 61 9c 4c 89 cf 4d 89 c8 eb a9 66 66 2e 0f 1f\n[ 1987.238505] RSP: 0018:ff62f5cf20607d60 EFLAGS: 00010246\n[ 1987.244423] RAX: 000000000000005f RBX: 000000000000001f RCX: 0000000000000000\n[ 1987.252480] RDX: 0000000000000000 RSI: ffffffff9c61429e RDI: 00000000ffffffff\n[ 1987.260538] RBP: ff62f5cf20607d78 R08: ff2a6a89ef3fffe8 R09: 00000000fffeffff\n[ 1987.268595] R10: ff2a6a89eed00000 R11: 0000000000000003 R12: ff2a66934849c89a\n[ 1987.276652] R13: 0000000000000001 R14: ff2a66934849c8b9 R15: ff2a66934849c899\n[ 1987.284710] FS: 0000000000000000(0000) GS:ff2a66b22fe40000(0000) knlGS:0000000000000000\n[ 1987.293850] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 1987.300355] CR2: 00007fe291a37000 CR3: 000000010fbd4005 CR4: 0000000000f71ef0\n[ 1987.308413] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 1987.316470] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400\n[ 1987.324527] PKRU: 55555554\n[ 1987.327622] Call Trace:\n[ 1987.330424] \u003cTASK\u003e\n[ 1987.332826] ? show_regs+0x6e/0x80\n[ 1987.336703] ? die+0x3c/0xa0\n[ 1987.339988] ? do_trap+0xd4/0xf0\n[ 1987.343662] ? do_error_trap+0x75/0xa0\n[ 1987.347922] ? usercopy_abort+0x72/0x90\n[ 1987.352277] ? exc_invalid_op+0x57/0x80\n[ 1987.356634] ? usercopy_abort+0x72/0x90\n[ 1987.360988] ? asm_exc_invalid_op+0x1f/0x30\n[ 1987.365734] ? usercopy_abort+0x72/0x90\n[ 1987.370088] __check_heap_object+0xb7/0xd0\n[ 1987.374739] __check_object_size+0x175/0x2d0\n[ 1987.379588] idxd_copy_cr+0xa9/0x130 [idxd]\n[ 1987.384341] idxd_evl_fault_work+0x127/0x390 [idxd]\n[ 1987.389878] process_one_work+0x13e/0x300\n[ 1987.394435] ? __pfx_worker_thread+0x10/0x10\n[ 1987.399284] worker_thread+0x2f7/0x420\n[ 1987.403544] ? _raw_spin_unlock_irqrestore+0x2b/0x50\n[ 1987.409171] ? __pfx_worker_thread+0x10/0x10\n[ 1987.414019] kthread+0x107/0x140\n[ 1987.417693] ? __pfx_kthread+0x10/0x10\n[ 1987.421954] ret_from_fork+0x3d/0x60\n[ 1987.426019] ? __pfx_kthread+0x10/0x10\n[ 1987.430281] ret_from_fork_asm+0x1b/0x30\n[ 1987.434744] \u003c/TASK\u003e\n\nThe issue arises because event log cache is created using\nkmem_cache_create() which is not suitable for user copy.\n\nFix the issue by creating event log cache with\nkmem_cache_create_usercopy(), ensuring safe user copy." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:59.064Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5e3022ea42e490a36ec6f2cfa6fc603deb0bace4" }, { "url": "https://git.kernel.org/stable/c/bb71e040323175e18c233a9afef32ba14fa64eb7" }, { "url": "https://git.kernel.org/stable/c/d3ea125df37dc37972d581b74a5d3785c3f283ab" } ], "title": "dmaengine: idxd: Ensure safe user copy of completion record", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26746", "datePublished": "2024-04-04T08:20:13.846Z", "dateReserved": "2024-02-19T14:20:24.168Z", "dateUpdated": "2024-11-05T09:14:59.064Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26760
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
scsi: target: pscsi: Fix bio_put() for error case
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.227Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f49b20fd0134da84a6bd8108f9e73c077b7d6231" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4ebc079f0c7dcda1270843ab0f38ab4edb8f7921" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1cfe9489fb563e9a0c9cdc5ca68257a44428c2ec" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/de959094eb2197636f7c803af0943cb9d3b35804" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26760", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:34.318502Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:14.606Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/target/target_core_pscsi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f49b20fd0134", "status": "affected", "version": "066ff571011d", "versionType": "git" }, { "lessThan": "4ebc079f0c7d", "status": "affected", "version": "066ff571011d", "versionType": "git" }, { "lessThan": "1cfe9489fb56", "status": "affected", "version": "066ff571011d", "versionType": "git" }, { "lessThan": "de959094eb21", "status": "affected", "version": "066ff571011d", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/target/target_core_pscsi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.19" }, { "lessThan": "5.19", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: pscsi: Fix bio_put() for error case\n\nAs of commit 066ff571011d (\"block: turn bio_kmalloc into a simple kmalloc\nwrapper\"), a bio allocated by bio_kmalloc() must be freed by bio_uninit()\nand kfree(). That is not done properly for the error case, hitting WARN and\nNULL pointer dereference in bio_free()." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:15.110Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f49b20fd0134da84a6bd8108f9e73c077b7d6231" }, { "url": "https://git.kernel.org/stable/c/4ebc079f0c7dcda1270843ab0f38ab4edb8f7921" }, { "url": "https://git.kernel.org/stable/c/1cfe9489fb563e9a0c9cdc5ca68257a44428c2ec" }, { "url": "https://git.kernel.org/stable/c/de959094eb2197636f7c803af0943cb9d3b35804" } ], "title": "scsi: target: pscsi: Fix bio_put() for error case", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26760", "datePublished": "2024-04-03T17:00:44.230Z", "dateReserved": "2024-02-19T14:20:24.171Z", "dateUpdated": "2024-11-05T09:15:15.110Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26716
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
usb: core: Prevent null pointer dereference in update_port_device_state
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26716", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T19:29:15.448916Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T19:29:25.918Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.989Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ed85777c640cf9e6920bb1b60ed8cd48e1f4d873" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/465b545d1d7ef282192ddd4439b08279bdb13f6f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/12783c0b9e2c7915a50d5ec829630ff2da50472c" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/usb/core/hub.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "ed85777c640c", "status": "affected", "version": "83cb2604f641", "versionType": "git" }, { "lessThan": "465b545d1d7e", "status": "affected", "version": "83cb2604f641", "versionType": "git" }, { "lessThan": "12783c0b9e2c", "status": "affected", "version": "83cb2604f641", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/usb/core/hub.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.5" }, { "lessThan": "6.5", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: core: Prevent null pointer dereference in update_port_device_state\n\nCurrently, the function update_port_device_state gets the usb_hub from\nudev-\u003eparent by calling usb_hub_to_struct_hub.\nHowever, in case the actconfig or the maxchild is 0, the usb_hub would\nbe NULL and upon further accessing to get port_dev would result in null\npointer dereference.\n\nFix this by introducing an if check after the usb_hub is populated." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:25.452Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/ed85777c640cf9e6920bb1b60ed8cd48e1f4d873" }, { "url": "https://git.kernel.org/stable/c/465b545d1d7ef282192ddd4439b08279bdb13f6f" }, { "url": "https://git.kernel.org/stable/c/12783c0b9e2c7915a50d5ec829630ff2da50472c" } ], "title": "usb: core: Prevent null pointer dereference in update_port_device_state", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26716", "datePublished": "2024-04-03T14:55:17.305Z", "dateReserved": "2024-02-19T14:20:24.160Z", "dateUpdated": "2024-11-05T09:14:25.452Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26697
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
nilfs2: fix data corruption in dsync block recovery for small block sizes
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.662Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5278c3eb6bf5896417572b52adb6be9d26e92f65" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a6efe6dbaaf504f5b3f8a5c3f711fe54e7dda0ba" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/364a66be2abdcd4fd426ffa44d9b8f40aafb3caa" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/120f7fa2008e3bd8b7680b4ab5df942decf60fd5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9c9c68d64fd3284f7097ed6ae057c8441f39fcd3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2e1480538ef60bfee5473dfe02b1ecbaf1a4aa0d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2000016bab499074e6248ea85aeea7dd762355d9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/67b8bcbaed4777871bb0dcc888fb02a614a98ab1" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26697", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:50.686290Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:29.604Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/nilfs2/recovery.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5278c3eb6bf5", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "a6efe6dbaaf5", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "364a66be2abd", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "120f7fa2008e", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "9c9c68d64fd3", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "2e1480538ef6", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "2000016bab49", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "67b8bcbaed47", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/nilfs2/recovery.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.307", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.269", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix data corruption in dsync block recovery for small block sizes\n\nThe helper function nilfs_recovery_copy_block() of\nnilfs_recovery_dsync_blocks(), which recovers data from logs created by\ndata sync writes during a mount after an unclean shutdown, incorrectly\ncalculates the on-page offset when copying repair data to the file\u0027s page\ncache. In environments where the block size is smaller than the page\nsize, this flaw can cause data corruption and leak uninitialized memory\nbytes during the recovery process.\n\nFix these issues by correcting this byte offset calculation on the page." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:05.426Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5278c3eb6bf5896417572b52adb6be9d26e92f65" }, { "url": "https://git.kernel.org/stable/c/a6efe6dbaaf504f5b3f8a5c3f711fe54e7dda0ba" }, { "url": "https://git.kernel.org/stable/c/364a66be2abdcd4fd426ffa44d9b8f40aafb3caa" }, { "url": "https://git.kernel.org/stable/c/120f7fa2008e3bd8b7680b4ab5df942decf60fd5" }, { "url": "https://git.kernel.org/stable/c/9c9c68d64fd3284f7097ed6ae057c8441f39fcd3" }, { "url": "https://git.kernel.org/stable/c/2e1480538ef60bfee5473dfe02b1ecbaf1a4aa0d" }, { "url": "https://git.kernel.org/stable/c/2000016bab499074e6248ea85aeea7dd762355d9" }, { "url": "https://git.kernel.org/stable/c/67b8bcbaed4777871bb0dcc888fb02a614a98ab1" } ], "title": "nilfs2: fix data corruption in dsync block recovery for small block sizes", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26697", "datePublished": "2024-04-03T14:54:57.848Z", "dateReserved": "2024-02-19T14:20:24.156Z", "dateUpdated": "2024-11-05T09:14:05.426Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26715
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26715", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T17:49:51.140719Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:25.920Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.001Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/88936ceab6b426f1312327e9ef849c215c6007a7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/57e2e42ccd3cd6183228269715ed032f44536751" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c7ebd8149ee519d27232e6e4940e9c02071b568b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/36695d5eeeefe5a64b47d0336e7c8fc144e78182" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/61a348857e869432e6a920ad8ea9132e8d44c316" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/usb/dwc3/gadget.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "88936ceab6b4", "status": "affected", "version": "9772b47a4c29", "versionType": "git" }, { "lessThan": "57e2e42ccd3c", "status": "affected", "version": "9772b47a4c29", "versionType": "git" }, { "lessThan": "c7ebd8149ee5", "status": "affected", "version": "9772b47a4c29", "versionType": "git" }, { "lessThan": "36695d5eeeef", "status": "affected", "version": "9772b47a4c29", "versionType": "git" }, { "lessThan": "61a348857e86", "status": "affected", "version": "9772b47a4c29", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/usb/dwc3/gadget.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.6" }, { "lessThan": "4.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend\n\nIn current scenario if Plug-out and Plug-In performed continuously\nthere could be a chance while checking for dwc-\u003egadget_driver in\ndwc3_gadget_suspend, a NULL pointer dereference may occur.\n\nCall Stack:\n\n\tCPU1: CPU2:\n\tgadget_unbind_driver dwc3_suspend_common\n\tdwc3_gadget_stop dwc3_gadget_suspend\n dwc3_disconnect_gadget\n\nCPU1 basically clears the variable and CPU2 checks the variable.\nConsider CPU1 is running and right before gadget_driver is cleared\nand in parallel CPU2 executes dwc3_gadget_suspend where it finds\ndwc-\u003egadget_driver which is not NULL and resumes execution and then\nCPU1 completes execution. CPU2 executes dwc3_disconnect_gadget where\nit checks dwc-\u003egadget_driver is already NULL because of which the\nNULL pointer deference occur." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:24.360Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/88936ceab6b426f1312327e9ef849c215c6007a7" }, { "url": "https://git.kernel.org/stable/c/57e2e42ccd3cd6183228269715ed032f44536751" }, { "url": "https://git.kernel.org/stable/c/c7ebd8149ee519d27232e6e4940e9c02071b568b" }, { "url": "https://git.kernel.org/stable/c/36695d5eeeefe5a64b47d0336e7c8fc144e78182" }, { "url": "https://git.kernel.org/stable/c/61a348857e869432e6a920ad8ea9132e8d44c316" } ], "title": "usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26715", "datePublished": "2024-04-03T14:55:16.395Z", "dateReserved": "2024-02-19T14:20:24.160Z", "dateUpdated": "2024-11-05T09:14:24.360Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26696
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.590Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/228742b2ddfb99dfd71e5a307e6088ab6836272e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/862ee4422c38be5c249844a684b00d0dbe9d1e46" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/98a4026b22ff440c7f47056481bcbbe442f607d6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7e9b622bd0748cc104d66535b76d9b3535f9dc0f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8494ba2c9ea00a54d5b50e69b22c55a8958bce32" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ea5ddbc11613b55e5128c85f57b08f907abd9b28" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e38585401d464578d30f5868ff4ca54475c34f7d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/38296afe3c6ee07319e01bb249aa4bb47c07b534" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26696", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:53.851812Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:30.066Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/nilfs2/file.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "228742b2ddfb", "status": "affected", "version": "1d1d1a767206", "versionType": "git" }, { "lessThan": "862ee4422c38", "status": "affected", "version": "1d1d1a767206", "versionType": "git" }, { "lessThan": "98a4026b22ff", "status": "affected", "version": "1d1d1a767206", "versionType": "git" }, { "lessThan": "7e9b622bd074", "status": "affected", "version": "1d1d1a767206", "versionType": "git" }, { "lessThan": "8494ba2c9ea0", "status": "affected", "version": "1d1d1a767206", "versionType": "git" }, { "lessThan": "ea5ddbc11613", "status": "affected", "version": "1d1d1a767206", "versionType": "git" }, { "lessThan": "e38585401d46", "status": "affected", "version": "1d1d1a767206", "versionType": "git" }, { "lessThan": "38296afe3c6e", "status": "affected", "version": "1d1d1a767206", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/nilfs2/file.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.9" }, { "lessThan": "3.9", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.307", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.269", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix hang in nilfs_lookup_dirty_data_buffers()\n\nSyzbot reported a hang issue in migrate_pages_batch() called by mbind()\nand nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2.\n\nWhile migrate_pages_batch() locks a folio and waits for the writeback to\ncomplete, the log writer thread that should bring the writeback to\ncompletion picks up the folio being written back in\nnilfs_lookup_dirty_data_buffers() that it calls for subsequent log\ncreation and was trying to lock the folio. Thus causing a deadlock.\n\nIn the first place, it is unexpected that folios/pages in the middle of\nwriteback will be updated and become dirty. Nilfs2 adds a checksum to\nverify the validity of the log being written and uses it for recovery at\nmount, so data changes during writeback are suppressed. Since this is\nbroken, an unclean shutdown could potentially cause recovery to fail.\n\nInvestigation revealed that the root cause is that the wait for writeback\ncompletion in nilfs_page_mkwrite() is conditional, and if the backing\ndevice does not require stable writes, data may be modified without\nwaiting.\n\nFix these issues by making nilfs_page_mkwrite() wait for writeback to\nfinish regardless of the stable write requirement of the backing device." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:04.276Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/228742b2ddfb99dfd71e5a307e6088ab6836272e" }, { "url": "https://git.kernel.org/stable/c/862ee4422c38be5c249844a684b00d0dbe9d1e46" }, { "url": "https://git.kernel.org/stable/c/98a4026b22ff440c7f47056481bcbbe442f607d6" }, { "url": "https://git.kernel.org/stable/c/7e9b622bd0748cc104d66535b76d9b3535f9dc0f" }, { "url": "https://git.kernel.org/stable/c/8494ba2c9ea00a54d5b50e69b22c55a8958bce32" }, { "url": "https://git.kernel.org/stable/c/ea5ddbc11613b55e5128c85f57b08f907abd9b28" }, { "url": "https://git.kernel.org/stable/c/e38585401d464578d30f5868ff4ca54475c34f7d" }, { "url": "https://git.kernel.org/stable/c/38296afe3c6ee07319e01bb249aa4bb47c07b534" } ], "title": "nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26696", "datePublished": "2024-04-03T14:54:56.926Z", "dateReserved": "2024-02-19T14:20:24.156Z", "dateUpdated": "2024-11-05T09:14:04.276Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26702
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 15:06
Severity ?
EPSS score ?
Summary
iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26702", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T15:20:17.184977Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T15:06:19.230Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.653Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7200170e88e3ec54d9e9c63f07514c3cead11481" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/36a49290d7e6d554020057a409747a092b1d3b56" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8d5838a473e8e6d812257c69745f5920e4924a60" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/176256ff8abff29335ecff905a09fb49e8dcf513" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1d8c67e94e9e977603473a543d4f322cf2c4aa01" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/57d05dbbcd0b3dc0c252103b43012eef5d6430d1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/792595bab4925aa06532a14dd256db523eb4fa5e" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/iio/magnetometer/rm3100-core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "7200170e88e3", "status": "affected", "version": "121354b2eceb", "versionType": "git" }, { "lessThan": "36a49290d7e6", "status": "affected", "version": "121354b2eceb", "versionType": "git" }, { "lessThan": "8d5838a473e8", "status": "affected", "version": "121354b2eceb", "versionType": "git" }, { "lessThan": "176256ff8abf", "status": "affected", "version": "121354b2eceb", "versionType": "git" }, { "lessThan": "1d8c67e94e9e", "status": "affected", "version": "121354b2eceb", "versionType": "git" }, { "lessThan": "57d05dbbcd0b", "status": "affected", "version": "121354b2eceb", "versionType": "git" }, { "lessThan": "792595bab492", "status": "affected", "version": "121354b2eceb", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/iio/magnetometer/rm3100-core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.0" }, { "lessThan": "5.0", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.269", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC\n\nRecently, we encounter kernel crash in function rm3100_common_probe\ncaused by out of bound access of array rm3100_samp_rates (because of\nunderlying hardware failures). Add boundary check to prevent out of\nbound access." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:09.923Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/7200170e88e3ec54d9e9c63f07514c3cead11481" }, { "url": "https://git.kernel.org/stable/c/36a49290d7e6d554020057a409747a092b1d3b56" }, { "url": "https://git.kernel.org/stable/c/8d5838a473e8e6d812257c69745f5920e4924a60" }, { "url": "https://git.kernel.org/stable/c/176256ff8abff29335ecff905a09fb49e8dcf513" }, { "url": "https://git.kernel.org/stable/c/1d8c67e94e9e977603473a543d4f322cf2c4aa01" }, { "url": "https://git.kernel.org/stable/c/57d05dbbcd0b3dc0c252103b43012eef5d6430d1" }, { "url": "https://git.kernel.org/stable/c/792595bab4925aa06532a14dd256db523eb4fa5e" } ], "title": "iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26702", "datePublished": "2024-04-03T14:55:01.025Z", "dateReserved": "2024-02-19T14:20:24.157Z", "dateUpdated": "2024-11-05T15:06:19.230Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26718
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
dm-crypt, dm-verity: disable tasklets
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.969Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/30884a44e0cedc3dfda8c22432f3ba4078ec2d94" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5735a2671ffb70ea29ca83969fe01316ee2ed6fc" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0c45a20cbe68bc4d681734f5c03891124a274257" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0a9bab391e336489169b95cb0d4553d921302189" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26718", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:23.335095Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:24.008Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/md/dm-crypt.c", "drivers/md/dm-verity-target.c", "drivers/md/dm-verity.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "b825e0f9d68c", "status": "affected", "version": "39d42fa96ba1", "versionType": "git" }, { "lessThan": "30884a44e0ce", "status": "affected", "version": "39d42fa96ba1", "versionType": "git" }, { "lessThan": "5735a2671ffb", "status": "affected", "version": "39d42fa96ba1", "versionType": "git" }, { "lessThan": "0c45a20cbe68", "status": "affected", "version": "39d42fa96ba1", "versionType": "git" }, { "lessThan": "0a9bab391e33", "status": "affected", "version": "39d42fa96ba1", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/md/dm-crypt.c", "drivers/md/dm-verity-target.c", "drivers/md/dm-verity.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.9" }, { "lessThan": "5.9", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.169", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm-crypt, dm-verity: disable tasklets\n\nTasklets have an inherent problem with memory corruption. The function\ntasklet_action_common calls tasklet_trylock, then it calls the tasklet\ncallback and then it calls tasklet_unlock. If the tasklet callback frees\nthe structure that contains the tasklet or if it calls some code that may\nfree it, tasklet_unlock will write into free memory.\n\nThe commits 8e14f610159d and d9a02e016aaf try to fix it for dm-crypt, but\nit is not a sufficient fix and the data corruption can still happen [1].\nThere is no fix for dm-verity and dm-verity will write into free memory\nwith every tasklet-processed bio.\n\nThere will be atomic workqueues implemented in the kernel 6.9 [2]. They\nwill have better interface and they will not suffer from the memory\ncorruption problem.\n\nBut we need something that stops the memory corruption now and that can be\nbackported to the stable kernels. So, I\u0027m proposing this commit that\ndisables tasklets in both dm-crypt and dm-verity. This commit doesn\u0027t\nremove the tasklet support, because the tasklet code will be reused when\natomic workqueues will be implemented.\n\n[1] https://lore.kernel.org/all/d390d7ee-f142-44d3-822a-87949e14608b@suse.de/T/\n[2] https://lore.kernel.org/lkml/20240130091300.2968534-1-tj@kernel.org/" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:27.761Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/b825e0f9d68c178072bffd32dd34c39e3d2d597a" }, { "url": "https://git.kernel.org/stable/c/30884a44e0cedc3dfda8c22432f3ba4078ec2d94" }, { "url": "https://git.kernel.org/stable/c/5735a2671ffb70ea29ca83969fe01316ee2ed6fc" }, { "url": "https://git.kernel.org/stable/c/0c45a20cbe68bc4d681734f5c03891124a274257" }, { "url": "https://git.kernel.org/stable/c/0a9bab391e336489169b95cb0d4553d921302189" } ], "title": "dm-crypt, dm-verity: disable tasklets", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26718", "datePublished": "2024-04-03T14:55:18.756Z", "dateReserved": "2024-02-19T14:20:24.161Z", "dateUpdated": "2024-11-05T09:14:27.761Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26713
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26713", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-05T18:01:44.698255Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:56.868Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.936Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9978d5b744e0227afe19e3bcb4c5f75442dde753" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d4f762d6403f7419de90d7749fa83dd92ffb0e1d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ed8b94f6e0acd652ce69bd69d678a0c769172df8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/powerpc/include/asm/ppc-pci.h", "arch/powerpc/kernel/iommu.c", "arch/powerpc/platforms/pseries/pci_dlpar.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "9978d5b744e0", "status": "affected", "version": "a940904443e4", "versionType": "git" }, { "lessThan": "d4f762d6403f", "status": "affected", "version": "a940904443e4", "versionType": "git" }, { "lessThan": "ed8b94f6e0ac", "status": "affected", "version": "a940904443e4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/powerpc/include/asm/ppc-pci.h", "arch/powerpc/kernel/iommu.c", "arch/powerpc/platforms/pseries/pci_dlpar.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.4" }, { "lessThan": "6.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: Fix iommu initialisation during DLPAR add\n\nWhen a PCI device is dynamically added, the kernel oopses with a NULL\npointer dereference:\n\n BUG: Kernel NULL pointer dereference on read at 0x00000030\n Faulting instruction address: 0xc0000000006bbe5c\n Oops: Kernel access of bad area, sig: 11 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in: rpadlpar_io rpaphp rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache netfs xsk_diag bonding nft_compat nf_tables nfnetlink rfkill binfmt_misc dm_multipath rpcrdma sunrpc rdma_ucm ib_srpt ib_isert iscsi_target_mod target_core_mod ib_umad ib_iser libiscsi scsi_transport_iscsi ib_ipoib rdma_cm iw_cm ib_cm mlx5_ib ib_uverbs ib_core pseries_rng drm drm_panel_orientation_quirks xfs libcrc32c mlx5_core mlxfw sd_mod t10_pi sg tls ibmvscsi ibmveth scsi_transport_srp vmx_crypto pseries_wdt psample dm_mirror dm_region_hash dm_log dm_mod fuse\n CPU: 17 PID: 2685 Comm: drmgr Not tainted 6.7.0-203405+ #66\n Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n NIP: c0000000006bbe5c LR: c000000000a13e68 CTR: c0000000000579f8\n REGS: c00000009924f240 TRAP: 0300 Not tainted (6.7.0-203405+)\n MSR: 8000000000009033 \u003cSF,EE,ME,IR,DR,RI,LE\u003e CR: 24002220 XER: 20040006\n CFAR: c000000000a13e64 DAR: 0000000000000030 DSISR: 40000000 IRQMASK: 0\n ...\n NIP sysfs_add_link_to_group+0x34/0x94\n LR iommu_device_link+0x5c/0x118\n Call Trace:\n iommu_init_device+0x26c/0x318 (unreliable)\n iommu_device_link+0x5c/0x118\n iommu_init_device+0xa8/0x318\n iommu_probe_device+0xc0/0x134\n iommu_bus_notifier+0x44/0x104\n notifier_call_chain+0xb8/0x19c\n blocking_notifier_call_chain+0x64/0x98\n bus_notify+0x50/0x7c\n device_add+0x640/0x918\n pci_device_add+0x23c/0x298\n of_create_pci_dev+0x400/0x884\n of_scan_pci_dev+0x124/0x1b0\n __of_scan_bus+0x78/0x18c\n pcibios_scan_phb+0x2a4/0x3b0\n init_phb_dynamic+0xb8/0x110\n dlpar_add_slot+0x170/0x3b8 [rpadlpar_io]\n add_slot_store.part.0+0xb4/0x130 [rpadlpar_io]\n kobj_attr_store+0x2c/0x48\n sysfs_kf_write+0x64/0x78\n kernfs_fop_write_iter+0x1b0/0x290\n vfs_write+0x350/0x4a0\n ksys_write+0x84/0x140\n system_call_exception+0x124/0x330\n system_call_vectored_common+0x15c/0x2ec\n\nCommit a940904443e4 (\"powerpc/iommu: Add iommu_ops to report capabilities\nand allow blocking domains\") broke DLPAR add of PCI devices.\n\nThe above added iommu_device structure to pci_controller. During\nsystem boot, PCI devices are discovered and this newly added iommu_device\nstructure is initialized by a call to iommu_device_register().\n\nDuring DLPAR add of a PCI device, a new pci_controller structure is\nallocated but there are no calls made to iommu_device_register()\ninterface.\n\nFix is to register the iommu device during DLPAR add as well.\n\n[mpe: Trim oops and tweak some change log wording]" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:22.121Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/9978d5b744e0227afe19e3bcb4c5f75442dde753" }, { "url": "https://git.kernel.org/stable/c/d4f762d6403f7419de90d7749fa83dd92ffb0e1d" }, { "url": "https://git.kernel.org/stable/c/ed8b94f6e0acd652ce69bd69d678a0c769172df8" } ], "title": "powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26713", "datePublished": "2024-04-03T14:55:14.857Z", "dateReserved": "2024-02-19T14:20:24.159Z", "dateUpdated": "2024-11-05T09:14:22.121Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26725
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
dpll: fix possible deadlock during netlink dump operation
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.969Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/087739cbd0d0b87b6cec2c0799436ac66e24acc8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/53c0441dd2c44ee93fddb5473885fd41e4bc2361" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26725", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:52:13.550439Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:32:52.134Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "Documentation/netlink/specs/dpll.yaml", "drivers/dpll/dpll_netlink.c", "drivers/dpll/dpll_nl.c", "drivers/dpll/dpll_nl.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "087739cbd0d0", "status": "affected", "version": "9d71b54b65b1", "versionType": "git" }, { "lessThan": "53c0441dd2c4", "status": "affected", "version": "9d71b54b65b1", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "Documentation/netlink/specs/dpll.yaml", "drivers/dpll/dpll_netlink.c", "drivers/dpll/dpll_nl.c", "drivers/dpll/dpll_nl.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.7" }, { "lessThan": "6.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndpll: fix possible deadlock during netlink dump operation\n\nRecently, I\u0027ve been hitting following deadlock warning during dpll pin\ndump:\n\n[52804.637962] ======================================================\n[52804.638536] WARNING: possible circular locking dependency detected\n[52804.639111] 6.8.0-rc2jiri+ #1 Not tainted\n[52804.639529] ------------------------------------------------------\n[52804.640104] python3/2984 is trying to acquire lock:\n[52804.640581] ffff88810e642678 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}, at: netlink_dump+0xb3/0x780\n[52804.641417]\n but task is already holding lock:\n[52804.642010] ffffffff83bde4c8 (dpll_lock){+.+.}-{3:3}, at: dpll_lock_dumpit+0x13/0x20\n[52804.642747]\n which lock already depends on the new lock.\n\n[52804.643551]\n the existing dependency chain (in reverse order) is:\n[52804.644259]\n -\u003e #1 (dpll_lock){+.+.}-{3:3}:\n[52804.644836] lock_acquire+0x174/0x3e0\n[52804.645271] __mutex_lock+0x119/0x1150\n[52804.645723] dpll_lock_dumpit+0x13/0x20\n[52804.646169] genl_start+0x266/0x320\n[52804.646578] __netlink_dump_start+0x321/0x450\n[52804.647056] genl_family_rcv_msg_dumpit+0x155/0x1e0\n[52804.647575] genl_rcv_msg+0x1ed/0x3b0\n[52804.648001] netlink_rcv_skb+0xdc/0x210\n[52804.648440] genl_rcv+0x24/0x40\n[52804.648831] netlink_unicast+0x2f1/0x490\n[52804.649290] netlink_sendmsg+0x36d/0x660\n[52804.649742] __sock_sendmsg+0x73/0xc0\n[52804.650165] __sys_sendto+0x184/0x210\n[52804.650597] __x64_sys_sendto+0x72/0x80\n[52804.651045] do_syscall_64+0x6f/0x140\n[52804.651474] entry_SYSCALL_64_after_hwframe+0x46/0x4e\n[52804.652001]\n -\u003e #0 (nlk_cb_mutex-GENERIC){+.+.}-{3:3}:\n[52804.652650] check_prev_add+0x1ae/0x1280\n[52804.653107] __lock_acquire+0x1ed3/0x29a0\n[52804.653559] lock_acquire+0x174/0x3e0\n[52804.653984] __mutex_lock+0x119/0x1150\n[52804.654423] netlink_dump+0xb3/0x780\n[52804.654845] __netlink_dump_start+0x389/0x450\n[52804.655321] genl_family_rcv_msg_dumpit+0x155/0x1e0\n[52804.655842] genl_rcv_msg+0x1ed/0x3b0\n[52804.656272] netlink_rcv_skb+0xdc/0x210\n[52804.656721] genl_rcv+0x24/0x40\n[52804.657119] netlink_unicast+0x2f1/0x490\n[52804.657570] netlink_sendmsg+0x36d/0x660\n[52804.658022] __sock_sendmsg+0x73/0xc0\n[52804.658450] __sys_sendto+0x184/0x210\n[52804.658877] __x64_sys_sendto+0x72/0x80\n[52804.659322] do_syscall_64+0x6f/0x140\n[52804.659752] entry_SYSCALL_64_after_hwframe+0x46/0x4e\n[52804.660281]\n other info that might help us debug this:\n\n[52804.661077] Possible unsafe locking scenario:\n\n[52804.661671] CPU0 CPU1\n[52804.662129] ---- ----\n[52804.662577] lock(dpll_lock);\n[52804.662924] lock(nlk_cb_mutex-GENERIC);\n[52804.663538] lock(dpll_lock);\n[52804.664073] lock(nlk_cb_mutex-GENERIC);\n[52804.664490]\n\nThe issue as follows: __netlink_dump_start() calls control-\u003estart(cb)\nwith nlk-\u003ecb_mutex held. In control-\u003estart(cb) the dpll_lock is taken.\nThen nlk-\u003ecb_mutex is released and taken again in netlink_dump(), while\ndpll_lock still being held. That leads to ABBA deadlock when another\nCPU races with the same operation.\n\nFix this by moving dpll_lock taking into dumpit() callback which ensures\ncorrect lock taking order." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:35.612Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/087739cbd0d0b87b6cec2c0799436ac66e24acc8" }, { "url": "https://git.kernel.org/stable/c/53c0441dd2c44ee93fddb5473885fd41e4bc2361" } ], "title": "dpll: fix possible deadlock during netlink dump operation", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26725", "datePublished": "2024-04-03T14:55:24.074Z", "dateReserved": "2024-02-19T14:20:24.163Z", "dateUpdated": "2024-11-05T09:14:35.612Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26758
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
md: Don't ignore suspended array in md_check_recovery()
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26758", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T15:44:46.004126Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-04T17:38:20.783Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.281Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a55f0d6179a19c6b982e2dc344d58c98647a3be0" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1baae052cccd08daf9a9d64c3f959d8cdb689757" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/md/md.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "a55f0d6179a1", "status": "affected", "version": "68866e425be2", "versionType": "git" }, { "lessThan": "1baae052cccd", "status": "affected", "version": "68866e425be2", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/md/md.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.0" }, { "lessThan": "3.0", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\u0027t ignore suspended array in md_check_recovery()\n\nmddev_suspend() never stop sync_thread, hence it doesn\u0027t make sense to\nignore suspended array in md_check_recovery(), which might cause\nsync_thread can\u0027t be unregistered.\n\nAfter commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) suspend the array:\nraid_postsuspend\n mddev_suspend\n\n2) stop the array:\nraid_dtr\n md_stop\n __md_stop_writes\n stop_sync_thread\n set_bit(MD_RECOVERY_INTR, \u0026mddev-\u003erecovery);\n md_wakeup_thread_directly(mddev-\u003esync_thread);\n wait_event(..., !test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery))\n\n3) sync thread done:\nmd_do_sync\n set_bit(MD_RECOVERY_DONE, \u0026mddev-\u003erecovery);\n md_wakeup_thread(mddev-\u003ethread);\n\n4) daemon thread can\u0027t unregister sync thread:\nmd_check_recovery\n if (mddev-\u003esuspended)\n return; -\u003e return directly\n md_read_sync_thread\n clear_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery);\n -\u003e MD_RECOVERY_RUNNING can\u0027t be cleared, hence step 2 hang;\n\nThis problem is not just related to dm-raid, fix it by ignoring\nsuspended array in md_check_recovery(). And follow up patches will\nimprove dm-raid better to frozen sync thread during suspend." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:12.841Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/a55f0d6179a19c6b982e2dc344d58c98647a3be0" }, { "url": "https://git.kernel.org/stable/c/1baae052cccd08daf9a9d64c3f959d8cdb689757" } ], "title": "md: Don\u0027t ignore suspended array in md_check_recovery()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26758", "datePublished": "2024-04-03T17:00:42.448Z", "dateReserved": "2024-02-19T14:20:24.170Z", "dateUpdated": "2024-11-05T09:15:12.841Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26694
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
wifi: iwlwifi: fix double-free bug
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26694", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T19:29:52.861166Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T19:30:17.789Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.834Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ab9d4bb9a1892439b3123fc52b19e32b9cdf80ad" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d24eb9a27bea8fe5237fa71be274391d9d51eff2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/353d321f63f7dbfc9ef58498cc732c9fe886a596" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/wireless/intel/iwlwifi/iwl-drv.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "ab9d4bb9a189", "status": "affected", "version": "5e31b3df86ec", "versionType": "git" }, { "lessThan": "d24eb9a27bea", "status": "affected", "version": "5e31b3df86ec", "versionType": "git" }, { "lessThan": "353d321f63f7", "status": "affected", "version": "5e31b3df86ec", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/wireless/intel/iwlwifi/iwl-drv.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.4" }, { "lessThan": "6.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: fix double-free bug\n\nThe storage for the TLV PC register data wasn\u0027t done like all\nthe other storage in the drv-\u003efw area, which is cleared at the\nend of deallocation. Therefore, the freeing must also be done\ndifferently, explicitly NULL\u0027ing it out after the free, since\notherwise there\u0027s a nasty double-free bug here if a file fails\nto load after this has been parsed, and we get another free\nlater (e.g. because no other file exists.) Fix that by adding\nthe missing NULL assignment." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:01.997Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/ab9d4bb9a1892439b3123fc52b19e32b9cdf80ad" }, { "url": "https://git.kernel.org/stable/c/d24eb9a27bea8fe5237fa71be274391d9d51eff2" }, { "url": "https://git.kernel.org/stable/c/353d321f63f7dbfc9ef58498cc732c9fe886a596" } ], "title": "wifi: iwlwifi: fix double-free bug", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26694", "datePublished": "2024-04-03T14:54:55.138Z", "dateReserved": "2024-02-19T14:20:24.156Z", "dateUpdated": "2024-11-05T09:14:01.997Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26783
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26783", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T16:20:18.928013Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:21.039Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.473Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d6159bd4c00594249e305bfe02304c67c506264e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bdd21eed8b72f9e28d6c279f6db258e090c79080" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2774f256e7c0219e2b0a0894af1c76bdabc4f974" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "mm/migrate.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "d6159bd4c005", "status": "affected", "version": "c574bbe91703", "versionType": "git" }, { "lessThan": "bdd21eed8b72", "status": "affected", "version": "c574bbe91703", "versionType": "git" }, { "lessThan": "2774f256e7c0", "status": "affected", "version": "c574bbe91703", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "mm/migrate.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.18" }, { "lessThan": "5.18", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.22", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index\n\nWith numa balancing on, when a numa system is running where a numa node\ndoesn\u0027t have its local memory so it has no managed zones, the following\noops has been observed. It\u0027s because wakeup_kswapd() is called with a\nwrong zone index, -1. Fixed it by checking the index before calling\nwakeup_kswapd().\n\n\u003e BUG: unable to handle page fault for address: 00000000000033f3\n\u003e #PF: supervisor read access in kernel mode\n\u003e #PF: error_code(0x0000) - not-present page\n\u003e PGD 0 P4D 0\n\u003e Oops: 0000 [#1] PREEMPT SMP NOPTI\n\u003e CPU: 2 PID: 895 Comm: masim Not tainted 6.6.0-dirty #255\n\u003e Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n\u003e rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n\u003e RIP: 0010:wakeup_kswapd (./linux/mm/vmscan.c:7812)\n\u003e Code: (omitted)\n\u003e RSP: 0000:ffffc90004257d58 EFLAGS: 00010286\n\u003e RAX: ffffffffffffffff RBX: ffff88883fff0480 RCX: 0000000000000003\n\u003e RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88883fff0480\n\u003e RBP: ffffffffffffffff R08: ff0003ffffffffff R09: ffffffffffffffff\n\u003e R10: ffff888106c95540 R11: 0000000055555554 R12: 0000000000000003\n\u003e R13: 0000000000000000 R14: 0000000000000000 R15: ffff88883fff0940\n\u003e FS: 00007fc4b8124740(0000) GS:ffff888827c00000(0000) knlGS:0000000000000000\n\u003e CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\u003e CR2: 00000000000033f3 CR3: 000000026cc08004 CR4: 0000000000770ee0\n\u003e DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n\u003e DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n\u003e PKRU: 55555554\n\u003e Call Trace:\n\u003e \u003cTASK\u003e\n\u003e ? __die\n\u003e ? page_fault_oops\n\u003e ? __pte_offset_map_lock\n\u003e ? exc_page_fault\n\u003e ? asm_exc_page_fault\n\u003e ? wakeup_kswapd\n\u003e migrate_misplaced_page\n\u003e __handle_mm_fault\n\u003e handle_mm_fault\n\u003e do_user_addr_fault\n\u003e exc_page_fault\n\u003e asm_exc_page_fault\n\u003e RIP: 0033:0x55b897ba0808\n\u003e Code: (omitted)\n\u003e RSP: 002b:00007ffeefa821a0 EFLAGS: 00010287\n\u003e RAX: 000055b89983acd0 RBX: 00007ffeefa823f8 RCX: 000055b89983acd0\n\u003e RDX: 00007fc2f8122010 RSI: 0000000000020000 RDI: 000055b89983acd0\n\u003e RBP: 00007ffeefa821a0 R08: 0000000000000037 R09: 0000000000000075\n\u003e R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000\n\u003e R13: 00007ffeefa82410 R14: 000055b897ba5dd8 R15: 00007fc4b8340000\n\u003e \u003c/TASK\u003e" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:44.381Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/d6159bd4c00594249e305bfe02304c67c506264e" }, { "url": "https://git.kernel.org/stable/c/bdd21eed8b72f9e28d6c279f6db258e090c79080" }, { "url": "https://git.kernel.org/stable/c/2774f256e7c0219e2b0a0894af1c76bdabc4f974" } ], "title": "mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26783", "datePublished": "2024-04-04T08:20:17.118Z", "dateReserved": "2024-02-19T14:20:24.177Z", "dateUpdated": "2024-11-05T09:15:44.381Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26778
Vulnerability from cvelistv5
Published
2024-04-03 17:01
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
fbdev: savage: Error out if pixclock equals zero
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26778", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-21T16:06:44.068367Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-21T16:06:55.000Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.314Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/video/fbdev/savage/savagefb_driver.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "224453de8505", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "84dce0f6a4cc", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "512ee6d6041e", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "8c54acf33e5a", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "070398d32c5f", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "bc3c2e58d73b", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "a9ca4e80d234", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "04e5eac8f3ab", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/video/fbdev/savage/savagefb_driver.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.308", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Error out if pixclock equals zero\n\nThe userspace program could pass any values to the driver through\nioctl() interface. If the driver doesn\u0027t check the value of pixclock,\nit may cause divide-by-zero error.\n\nAlthough pixclock is checked in savagefb_decode_var(), but it is not\nchecked properly in savagefb_probe(). Fix this by checking whether\npixclock is zero in the function savagefb_check_var() before\ninfo-\u003evar.pixclock is used as the divisor.\n\nThis is similar to CVE-2022-3061 in i740fb which was fixed by\ncommit 15cf0b8." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:38.751Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1" }, { "url": "https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff" }, { "url": "https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24" }, { "url": "https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1" }, { "url": "https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4" }, { "url": "https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13" }, { "url": "https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01" }, { "url": "https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288" } ], "title": "fbdev: savage: Error out if pixclock equals zero", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26778", "datePublished": "2024-04-03T17:01:08.782Z", "dateReserved": "2024-02-19T14:20:24.177Z", "dateUpdated": "2024-11-05T09:15:38.751Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26801
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:16
Severity ?
EPSS score ?
Summary
Bluetooth: Avoid potential use-after-free in hci_error_reset
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.522Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26801", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-15T19:27:12.303916Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-15T19:27:19.532Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/bluetooth/hci_core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "e0b278650f07", "status": "affected", "version": "c7741d16a57c", "versionType": "git" }, { "lessThan": "98fb98fd37e4", "status": "affected", "version": "c7741d16a57c", "versionType": "git" }, { "lessThan": "6dd0a9dfa99f", "status": "affected", "version": "c7741d16a57c", "versionType": "git" }, { "lessThan": "da4569d450b1", "status": "affected", "version": "c7741d16a57c", "versionType": "git" }, { "lessThan": "45085686b955", "status": "affected", "version": "c7741d16a57c", "versionType": "git" }, { "lessThan": "2ab9a19d896f", "status": "affected", "version": "c7741d16a57c", "versionType": "git" }, { "lessThan": "dd594cdc24f2", "status": "affected", "version": "c7741d16a57c", "versionType": "git" }, { "lessThan": "2449007d3f73", "status": "affected", "version": "c7741d16a57c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/bluetooth/hci_core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.0" }, { "lessThan": "4.0", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.309", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.271", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.212", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.151", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Avoid potential use-after-free in hci_error_reset\n\nWhile handling the HCI_EV_HARDWARE_ERROR event, if the underlying\nBT controller is not responding, the GPIO reset mechanism would\nfree the hci_dev and lead to a use-after-free in hci_error_reset.\n\nHere\u0027s the call trace observed on a ChromeOS device with Intel AX201:\n queue_work_on+0x3e/0x6c\n __hci_cmd_sync_sk+0x2ee/0x4c0 [bluetooth \u003cHASH:3b4a6\u003e]\n ? init_wait_entry+0x31/0x31\n __hci_cmd_sync+0x16/0x20 [bluetooth \u003cHASH:3b4a 6\u003e]\n hci_error_reset+0x4f/0xa4 [bluetooth \u003cHASH:3b4a 6\u003e]\n process_one_work+0x1d8/0x33f\n worker_thread+0x21b/0x373\n kthread+0x13a/0x152\n ? pr_cont_work+0x54/0x54\n ? kthread_blkcg+0x31/0x31\n ret_from_fork+0x1f/0x30\n\nThis patch holds the reference count on the hci_dev while processing\na HCI_EV_HARDWARE_ERROR event to avoid potential crash." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:16:04.890Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/e0b278650f07acf2e0932149183458468a731c03" }, { "url": "https://git.kernel.org/stable/c/98fb98fd37e42fd4ce13ff657ea64503e24b6090" }, { "url": "https://git.kernel.org/stable/c/6dd0a9dfa99f8990a08eb8fdd8e79bee31c7d8e2" }, { "url": "https://git.kernel.org/stable/c/da4569d450b193e39e87119fd316c0291b585d14" }, { "url": "https://git.kernel.org/stable/c/45085686b9559bfbe3a4f41d3d695a520668f5e1" }, { "url": "https://git.kernel.org/stable/c/2ab9a19d896f5a0dd386e1f001c5309bc35f433b" }, { "url": "https://git.kernel.org/stable/c/dd594cdc24f2e48dab441732e6dfcafd6b0711d1" }, { "url": "https://git.kernel.org/stable/c/2449007d3f73b2842c9734f45f0aadb522daf592" } ], "title": "Bluetooth: Avoid potential use-after-free in hci_error_reset", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26801", "datePublished": "2024-04-04T08:20:29.211Z", "dateReserved": "2024-02-19T14:20:24.179Z", "dateUpdated": "2024-11-05T09:16:04.890Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26727
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
btrfs: do not ASSERT() if the newly created subvolume already got read
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26727", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T19:28:59.725318Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T19:29:08.159Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.984Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3f5d47eb163bceb1b9e613c9003bae5fefc0046f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e31546b0f34af21738c4ceac47d662c00ee6382f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/66b317a2fc45b2ef66527ee3f8fa08fb5beab88d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/833775656d447c545133a744a0ed1e189ce61430" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5a172344bfdabb46458e03708735d7b1a918c468" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e03ee2fe873eb68c1f9ba5112fee70303ebf9dfb" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/btrfs/disk-io.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "3f5d47eb163b", "status": "affected", "version": "2dfb1e43f57d", "versionType": "git" }, { "lessThan": "e31546b0f34a", "status": "affected", "version": "2dfb1e43f57d", "versionType": "git" }, { "lessThan": "66b317a2fc45", "status": "affected", "version": "2dfb1e43f57d", "versionType": "git" }, { "lessThan": "833775656d44", "status": "affected", "version": "2dfb1e43f57d", "versionType": "git" }, { "lessThan": "5a172344bfda", "status": "affected", "version": "2dfb1e43f57d", "versionType": "git" }, { "lessThan": "e03ee2fe873e", "status": "affected", "version": "2dfb1e43f57d", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/btrfs/disk-io.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.9" }, { "lessThan": "5.9", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not ASSERT() if the newly created subvolume already got read\n\n[BUG]\nThere is a syzbot crash, triggered by the ASSERT() during subvolume\ncreation:\n\n assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/disk-io.c:1319!\n invalid opcode: 0000 [#1] PREEMPT SMP KASAN\n RIP: 0010:btrfs_get_root_ref.part.0+0x9aa/0xa60\n \u003cTASK\u003e\n btrfs_get_new_fs_root+0xd3/0xf0\n create_subvol+0xd02/0x1650\n btrfs_mksubvol+0xe95/0x12b0\n __btrfs_ioctl_snap_create+0x2f9/0x4f0\n btrfs_ioctl_snap_create+0x16b/0x200\n btrfs_ioctl+0x35f0/0x5cf0\n __x64_sys_ioctl+0x19d/0x210\n do_syscall_64+0x3f/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n ---[ end trace 0000000000000000 ]---\n\n[CAUSE]\nDuring create_subvol(), after inserting root item for the newly created\nsubvolume, we would trigger btrfs_get_new_fs_root() to get the\nbtrfs_root of that subvolume.\n\nThe idea here is, we have preallocated an anonymous device number for\nthe subvolume, thus we can assign it to the new subvolume.\n\nBut there is really nothing preventing things like backref walk to read\nthe new subvolume.\nIf that happens before we call btrfs_get_new_fs_root(), the subvolume\nwould be read out, with a new anonymous device number assigned already.\n\nIn that case, we would trigger ASSERT(), as we really expect no one to\nread out that subvolume (which is not yet accessible from the fs).\nBut things like backref walk is still possible to trigger the read on\nthe subvolume.\n\nThus our assumption on the ASSERT() is not correct in the first place.\n\n[FIX]\nFix it by removing the ASSERT(), and just free the @anon_dev, reset it\nto 0, and continue.\n\nIf the subvolume tree is read out by something else, it should have\nalready get a new anon_dev assigned thus we only need to free the\npreallocated one." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:37.838Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/3f5d47eb163bceb1b9e613c9003bae5fefc0046f" }, { "url": "https://git.kernel.org/stable/c/e31546b0f34af21738c4ceac47d662c00ee6382f" }, { "url": "https://git.kernel.org/stable/c/66b317a2fc45b2ef66527ee3f8fa08fb5beab88d" }, { "url": "https://git.kernel.org/stable/c/833775656d447c545133a744a0ed1e189ce61430" }, { "url": "https://git.kernel.org/stable/c/5a172344bfdabb46458e03708735d7b1a918c468" }, { "url": "https://git.kernel.org/stable/c/e03ee2fe873eb68c1f9ba5112fee70303ebf9dfb" } ], "title": "btrfs: do not ASSERT() if the newly created subvolume already got read", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26727", "datePublished": "2024-04-03T14:55:25.805Z", "dateReserved": "2024-02-19T14:20:24.164Z", "dateUpdated": "2024-11-05T09:14:37.838Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26712
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 15:47
Severity ?
EPSS score ?
Summary
powerpc/kasan: Fix addr error caused by page alignment
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26712", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T15:22:01.316380Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T15:47:32.026Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.618Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/230e89b5ad0a33f530a2a976b3e5e4385cb27882" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2738e0aa2fb24a7ab9c878d912dc2b239738c6c6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0c09912dd8387e228afcc5e34ac5d79b1e3a1058" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0516c06b19dc64807c10e01bb99b552bdf2d7dbe" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/70ef2ba1f4286b2b73675aeb424b590c92d57b25" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/powerpc/mm/kasan/init_32.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "230e89b5ad0a", "status": "affected", "version": "663c0c9496a6", "versionType": "git" }, { "lessThan": "2738e0aa2fb2", "status": "affected", "version": "663c0c9496a6", "versionType": "git" }, { "lessThan": "0c09912dd838", "status": "affected", "version": "663c0c9496a6", "versionType": "git" }, { "lessThan": "0516c06b19dc", "status": "affected", "version": "663c0c9496a6", "versionType": "git" }, { "lessThan": "70ef2ba1f428", "status": "affected", "version": "663c0c9496a6", "versionType": "git" }, { "lessThan": "4a7aee96200a", "status": "affected", "version": "663c0c9496a6", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/powerpc/mm/kasan/init_32.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.4" }, { "lessThan": "5.4", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/kasan: Fix addr error caused by page alignment\n\nIn kasan_init_region, when k_start is not page aligned, at the begin of\nfor loop, k_cur = k_start \u0026 PAGE_MASK is less than k_start, and then\n`va = block + k_cur - k_start` is less than block, the addr va is invalid,\nbecause the memory address space from va to block is not alloced by\nmemblock_alloc, which will not be reserved by memblock_reserve later, it\nwill be used by other places.\n\nAs a result, memory overwriting occurs.\n\nfor example:\nint __init __weak kasan_init_region(void *start, size_t size)\n{\n[...]\n\t/* if say block(dcd97000) k_start(feef7400) k_end(feeff3fe) */\n\tblock = memblock_alloc(k_end - k_start, PAGE_SIZE);\n\t[...]\n\tfor (k_cur = k_start \u0026 PAGE_MASK; k_cur \u003c k_end; k_cur += PAGE_SIZE) {\n\t\t/* at the begin of for loop\n\t\t * block(dcd97000) va(dcd96c00) k_cur(feef7000) k_start(feef7400)\n\t\t * va(dcd96c00) is less than block(dcd97000), va is invalid\n\t\t */\n\t\tvoid *va = block + k_cur - k_start;\n\t\t[...]\n\t}\n[...]\n}\n\nTherefore, page alignment is performed on k_start before\nmemblock_alloc() to ensure the validity of the VA address." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:21.003Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/230e89b5ad0a33f530a2a976b3e5e4385cb27882" }, { "url": "https://git.kernel.org/stable/c/2738e0aa2fb24a7ab9c878d912dc2b239738c6c6" }, { "url": "https://git.kernel.org/stable/c/0c09912dd8387e228afcc5e34ac5d79b1e3a1058" }, { "url": "https://git.kernel.org/stable/c/0516c06b19dc64807c10e01bb99b552bdf2d7dbe" }, { "url": "https://git.kernel.org/stable/c/70ef2ba1f4286b2b73675aeb424b590c92d57b25" }, { "url": "https://git.kernel.org/stable/c/4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0" } ], "title": "powerpc/kasan: Fix addr error caused by page alignment", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26712", "datePublished": "2024-04-03T14:55:14.149Z", "dateReserved": "2024-02-19T14:20:24.159Z", "dateUpdated": "2024-11-05T15:47:32.026Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26729
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26729", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:06:25.283225Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:53.203Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.976Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/351080ba3414c96afff0f1338b4aeb2983195b80" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d2b48f340d9e4a8fbeb1cdc84cd8da6ad143a907" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "351080ba3414", "status": "affected", "version": "028bac583449", "versionType": "git" }, { "lessThan": "d2b48f340d9e", "status": "affected", "version": "028bac583449", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.7" }, { "lessThan": "6.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix potential null pointer dereference in dc_dmub_srv\n\nFixes potential null pointer dereference warnings in the\ndc_dmub_srv_cmd_list_queue_execute() and dc_dmub_srv_is_hw_pwr_up()\nfunctions.\n\nIn both functions, the \u0027dc_dmub_srv\u0027 variable was being dereferenced\nbefore it was checked for null. This could lead to a null pointer\ndereference if \u0027dc_dmub_srv\u0027 is null. The fix is to check if\n\u0027dc_dmub_srv\u0027 is null before dereferencing it.\n\nThus moving the null checks for \u0027dc_dmub_srv\u0027 to the beginning of the\nfunctions to ensure that \u0027dc_dmub_srv\u0027 is not null when it is\ndereferenced.\n\nFound by smatch \u0026 thus fixing the below:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dc_dmub_srv.c:133 dc_dmub_srv_cmd_list_queue_execute() warn: variable dereferenced before check \u0027dc_dmub_srv\u0027 (see line 128)\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dc_dmub_srv.c:1167 dc_dmub_srv_is_hw_pwr_up() warn: variable dereferenced before check \u0027dc_dmub_srv\u0027 (see line 1164)" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:40.065Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/351080ba3414c96afff0f1338b4aeb2983195b80" }, { "url": "https://git.kernel.org/stable/c/d2b48f340d9e4a8fbeb1cdc84cd8da6ad143a907" } ], "title": "drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26729", "datePublished": "2024-04-03T17:00:17.494Z", "dateReserved": "2024-02-19T14:20:24.164Z", "dateUpdated": "2024-11-05T09:14:40.065Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26745
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26745", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T15:11:41.135555Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-31T18:11:38.179Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.198Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7eb95e0af5c9c2e6fad50356eaf32d216d0e7bc3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d4d1e4b1513d975961de7bb4f75e450a92d65ebf" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5da6d306f315344af1ca2eff4bd9b10b130f0c28" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/09a3c1e46142199adcee372a420b024b4fc61051" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/powerpc/platforms/pseries/iommu.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "7eb95e0af5c9", "status": "affected", "version": "b1fc44eaa9ba", "versionType": "git" }, { "lessThan": "d4d1e4b1513d", "status": "affected", "version": "b1fc44eaa9ba", "versionType": "git" }, { "lessThan": "5da6d306f315", "status": "affected", "version": "b1fc44eaa9ba", "versionType": "git" }, { "lessThan": "09a3c1e46142", "status": "affected", "version": "b1fc44eaa9ba", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/powerpc/platforms/pseries/iommu.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.0" }, { "lessThan": "6.0", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV\n\nWhen kdump kernel tries to copy dump data over SR-IOV, LPAR panics due\nto NULL pointer exception:\n\n Kernel attempted to read user page (0) - exploit attempt? (uid: 0)\n BUG: Kernel NULL pointer dereference on read at 0x00000000\n Faulting instruction address: 0xc000000020847ad4\n Oops: Kernel access of bad area, sig: 11 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in: mlx5_core(+) vmx_crypto pseries_wdt papr_scm libnvdimm mlxfw tls psample sunrpc fuse overlay squashfs loop\n CPU: 12 PID: 315 Comm: systemd-udevd Not tainted 6.4.0-Test102+ #12\n Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries\n NIP: c000000020847ad4 LR: c00000002083b2dc CTR: 00000000006cd18c\n REGS: c000000029162ca0 TRAP: 0300 Not tainted (6.4.0-Test102+)\n MSR: 800000000280b033 \u003cSF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE\u003e CR: 48288244 XER: 00000008\n CFAR: c00000002083b2d8 DAR: 0000000000000000 DSISR: 40000000 IRQMASK: 1\n ...\n NIP _find_next_zero_bit+0x24/0x110\n LR bitmap_find_next_zero_area_off+0x5c/0xe0\n Call Trace:\n dev_printk_emit+0x38/0x48 (unreliable)\n iommu_area_alloc+0xc4/0x180\n iommu_range_alloc+0x1e8/0x580\n iommu_alloc+0x60/0x130\n iommu_alloc_coherent+0x158/0x2b0\n dma_iommu_alloc_coherent+0x3c/0x50\n dma_alloc_attrs+0x170/0x1f0\n mlx5_cmd_init+0xc0/0x760 [mlx5_core]\n mlx5_function_setup+0xf0/0x510 [mlx5_core]\n mlx5_init_one+0x84/0x210 [mlx5_core]\n probe_one+0x118/0x2c0 [mlx5_core]\n local_pci_probe+0x68/0x110\n pci_call_probe+0x68/0x200\n pci_device_probe+0xbc/0x1a0\n really_probe+0x104/0x540\n __driver_probe_device+0xb4/0x230\n driver_probe_device+0x54/0x130\n __driver_attach+0x158/0x2b0\n bus_for_each_dev+0xa8/0x130\n driver_attach+0x34/0x50\n bus_add_driver+0x16c/0x300\n driver_register+0xa4/0x1b0\n __pci_register_driver+0x68/0x80\n mlx5_init+0xb8/0x100 [mlx5_core]\n do_one_initcall+0x60/0x300\n do_init_module+0x7c/0x2b0\n\nAt the time of LPAR dump, before kexec hands over control to kdump\nkernel, DDWs (Dynamic DMA Windows) are scanned and added to the FDT.\nFor the SR-IOV case, default DMA window \"ibm,dma-window\" is removed from\nthe FDT and DDW added, for the device.\n\nNow, kexec hands over control to the kdump kernel.\n\nWhen the kdump kernel initializes, PCI busses are scanned and IOMMU\ngroup/tables created, in pci_dma_bus_setup_pSeriesLP(). For the SR-IOV\ncase, there is no \"ibm,dma-window\". The original commit: b1fc44eaa9ba,\nfixes the path where memory is pre-mapped (direct mapped) to the DDW.\nWhen TCEs are direct mapped, there is no need to initialize IOMMU\ntables.\n\niommu_table_setparms_lpar() only considers \"ibm,dma-window\" property\nwhen initiallizing IOMMU table. In the scenario where TCEs are\ndynamically allocated for SR-IOV, newly created IOMMU table is not\ninitialized. Later, when the device driver tries to enter TCEs for the\nSR-IOV device, NULL pointer execption is thrown from iommu_area_alloc().\n\nThe fix is to initialize the IOMMU table with DDW property stored in the\nFDT. There are 2 points to remember:\n\n\t1. For the dedicated adapter, kdump kernel would encounter both\n\t default and DDW in FDT. In this case, DDW property is used to\n\t initialize the IOMMU table.\n\n\t2. A DDW could be direct or dynamic mapped. kdump kernel would\n\t initialize IOMMU table and mark the existing DDW as\n\t \"dynamic\". This works fine since, at the time of table\n\t initialization, iommu_table_clear() makes some space in the\n\t DDW, for some predefined number of TCEs which are needed for\n\t kdump to succeed." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:57.963Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/7eb95e0af5c9c2e6fad50356eaf32d216d0e7bc3" }, { "url": "https://git.kernel.org/stable/c/d4d1e4b1513d975961de7bb4f75e450a92d65ebf" }, { "url": "https://git.kernel.org/stable/c/5da6d306f315344af1ca2eff4bd9b10b130f0c28" }, { "url": "https://git.kernel.org/stable/c/09a3c1e46142199adcee372a420b024b4fc61051" } ], "title": "powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26745", "datePublished": "2024-04-04T08:20:13.182Z", "dateReserved": "2024-02-19T14:20:24.168Z", "dateUpdated": "2024-11-05T09:14:57.963Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26757
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-06 20:23
Severity ?
EPSS score ?
Summary
md: Don't ignore read-only array in md_check_recovery()
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26757", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T19:35:42.965370Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-404", "description": "CWE-404 Improper Resource Shutdown or Release", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-06T20:23:13.287Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.354Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2ea169c5a0b1134d573d07fc27a16f327ad0e7d3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/55a48ad2db64737f7ffc0407634218cc6e4c513b" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/md/md.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "2ea169c5a0b1", "status": "affected", "version": "ecbfb9f118bc", "versionType": "git" }, { "lessThan": "55a48ad2db64", "status": "affected", "version": "ecbfb9f118bc", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/md/md.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.8" }, { "lessThan": "4.8", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: Don\u0027t ignore read-only array in md_check_recovery()\n\nUsually if the array is not read-write, md_check_recovery() won\u0027t\nregister new sync_thread in the first place. And if the array is\nread-write and sync_thread is registered, md_set_readonly() will\nunregister sync_thread before setting the array read-only. md/raid\nfollow this behavior hence there is no problem.\n\nAfter commit f52f5c71f3d4 (\"md: fix stopping sync thread\"), following\nhang can be triggered by test shell/integrity-caching.sh:\n\n1) array is read-only. dm-raid update super block:\nrs_update_sbs\n ro = mddev-\u003ero\n mddev-\u003ero = 0\n -\u003e set array read-write\n md_update_sb\n\n2) register new sync thread concurrently.\n\n3) dm-raid set array back to read-only:\nrs_update_sbs\n mddev-\u003ero = ro\n\n4) stop the array:\nraid_dtr\n md_stop\n stop_sync_thread\n set_bit(MD_RECOVERY_INTR, \u0026mddev-\u003erecovery);\n md_wakeup_thread_directly(mddev-\u003esync_thread);\n wait_event(..., !test_bit(MD_RECOVERY_RUNNING, \u0026mddev-\u003erecovery))\n\n5) sync thread done:\n md_do_sync\n set_bit(MD_RECOVERY_DONE, \u0026mddev-\u003erecovery);\n md_wakeup_thread(mddev-\u003ethread);\n\n6) daemon thread can\u0027t unregister sync thread:\n md_check_recovery\n if (!md_is_rdwr(mddev) \u0026\u0026\n !test_bit(MD_RECOVERY_NEEDED, \u0026mddev-\u003erecovery))\n return;\n -\u003e -\u003e MD_RECOVERY_RUNNING can\u0027t be cleared, hence step 4 hang;\n\nThe root cause is that dm-raid manipulate \u0027mddev-\u003ero\u0027 by itself,\nhowever, dm-raid really should stop sync thread before setting the\narray read-only. Unfortunately, I need to read more code before I\ncan refacter the handler of \u0027mddev-\u003ero\u0027 in dm-raid, hence let\u0027s fix\nthe problem the easy way for now to prevent dm-raid regression." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:11.700Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/2ea169c5a0b1134d573d07fc27a16f327ad0e7d3" }, { "url": "https://git.kernel.org/stable/c/55a48ad2db64737f7ffc0407634218cc6e4c513b" } ], "title": "md: Don\u0027t ignore read-only array in md_check_recovery()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26757", "datePublished": "2024-04-03T17:00:41.633Z", "dateReserved": "2024-02-19T14:20:24.170Z", "dateUpdated": "2024-11-06T20:23:13.287Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26691
Vulnerability from cvelistv5
Published
2024-04-03 14:54
Modified
2024-11-05 09:13
Severity ?
EPSS score ?
Summary
KVM: arm64: Fix circular locking dependency
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26691", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-05T18:06:14.355944Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:19.459Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.502Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3d16cebf01127f459dcfeb79ed77bd68b124c228" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3ab1c40a1e915e350d9181a4603af393141970cc" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/10c02aad111df02088d1a81792a709f6a7eca6cc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/arm64/kvm/pkvm.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "3d16cebf0112", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "3ab1c40a1e91", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "10c02aad111d", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/arm64/kvm/pkvm.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix circular locking dependency\n\nThe rule inside kvm enforces that the vcpu-\u003emutex is taken *inside*\nkvm-\u003elock. The rule is violated by the pkvm_create_hyp_vm() which acquires\nthe kvm-\u003elock while already holding the vcpu-\u003emutex lock from\nkvm_vcpu_ioctl(). Avoid the circular locking dependency altogether by\nprotecting the hyp vm handle with the config_lock, much like we already\ndo for other forms of VM-scoped data." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:13:58.638Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/3d16cebf01127f459dcfeb79ed77bd68b124c228" }, { "url": "https://git.kernel.org/stable/c/3ab1c40a1e915e350d9181a4603af393141970cc" }, { "url": "https://git.kernel.org/stable/c/10c02aad111df02088d1a81792a709f6a7eca6cc" } ], "title": "KVM: arm64: Fix circular locking dependency", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26691", "datePublished": "2024-04-03T14:54:52.518Z", "dateReserved": "2024-02-19T14:20:24.155Z", "dateUpdated": "2024-11-05T09:13:58.638Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26706
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
parisc: Fix random data corruption from exception handler
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26706", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-17T19:29:32.394995Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-17T19:29:43.758Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.642Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/23027309b099ffc4efca5477009a11dccbdae592" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fa69a8063f8b27f3c7434a0d4f464a76a62f24d2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ce31d79aa1f13a2345791f84935281a2c194e003" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8b1d72395635af45410b66cc4c4ab37a12c4a831" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/parisc/Kconfig", "arch/parisc/include/asm/assembly.h", "arch/parisc/include/asm/extable.h", "arch/parisc/include/asm/special_insns.h", "arch/parisc/include/asm/uaccess.h", "arch/parisc/kernel/cache.c", "arch/parisc/kernel/unaligned.c", "arch/parisc/mm/fault.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "23027309b099", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "fa69a8063f8b", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "ce31d79aa1f1", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "8b1d72395635", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "arch/parisc/Kconfig", "arch/parisc/include/asm/assembly.h", "arch/parisc/include/asm/extable.h", "arch/parisc/include/asm/special_insns.h", "arch/parisc/include/asm/uaccess.h", "arch/parisc/kernel/cache.c", "arch/parisc/kernel/unaligned.c", "arch/parisc/mm/fault.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nparisc: Fix random data corruption from exception handler\n\nThe current exception handler implementation, which assists when accessing\nuser space memory, may exhibit random data corruption if the compiler decides\nto use a different register than the specified register %r29 (defined in\nASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose another\nregister, the fault handler will nevertheless store -EFAULT into %r29 and thus\ntrash whatever this register is used for.\nLooking at the assembly I found that this happens sometimes in emulate_ldd().\n\nTo solve the issue, the easiest solution would be if it somehow is\npossible to tell the fault handler which register is used to hold the error\ncode. Using %0 or %1 in the inline assembly is not posssible as it will show\nup as e.g. %r29 (with the \"%r\" prefix), which the GNU assembler can not\nconvert to an integer.\n\nThis patch takes another, better and more flexible approach:\nWe extend the __ex_table (which is out of the execution path) by one 32-word.\nIn this word we tell the compiler to insert the assembler instruction\n\"or %r0,%r0,%reg\", where %reg references the register which the compiler\nchoosed for the error return code.\nIn case of an access failure, the fault handler finds the __ex_table entry and\ncan examine the opcode. The used register is encoded in the lowest 5 bits, and\nthe fault handler can then store -EFAULT into this register.\n\nSince we extend the __ex_table to 3 words we can\u0027t use the BUILDTIME_TABLE_SORT\nconfig option any longer." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:14.288Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/23027309b099ffc4efca5477009a11dccbdae592" }, { "url": "https://git.kernel.org/stable/c/fa69a8063f8b27f3c7434a0d4f464a76a62f24d2" }, { "url": "https://git.kernel.org/stable/c/ce31d79aa1f13a2345791f84935281a2c194e003" }, { "url": "https://git.kernel.org/stable/c/8b1d72395635af45410b66cc4c4ab37a12c4a831" } ], "title": "parisc: Fix random data corruption from exception handler", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26706", "datePublished": "2024-04-03T14:55:09.529Z", "dateReserved": "2024-02-19T14:20:24.158Z", "dateUpdated": "2024-11-05T09:14:14.288Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26805
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:16
Severity ?
EPSS score ?
Summary
netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26805", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-21T16:06:14.957747Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-21T16:06:26.202Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.525Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ec343a55b687a452f5e87f3b52bf9f155864df65" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9ae51361da43270f4ba0eb924427a07e87e48777" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f19d1f98e60e68b11fc60839105dd02a30ec0d77" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c71ed29d15b1a1ed6c464f8c3536996963046285" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0b27bf4c494d61e5663baa34c3edd7ccebf0ea44" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d3ada42e534a83b618bbc1e490d23bf0fdae4736" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/661779e1fcafe1b74b3f3fe8e980c1e207fea1fd" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/netlink/af_netlink.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "ec343a55b687", "status": "affected", "version": "1853c9496460", "versionType": "git" }, { "lessThan": "9ae51361da43", "status": "affected", "version": "1853c9496460", "versionType": "git" }, { "lessThan": "f19d1f98e60e", "status": "affected", "version": "1853c9496460", "versionType": "git" }, { "lessThan": "c71ed29d15b1", "status": "affected", "version": "1853c9496460", "versionType": "git" }, { "lessThan": "0b27bf4c494d", "status": "affected", "version": "1853c9496460", "versionType": "git" }, { "lessThan": "d3ada42e534a", "status": "affected", "version": "1853c9496460", "versionType": "git" }, { "lessThan": "59fc3e3d049e", "status": "affected", "version": "1853c9496460", "versionType": "git" }, { "lessThan": "661779e1fcaf", "status": "affected", "version": "1853c9496460", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/netlink/af_netlink.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.3" }, { "lessThan": "4.3", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.309", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.271", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.212", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.151", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.81", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.21", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlink: Fix kernel-infoleak-after-free in __skb_datagram_iter\n\nsyzbot reported the following uninit-value access issue [1]:\n\nnetlink_to_full_skb() creates a new `skb` and puts the `skb-\u003edata`\npassed as a 1st arg of netlink_to_full_skb() onto new `skb`. The data\nsize is specified as `len` and passed to skb_put_data(). This `len`\nis based on `skb-\u003eend` that is not data offset but buffer offset. The\n`skb-\u003eend` contains data and tailroom. Since the tailroom is not\ninitialized when the new `skb` created, KMSAN detects uninitialized\nmemory area when copying the data.\n\nThis patch resolved this issue by correct the len from `skb-\u003eend` to\n`skb-\u003elen`, which is the actual data offset.\n\nBUG: KMSAN: kernel-infoleak-after-free in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in copy_to_user_iter lib/iov_iter.c:24 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_ubuf include/linux/iov_iter.h:29 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in iterate_and_advance include/linux/iov_iter.h:271 [inline]\nBUG: KMSAN: kernel-infoleak-after-free in _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186\n instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n copy_to_user_iter lib/iov_iter.c:24 [inline]\n iterate_ubuf include/linux/iov_iter.h:29 [inline]\n iterate_and_advance2 include/linux/iov_iter.h:245 [inline]\n iterate_and_advance include/linux/iov_iter.h:271 [inline]\n _copy_to_iter+0x364/0x2520 lib/iov_iter.c:186\n copy_to_iter include/linux/uio.h:197 [inline]\n simple_copy_to_iter+0x68/0xa0 net/core/datagram.c:532\n __skb_datagram_iter+0x123/0xdc0 net/core/datagram.c:420\n skb_copy_datagram_iter+0x5c/0x200 net/core/datagram.c:546\n skb_copy_datagram_msg include/linux/skbuff.h:3960 [inline]\n packet_recvmsg+0xd9c/0x2000 net/packet/af_packet.c:3482\n sock_recvmsg_nosec net/socket.c:1044 [inline]\n sock_recvmsg net/socket.c:1066 [inline]\n sock_read_iter+0x467/0x580 net/socket.c:1136\n call_read_iter include/linux/fs.h:2014 [inline]\n new_sync_read fs/read_write.c:389 [inline]\n vfs_read+0x8f6/0xe00 fs/read_write.c:470\n ksys_read+0x20f/0x4c0 fs/read_write.c:613\n __do_sys_read fs/read_write.c:623 [inline]\n __se_sys_read fs/read_write.c:621 [inline]\n __x64_sys_read+0x93/0xd0 fs/read_write.c:621\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was stored to memory at:\n skb_put_data include/linux/skbuff.h:2622 [inline]\n netlink_to_full_skb net/netlink/af_netlink.c:181 [inline]\n __netlink_deliver_tap_skb net/netlink/af_netlink.c:298 [inline]\n __netlink_deliver_tap+0x5be/0xc90 net/netlink/af_netlink.c:325\n netlink_deliver_tap net/netlink/af_netlink.c:338 [inline]\n netlink_deliver_tap_kernel net/netlink/af_netlink.c:347 [inline]\n netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline]\n netlink_unicast+0x10f1/0x1250 net/netlink/af_netlink.c:1368\n netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584\n ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638\n __sys_sendmsg net/socket.c:2667 [inline]\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n free_pages_prepare mm/page_alloc.c:1087 [inline]\n free_unref_page_prepare+0xb0/0xa40 mm/page_alloc.c:2347\n free_unref_page_list+0xeb/0x1100 mm/page_alloc.c:2533\n release_pages+0x23d3/0x2410 mm/swap.c:1042\n free_pages_and_swap_cache+0xd9/0xf0 mm/swap_state.c:316\n tlb_batch_pages\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:16:09.312Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/ec343a55b687a452f5e87f3b52bf9f155864df65" }, { "url": "https://git.kernel.org/stable/c/9ae51361da43270f4ba0eb924427a07e87e48777" }, { "url": "https://git.kernel.org/stable/c/f19d1f98e60e68b11fc60839105dd02a30ec0d77" }, { "url": "https://git.kernel.org/stable/c/c71ed29d15b1a1ed6c464f8c3536996963046285" }, { "url": "https://git.kernel.org/stable/c/0b27bf4c494d61e5663baa34c3edd7ccebf0ea44" }, { "url": "https://git.kernel.org/stable/c/d3ada42e534a83b618bbc1e490d23bf0fdae4736" }, { "url": "https://git.kernel.org/stable/c/59fc3e3d049e39e7d0d271f20dd5fb47c57faf1d" }, { "url": "https://git.kernel.org/stable/c/661779e1fcafe1b74b3f3fe8e980c1e207fea1fd" } ], "title": "netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26805", "datePublished": "2024-04-04T08:20:32.250Z", "dateReserved": "2024-02-19T14:20:24.179Z", "dateUpdated": "2024-11-05T09:16:09.312Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26719
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
nouveau: offload fence uevents work to workqueue
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26719", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:06:27.723285Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:20.316Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.594Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cc0037fa592d56e4abb9c7d1c52c4d2dc25cd906" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/985d053f7633d8b539ab1531738d538efac678a9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/39126abc5e20611579602f03b66627d7cd1422f0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/nouveau/nouveau_fence.c", "drivers/gpu/drm/nouveau/nouveau_fence.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "cc0037fa592d", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "985d053f7633", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "39126abc5e20", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/nouveau/nouveau_fence.c", "drivers/gpu/drm/nouveau/nouveau_fence.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau: offload fence uevents work to workqueue\n\nThis should break the deadlock between the fctx lock and the irq lock.\n\nThis offloads the processing off the work from the irq into a workqueue." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:28.865Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/cc0037fa592d56e4abb9c7d1c52c4d2dc25cd906" }, { "url": "https://git.kernel.org/stable/c/985d053f7633d8b539ab1531738d538efac678a9" }, { "url": "https://git.kernel.org/stable/c/39126abc5e20611579602f03b66627d7cd1422f0" } ], "title": "nouveau: offload fence uevents work to workqueue", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26719", "datePublished": "2024-04-03T14:55:19.556Z", "dateReserved": "2024-02-19T14:20:24.161Z", "dateUpdated": "2024-11-05T09:14:28.865Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26752
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:15
Severity ?
EPSS score ?
Summary
l2tp: pass correct message length to ip6_append_data
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26752", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T18:05:57.024676Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:48:58.719Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.330Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/l2tp/l2tp_ip6.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "4c3ce64bc9d3", "status": "affected", "version": "559d697c5d07", "versionType": "git" }, { "lessThan": "c1d3a84a67db", "status": "affected", "version": "1fc793d68d50", "versionType": "git" }, { "lessThan": "dcb4d1426859", "status": "affected", "version": "96b2e1090397", "versionType": "git" }, { "lessThan": "0da15a703951", "status": "affected", "version": "cd1189956393", "versionType": "git" }, { "lessThan": "13cd1daeea84", "status": "affected", "version": "f6a7182179c0", "versionType": "git" }, { "lessThan": "804bd8650a3a", "status": "affected", "version": "9d4c75800f61", "versionType": "git" }, { "lessThan": "83340c66b498", "status": "affected", "version": "9d4c75800f61", "versionType": "git" }, { "lessThan": "359e54a93ab4", "status": "affected", "version": "9d4c75800f61", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/l2tp/l2tp_ip6.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.6" }, { "lessThan": "6.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.308", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.270", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.211", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: pass correct message length to ip6_append_data\n\nl2tp_ip6_sendmsg needs to avoid accounting for the transport header\ntwice when splicing more data into an already partially-occupied skbuff.\n\nTo manage this, we check whether the skbuff contains data using\nskb_queue_empty when deciding how much data to append using\nip6_append_data.\n\nHowever, the code which performed the calculation was incorrect:\n\n ulen = len + skb_queue_empty(\u0026sk-\u003esk_write_queue) ? transhdrlen : 0;\n\n...due to C operator precedence, this ends up setting ulen to\ntranshdrlen for messages with a non-zero length, which results in\ncorrupted packets on the wire.\n\nAdd parentheses to correct the calculation in line with the original\nintent." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:05.840Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/4c3ce64bc9d36ca9164dd6c77ff144c121011aae" }, { "url": "https://git.kernel.org/stable/c/c1d3a84a67db910ce28a871273c992c3d7f9efb5" }, { "url": "https://git.kernel.org/stable/c/dcb4d14268595065c85dc5528056713928e17243" }, { "url": "https://git.kernel.org/stable/c/0da15a70395182ee8cb75716baf00dddc0bea38d" }, { "url": "https://git.kernel.org/stable/c/13cd1daeea848614e585b2c6ecc11ca9c8ab2500" }, { "url": "https://git.kernel.org/stable/c/804bd8650a3a2bf3432375f8c97d5049d845ce56" }, { "url": "https://git.kernel.org/stable/c/83340c66b498e49353530e41542500fc8a4782d6" }, { "url": "https://git.kernel.org/stable/c/359e54a93ab43d32ee1bff3c2f9f10cb9f6b6e79" } ], "title": "l2tp: pass correct message length to ip6_append_data", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26752", "datePublished": "2024-04-03T17:00:37.340Z", "dateReserved": "2024-02-19T14:20:24.169Z", "dateUpdated": "2024-11-05T09:15:05.840Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26739
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
net/sched: act_mirred: don't override retval if we already lost the skb
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.024Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/28cdbbd38a4413b8eff53399b3f872fd4e80db9d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f4e294bbdca8ac8757db436fc82214f3882fc7e7" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26739", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:53.930424Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:18.399Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/sched/act_mirred.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "28cdbbd38a44", "status": "affected", "version": "e5cf1baf92cb", "versionType": "git" }, { "lessThan": "f4e294bbdca8", "status": "affected", "version": "e5cf1baf92cb", "versionType": "git" }, { "lessThan": "166c2c8a6a4d", "status": "affected", "version": "e5cf1baf92cb", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/sched/act_mirred.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "4.19" }, { "lessThan": "4.19", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_mirred: don\u0027t override retval if we already lost the skb\n\nIf we\u0027re redirecting the skb, and haven\u0027t called tcf_mirred_forward(),\nyet, we need to tell the core to drop the skb by setting the retcode\nto SHOT. If we have called tcf_mirred_forward(), however, the skb\nis out of our hands and returning SHOT will lead to UaF.\n\nMove the retval override to the error path which actually need it." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:51.142Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/28cdbbd38a4413b8eff53399b3f872fd4e80db9d" }, { "url": "https://git.kernel.org/stable/c/f4e294bbdca8ac8757db436fc82214f3882fc7e7" }, { "url": "https://git.kernel.org/stable/c/166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210" } ], "title": "net/sched: act_mirred: don\u0027t override retval if we already lost the skb", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26739", "datePublished": "2024-04-03T17:00:24.879Z", "dateReserved": "2024-02-19T14:20:24.166Z", "dateUpdated": "2024-11-05T09:14:51.142Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26794
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-07 19:30
Severity ?
EPSS score ?
Summary
btrfs: fix race between ordered extent completion and fiemap
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26794", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T16:20:51.967231Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-07T19:30:31.848Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.497Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d43f8e58f10a44df8c08e7f7076f3288352cd168" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/31d07a757c6d3430e03cc22799921569999b9a12" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a1a4a9ca77f143c00fce69c1239887ff8b813bec" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/btrfs/extent_io.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "d43f8e58f10a", "status": "affected", "version": "ded566b4637f", "versionType": "git" }, { "lessThan": "31d07a757c6d", "status": "affected", "version": "89bca7fe6382", "versionType": "git" }, { "lessThan": "a1a4a9ca77f1", "status": "affected", "version": "b0ad381fa769", "versionType": "git" } ] }, { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/btrfs/extent_io.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "6.6.21", "status": "affected", "version": "6.6.24", "versionType": "semver" }, { "lessThan": "6.7.9", "status": "affected", "version": "6.7.12", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix race between ordered extent completion and fiemap\n\nFor fiemap we recently stopped locking the target extent range for the\nwhole duration of the fiemap call, in order to avoid a deadlock in a\nscenario where the fiemap buffer happens to be a memory mapped range of\nthe same file. This use case is very unlikely to be useful in practice but\nit may be triggered by fuzz testing (syzbot, etc).\n\nHowever by not locking the target extent range for the whole duration of\nthe fiemap call we can race with an ordered extent. This happens like\nthis:\n\n1) The fiemap task finishes processing a file extent item that covers\n the file range [512K, 1M[, and that file extent item is the last item\n in the leaf currently being processed;\n\n2) And ordered extent for the file range [768K, 2M[, in COW mode,\n completes (btrfs_finish_one_ordered()) and the file extent item\n covering the range [512K, 1M[ is trimmed to cover the range\n [512K, 768K[ and then a new file extent item for the range [768K, 2M[\n is inserted in the inode\u0027s subvolume tree;\n\n3) The fiemap task calls fiemap_next_leaf_item(), which then calls\n btrfs_next_leaf() to find the next leaf / item. This finds that the\n the next key following the one we previously processed (its type is\n BTRFS_EXTENT_DATA_KEY and its offset is 512K), is the key corresponding\n to the new file extent item inserted by the ordered extent, which has\n a type of BTRFS_EXTENT_DATA_KEY and an offset of 768K;\n\n4) Later the fiemap code ends up at emit_fiemap_extent() and triggers\n the warning:\n\n if (cache-\u003eoffset + cache-\u003elen \u003e offset) {\n WARN_ON(1);\n return -EINVAL;\n }\n\n Since we get 1M \u003e 768K, because the previously emitted entry for the\n old extent covering the file range [512K, 1M[ ends at an offset that\n is greater than the new extent\u0027s start offset (768K). This makes fiemap\n fail with -EINVAL besides triggering the warning that produces a stack\n trace like the following:\n\n [1621.677651] ------------[ cut here ]------------\n [1621.677656] WARNING: CPU: 1 PID: 204366 at fs/btrfs/extent_io.c:2492 emit_fiemap_extent+0x84/0x90 [btrfs]\n [1621.677899] Modules linked in: btrfs blake2b_generic (...)\n [1621.677951] CPU: 1 PID: 204366 Comm: pool Not tainted 6.8.0-rc5-btrfs-next-151+ #1\n [1621.677954] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org 04/01/2014\n [1621.677956] RIP: 0010:emit_fiemap_extent+0x84/0x90 [btrfs]\n [1621.678033] Code: 2b 4c 89 63 (...)\n [1621.678035] RSP: 0018:ffffab16089ffd20 EFLAGS: 00010206\n [1621.678037] RAX: 00000000004fa000 RBX: ffffab16089ffe08 RCX: 0000000000009000\n [1621.678039] RDX: 00000000004f9000 RSI: 00000000004f1000 RDI: ffffab16089ffe90\n [1621.678040] RBP: 00000000004f9000 R08: 0000000000001000 R09: 0000000000000000\n [1621.678041] R10: 0000000000000000 R11: 0000000000001000 R12: 0000000041d78000\n [1621.678043] R13: 0000000000001000 R14: 0000000000000000 R15: ffff9434f0b17850\n [1621.678044] FS: 00007fa6e20006c0(0000) GS:ffff943bdfa40000(0000) knlGS:0000000000000000\n [1621.678046] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n [1621.678048] CR2: 00007fa6b0801000 CR3: 000000012d404002 CR4: 0000000000370ef0\n [1621.678053] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n [1621.678055] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n [1621.678056] Call Trace:\n [1621.678074] \u003cTASK\u003e\n [1621.678076] ? __warn+0x80/0x130\n [1621.678082] ? emit_fiemap_extent+0x84/0x90 [btrfs]\n [1621.678159] ? report_bug+0x1f4/0x200\n [1621.678164] ? handle_bug+0x42/0x70\n [1621.678167] ? exc_invalid_op+0x14/0x70\n [1621.678170] ? asm_exc_invalid_op+0x16/0x20\n [1621.678178] ? emit_fiemap_extent+0x84/0x90 [btrfs]\n [1621.678253] extent_fiemap+0x766\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:15:56.955Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/d43f8e58f10a44df8c08e7f7076f3288352cd168" }, { "url": "https://git.kernel.org/stable/c/31d07a757c6d3430e03cc22799921569999b9a12" }, { "url": "https://git.kernel.org/stable/c/a1a4a9ca77f143c00fce69c1239887ff8b813bec" } ], "title": "btrfs: fix race between ordered extent completion and fiemap", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26794", "datePublished": "2024-04-04T08:20:24.410Z", "dateReserved": "2024-02-19T14:20:24.178Z", "dateUpdated": "2024-11-07T19:30:31.848Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26797
Vulnerability from cvelistv5
Published
2024-04-04 08:20
Modified
2024-11-05 09:16
Severity ?
EPSS score ?
Summary
drm/amd/display: Prevent potential buffer overflow in map_hw_resources
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "50a6302cf881", "status": "affected", "version": "7966f319c66d", "versionType": "custom" }, { "lessThan": "0f8ca019544a", "status": "affected", "version": "7966f319c66d", "versionType": "custom" }, { "status": "affected", "version": "6.7" }, { "lessThan": "6.7", "status": "unaffected", "version": "0", "versionType": "custom" }, { "lessThanOrEqual": "6.8", "status": "unaffected", "version": "6.79", "versionType": "custom" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26797", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-04T16:00:44.653604Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-16T14:02:40.989Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.520Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/50a6302cf881f67f1410461a68fe9eabd00ff31d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0f8ca019544a252d1afb468ce840c6dcbac73af4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "50a6302cf881", "status": "affected", "version": "7966f319c66d", "versionType": "git" }, { "lessThan": "0f8ca019544a", "status": "affected", "version": "7966f319c66d", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/display/dc/dml2/dml2_wrapper.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.7" }, { "lessThan": "6.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.9", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Prevent potential buffer overflow in map_hw_resources\n\nAdds a check in the map_hw_resources function to prevent a potential\nbuffer overflow. The function was accessing arrays using an index that\ncould potentially be greater than the size of the arrays, leading to a\nbuffer overflow.\n\nAdds a check to ensure that the index is within the bounds of the\narrays. If the index is out of bounds, an error message is printed and\nbreak it will continue execution with just ignoring extra data early to\nprevent the buffer overflow.\n\nReported by smatch:\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dml2/dml2_wrapper.c:79 map_hw_resources() error: buffer overflow \u0027dml2-\u003ev20.scratch.dml_to_dc_pipe_mapping.disp_cfg_to_stream_id\u0027 6 \u003c= 7\ndrivers/gpu/drm/amd/amdgpu/../display/dc/dml2/dml2_wrapper.c:81 map_hw_resources() error: buffer overflow \u0027dml2-\u003ev20.scratch.dml_to_dc_pipe_mapping.disp_cfg_to_plane_id\u0027 6 \u003c= 7" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:16:00.348Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/50a6302cf881f67f1410461a68fe9eabd00ff31d" }, { "url": "https://git.kernel.org/stable/c/0f8ca019544a252d1afb468ce840c6dcbac73af4" } ], "title": "drm/amd/display: Prevent potential buffer overflow in map_hw_resources", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26797", "datePublished": "2024-04-04T08:20:26.558Z", "dateReserved": "2024-02-19T14:20:24.178Z", "dateUpdated": "2024-11-05T09:16:00.348Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26741
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.211Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/729bc77af438a6e67914c97f6f3d3af8f72c0131" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/334a8348b2df26526f3298848ad6864285592caf" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f8c4a6b850882bc47aaa864b720c7a2ee3102f39" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/66b60b0c8c4a163b022a9f0ad6769b0fd3dc662f" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-26741", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T15:51:47.535514Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:33:17.118Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/ipv4/inet_hashtables.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "729bc77af438", "status": "affected", "version": "28044fc1d495", "versionType": "git" }, { "lessThan": "334a8348b2df", "status": "affected", "version": "28044fc1d495", "versionType": "git" }, { "lessThan": "f8c4a6b85088", "status": "affected", "version": "28044fc1d495", "versionType": "git" }, { "lessThan": "66b60b0c8c4a", "status": "affected", "version": "28044fc1d495", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/ipv4/inet_hashtables.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.1" }, { "lessThan": "6.1", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().\n\nsyzkaller reported a warning [0] in inet_csk_destroy_sock() with no\nrepro.\n\n WARN_ON(inet_sk(sk)-\u003einet_num \u0026\u0026 !inet_csk(sk)-\u003eicsk_bind_hash);\n\nHowever, the syzkaller\u0027s log hinted that connect() failed just before\nthe warning due to FAULT_INJECTION. [1]\n\nWhen connect() is called for an unbound socket, we search for an\navailable ephemeral port. If a bhash bucket exists for the port, we\ncall __inet_check_established() or __inet6_check_established() to check\nif the bucket is reusable.\n\nIf reusable, we add the socket into ehash and set inet_sk(sk)-\u003einet_num.\n\nLater, we look up the corresponding bhash2 bucket and try to allocate\nit if it does not exist.\n\nAlthough it rarely occurs in real use, if the allocation fails, we must\nrevert the changes by check_established(). Otherwise, an unconnected\nsocket could illegally occupy an ehash entry.\n\nNote that we do not put tw back into ehash because sk might have\nalready responded to a packet for tw and it would be better to free\ntw earlier under such memory presure.\n\n[0]:\nWARNING: CPU: 0 PID: 350830 at net/ipv4/inet_connection_sock.c:1193 inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\nModules linked in:\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\nCode: 41 5c 41 5d 41 5e e9 2d 4a 3d fd e8 28 4a 3d fd 48 89 ef e8 f0 cd 7d ff 5b 5d 41 5c 41 5d 41 5e e9 13 4a 3d fd e8 0e 4a 3d fd \u003c0f\u003e 0b e9 61 fe ff ff e8 02 4a 3d fd 4c 89 e7 be 03 00 00 00 e8 05\nRSP: 0018:ffffc9000b21fd38 EFLAGS: 00010293\nRAX: 0000000000000000 RBX: 0000000000009e78 RCX: ffffffff840bae40\nRDX: ffff88806e46c600 RSI: ffffffff840bb012 RDI: ffff88811755cca8\nRBP: ffff88811755c880 R08: 0000000000000003 R09: 0000000000000000\nR10: 0000000000009e78 R11: 0000000000000000 R12: ffff88811755c8e0\nR13: ffff88811755c892 R14: ffff88811755c918 R15: 0000000000000000\nFS: 00007f03e5243800(0000) GS:ffff88811ae00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32f21000 CR3: 0000000112ffe001 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? inet_csk_destroy_sock (net/ipv4/inet_connection_sock.c:1193)\n dccp_close (net/dccp/proto.c:1078)\n inet_release (net/ipv4/af_inet.c:434)\n __sock_release (net/socket.c:660)\n sock_close (net/socket.c:1423)\n __fput (fs/file_table.c:377)\n __fput_sync (fs/file_table.c:462)\n __x64_sys_close (fs/open.c:1557 fs/open.c:1539 fs/open.c:1539)\n do_syscall_64 (arch/x86/entry/common.c:52 arch/x86/entry/common.c:83)\n entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)\nRIP: 0033:0x7f03e53852bb\nCode: 03 00 00 00 0f 05 48 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 43 c9 f5 ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 c9 f5 ff 8b 44\nRSP: 002b:00000000005dfba0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003\nRAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00007f03e53852bb\nRDX: 0000000000000002 RSI: 0000000000000002 RDI: 0000000000000003\nRBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000167c\nR10: 0000000008a79680 R11: 0000000000000293 R12: 00007f03e4e43000\nR13: 00007f03e4e43170 R14: 00007f03e4e43178 R15: 00007f03e4e43170\n \u003c/TASK\u003e\n\n[1]:\nFAULT_INJECTION: forcing a failure.\nname failslab, interval 1, probability 0, space 0, times 0\nCPU: 0 PID: 350833 Comm: syz-executor.1 Not tainted 6.7.0-12272-g2121c43f88f5 #9\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl (lib/dump_stack.c:107 (discriminator 1))\n should_fail_ex (lib/fault-inject.c:52 lib/fault-inject.c:153)\n should_failslab (mm/slub.c:3748)\n kmem_cache_alloc (mm/slub.c:3763 mm/slub.c:3842 mm/slub.c:3867)\n inet_bind2_bucket_create \n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:53.415Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/729bc77af438a6e67914c97f6f3d3af8f72c0131" }, { "url": "https://git.kernel.org/stable/c/334a8348b2df26526f3298848ad6864285592caf" }, { "url": "https://git.kernel.org/stable/c/f8c4a6b850882bc47aaa864b720c7a2ee3102f39" }, { "url": "https://git.kernel.org/stable/c/66b60b0c8c4a163b022a9f0ad6769b0fd3dc662f" } ], "title": "dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26741", "datePublished": "2024-04-03T17:00:26.276Z", "dateReserved": "2024-02-19T14:20:24.167Z", "dateUpdated": "2024-11-05T09:14:53.415Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26737
Vulnerability from cvelistv5
Published
2024-04-03 17:00
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-26737", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T19:13:11.173900Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-04T18:51:47.375Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:13.230Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5268bb02107b9eedfdcd51db75b407d10043368c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/addf5e297e6cbf5341f9c07720693ca9ba0057b5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8327ed12e8ebc5436bfaa1786c49988894f9c8a6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7d80a9e745fa5b47da3bca001f186c02485c7c33" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0281b919e175bb9c3128bd3872ac2903e9436e3f" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "kernel/bpf/helpers.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5268bb02107b", "status": "affected", "version": "b00628b1c7d5", "versionType": "git" }, { "lessThan": "addf5e297e6c", "status": "affected", "version": "b00628b1c7d5", "versionType": "git" }, { "lessThan": "8327ed12e8eb", "status": "affected", "version": "b00628b1c7d5", "versionType": "git" }, { "lessThan": "7d80a9e745fa", "status": "affected", "version": "b00628b1c7d5", "versionType": "git" }, { "lessThan": "0281b919e175", "status": "affected", "version": "b00628b1c7d5", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "kernel/bpf/helpers.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.15" }, { "lessThan": "5.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.150", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.80", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.19", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.7", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel\n\nThe following race is possible between bpf_timer_cancel_and_free\nand bpf_timer_cancel. It will lead a UAF on the timer-\u003etimer.\n\nbpf_timer_cancel();\n\tspin_lock();\n\tt = timer-\u003etime;\n\tspin_unlock();\n\n\t\t\t\t\tbpf_timer_cancel_and_free();\n\t\t\t\t\t\tspin_lock();\n\t\t\t\t\t\tt = timer-\u003etimer;\n\t\t\t\t\t\ttimer-\u003etimer = NULL;\n\t\t\t\t\t\tspin_unlock();\n\t\t\t\t\t\thrtimer_cancel(\u0026t-\u003etimer);\n\t\t\t\t\t\tkfree(t);\n\n\t/* UAF on t */\n\thrtimer_cancel(\u0026t-\u003etimer);\n\nIn bpf_timer_cancel_and_free, this patch frees the timer-\u003etimer\nafter a rcu grace period. This requires a rcu_head addition\nto the \"struct bpf_hrtimer\". Another kfree(t) happens in bpf_timer_init,\nthis does not need a kfree_rcu because it is still under the\nspin_lock and timer-\u003etimer has not been visible by others yet.\n\nIn bpf_timer_cancel, rcu_read_lock() is added because this helper\ncan be used in a non rcu critical section context (e.g. from\na sleepable bpf prog). Other timer-\u003etimer usages in helpers.c\nhave been audited, bpf_timer_cancel() is the only place where\ntimer-\u003etimer is used outside of the spin_lock.\n\nAnother solution considered is to mark a t-\u003eflag in bpf_timer_cancel\nand clear it after hrtimer_cancel() is done. In bpf_timer_cancel_and_free,\nit busy waits for the flag to be cleared before kfree(t). This patch\ngoes with a straight forward solution and frees timer-\u003etimer after\na rcu grace period." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:48.949Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5268bb02107b9eedfdcd51db75b407d10043368c" }, { "url": "https://git.kernel.org/stable/c/addf5e297e6cbf5341f9c07720693ca9ba0057b5" }, { "url": "https://git.kernel.org/stable/c/8327ed12e8ebc5436bfaa1786c49988894f9c8a6" }, { "url": "https://git.kernel.org/stable/c/7d80a9e745fa5b47da3bca001f186c02485c7c33" }, { "url": "https://git.kernel.org/stable/c/0281b919e175bb9c3128bd3872ac2903e9436e3f" } ], "title": "bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26737", "datePublished": "2024-04-03T17:00:23.414Z", "dateReserved": "2024-02-19T14:20:24.166Z", "dateUpdated": "2024-11-05T09:14:48.949Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26722
Vulnerability from cvelistv5
Published
2024-04-03 14:55
Modified
2024-11-05 09:14
Severity ?
EPSS score ?
Summary
ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26722", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-04-03T17:40:07.128865Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:49:40.322Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:14:12.917Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3dd2d99e2352903d0e0b8769e6c9b8293c7454b2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/422d5243b9f780abd3d39da2b746e3915677b07d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4a98bc739d0753a5810ce5630943cd7614c7717e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d14b8e2005f36319df9412d42037416d64827f6b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1f0d7792e9023e8658e901b7b76a555f6aa052ec" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/050ad2ca0ac169dd9e552075d2c6af1bbb46534c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ed5b8b735369b40d6c1f8ef3e62d369f74b4c491" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6ef5d5b92f7117b324efaac72b3db27ae8bb3082" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "sound/soc/codecs/rt5645.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "3dd2d99e2352", "status": "affected", "version": "48ce529c8352", "versionType": "git" }, { "lessThan": "422d5243b9f7", "status": "affected", "version": "b67005b284dd", "versionType": "git" }, { "lessThan": "4a98bc739d07", "status": "affected", "version": "ffe13302b8fd", "versionType": "git" }, { "lessThan": "d14b8e2005f3", "status": "affected", "version": "7a3ff8a2bb26", "versionType": "git" }, { "lessThan": "1f0d7792e902", "status": "affected", "version": "1613195bf31e", "versionType": "git" }, { "lessThan": "050ad2ca0ac1", "status": "affected", "version": "8f82f2e4d9c4", "versionType": "git" }, { "lessThan": "ed5b8b735369", "status": "affected", "version": "cdba4301adda", "versionType": "git" }, { "lessThan": "6ef5d5b92f71", "status": "affected", "version": "cdba4301adda", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "sound/soc/codecs/rt5645.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.7" }, { "lessThan": "6.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.307", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.269", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.210", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.149", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.79", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.18", "versionType": "semver" }, { "lessThanOrEqual": "6.7.*", "status": "unaffected", "version": "6.7.6", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.8", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()\n\nThere is a path in rt5645_jack_detect_work(), where rt5645-\u003ejd_mutex\nis left locked forever. That may lead to deadlock\nwhen rt5645_jack_detect_work() is called for the second time.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:14:32.223Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/3dd2d99e2352903d0e0b8769e6c9b8293c7454b2" }, { "url": "https://git.kernel.org/stable/c/422d5243b9f780abd3d39da2b746e3915677b07d" }, { "url": "https://git.kernel.org/stable/c/4a98bc739d0753a5810ce5630943cd7614c7717e" }, { "url": "https://git.kernel.org/stable/c/d14b8e2005f36319df9412d42037416d64827f6b" }, { "url": "https://git.kernel.org/stable/c/1f0d7792e9023e8658e901b7b76a555f6aa052ec" }, { "url": "https://git.kernel.org/stable/c/050ad2ca0ac169dd9e552075d2c6af1bbb46534c" }, { "url": "https://git.kernel.org/stable/c/ed5b8b735369b40d6c1f8ef3e62d369f74b4c491" }, { "url": "https://git.kernel.org/stable/c/6ef5d5b92f7117b324efaac72b3db27ae8bb3082" } ], "title": "ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-26722", "datePublished": "2024-04-03T14:55:21.709Z", "dateReserved": "2024-02-19T14:20:24.163Z", "dateUpdated": "2024-11-05T09:14:32.223Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.