Action not permitted
Modal body text goes here.
wid-sec-w-2024-1259
Vulnerability from csaf_certbund
Published
2024-05-30 22:00
Modified
2024-07-24 22:00
Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifischen Atatck
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1259 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1259.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1259 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1259"
},
{
"category": "external",
"summary": "https://lore.kernel.org/linux-cve-announce/ vom 2024-05-30",
"url": "https://lore.kernel.org/"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5703 vom 2024-06-02",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00113.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1979-1 vom 2024-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018685.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:1983-1 vom 2024-06-11",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018700.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2024-044 vom 2024-06-12",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2024-044.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2011-1 vom 2024-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018710.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2008-1 vom 2024-06-12",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018706.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2135-1 vom 2024-06-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018783.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2024-060 vom 2024-06-25",
"url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-060.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2184-1 vom 2024-06-24",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018807.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2189-1 vom 2024-06-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018811.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3842 vom 2024-06-25",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4108 vom 2024-06-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4108"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2190-1 vom 2024-06-25",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-June/018819.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4106 vom 2024-06-26",
"url": "https://access.redhat.com/errata/RHSA-2024:4106"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3843 vom 2024-06-27",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-3840 vom 2024-06-27",
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS-2024-643 vom 2024-07-02",
"url": "https://alas.aws.amazon.com/AL2023/ALAS-2024-643.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4211 vom 2024-07-02",
"url": "https://access.redhat.com/errata/RHSA-2024:4211"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4151 vom 2024-07-03",
"url": "https://access.redhat.com/errata/RHSA-2024:4151"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2365-1 vom 2024-07-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018897.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2360-1 vom 2024-07-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018907.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2372-1 vom 2024-07-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018901.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2362-1 vom 2024-07-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018905.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4447 vom 2024-07-10",
"url": "https://access.redhat.com/errata/RHSA-2024:4447"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2381-1 vom 2024-07-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018916.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2394-1 vom 2024-07-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018922.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2385-1 vom 2024-07-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018920.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4321 vom 2024-07-10",
"url": "https://access.redhat.com/errata/RHSA-2024:4321"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2384-1 vom 2024-07-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018921.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6893-1 vom 2024-07-11",
"url": "https://ubuntu.com/security/notices/USN-6893-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4533 vom 2024-07-15",
"url": "https://access.redhat.com/errata/RHSA-2024:4533"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6896-1 vom 2024-07-12",
"url": "https://ubuntu.com/security/notices/USN-6896-1"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5730 vom 2024-07-16",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00141.html"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:4211 vom 2024-07-15",
"url": "https://errata.build.resf.org/RLSA-2024:4211"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6898-1 vom 2024-07-15",
"url": "https://ubuntu.com/security/notices/USN-6898-1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4548 vom 2024-07-15",
"url": "https://access.redhat.com/errata/RHSA-2024:4548"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2024:4352 vom 2024-07-15",
"url": "https://errata.build.resf.org/RLSA-2024:4352"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4554 vom 2024-07-16",
"url": "https://access.redhat.com/errata/RHSA-2024:4554"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4547 vom 2024-07-15",
"url": "https://access.redhat.com/errata/RHSA-2024:4547"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6893-2 vom 2024-07-16",
"url": "https://ubuntu.com/security/notices/USN-6893-2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2495-1 vom 2024-07-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018982.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2493-1 vom 2024-07-16",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018984.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6896-2 vom 2024-07-16",
"url": "https://ubuntu.com/security/notices/USN-6896-2"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-5731 vom 2024-07-17",
"url": "https://lists.debian.org/debian-security-announce/2024/msg00142.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4583 vom 2024-07-17",
"url": "https://access.redhat.com/errata/RHSA-2024:4583"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6896-3 vom 2024-07-17",
"url": "https://ubuntu.com/security/notices/USN-6896-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6898-2 vom 2024-07-17",
"url": "https://ubuntu.com/security/notices/USN-6898-2"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2024-4583 vom 2024-07-19",
"url": "https://linux.oracle.com/errata/ELSA-2024-4583.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4631 vom 2024-07-18",
"url": "https://access.redhat.com/errata/RHSA-2024:4631"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2561-1 vom 2024-07-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019001.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6898-3 vom 2024-07-19",
"url": "https://ubuntu.com/security/notices/USN-6898-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6896-4 vom 2024-07-19",
"url": "https://ubuntu.com/security/notices/USN-6896-4"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2024:2571-1 vom 2024-07-22",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019019.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4713 vom 2024-07-23",
"url": "https://access.redhat.com/errata/RHSA-2024:4713"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6896-5 vom 2024-07-23",
"url": "https://ubuntu.com/security/notices/USN-6896-5"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6893-3 vom 2024-07-23",
"url": "https://ubuntu.com/security/notices/USN-6893-3"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6898-4 vom 2024-07-23",
"url": "https://ubuntu.com/security/notices/USN-6898-4"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4823 vom 2024-07-24",
"url": "https://access.redhat.com/errata/RHSA-2024:4823"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2024:4831 vom 2024-07-24",
"url": "https://access.redhat.com/errata/RHSA-2024:4831"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service und unspezifischen Atatck",
"tracking": {
"current_release_date": "2024-07-24T22:00:00.000+00:00",
"generator": {
"date": "2024-07-25T08:33:14.115+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2024-1259",
"initial_release_date": "2024-05-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-05-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2024-06-02T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-06-10T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-11T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2024-06-12T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-23T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-06-24T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Amazon und SUSE aufgenommen"
},
{
"date": "2024-06-25T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Debian, Red Hat und SUSE aufgenommen"
},
{
"date": "2024-06-26T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-06-27T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2024-07-01T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Amazon aufgenommen"
},
{
"date": "2024-07-02T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2024-07-09T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2024-07-10T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2024-07-11T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-07-14T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
},
{
"date": "2024-07-15T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Debian, Rocky Enterprise Software Foundation, Ubuntu und Red Hat aufgenommen"
},
{
"date": "2024-07-16T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Ubuntu, Debian und Red Hat aufgenommen"
},
{
"date": "2024-07-17T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2024-07-18T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von Oracle Linux, Red Hat und SUSE aufgenommen"
},
{
"date": "2024-07-22T22:00:00.000+00:00",
"number": "21",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2024-07-24T22:00:00.000+00:00",
"number": "22",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "22"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T035130",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T032255",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-52881",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2023-52881"
},
{
"cve": "CVE-2023-52882",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2023-52882"
},
{
"cve": "CVE-2024-36016",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36016"
},
{
"cve": "CVE-2024-36017",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36017"
},
{
"cve": "CVE-2024-36018",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36018"
},
{
"cve": "CVE-2024-36019",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36019"
},
{
"cve": "CVE-2024-36020",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36020"
},
{
"cve": "CVE-2024-36021",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36021"
},
{
"cve": "CVE-2024-36022",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36022"
},
{
"cve": "CVE-2024-36023",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36023"
},
{
"cve": "CVE-2024-36024",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36024"
},
{
"cve": "CVE-2024-36025",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36025"
},
{
"cve": "CVE-2024-36026",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36026"
},
{
"cve": "CVE-2024-36027",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36027"
},
{
"cve": "CVE-2024-36028",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36028"
},
{
"cve": "CVE-2024-36029",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36029"
},
{
"cve": "CVE-2024-36030",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36030"
},
{
"cve": "CVE-2024-36031",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36031"
},
{
"cve": "CVE-2024-36032",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36032"
},
{
"cve": "CVE-2024-36033",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36033"
},
{
"cve": "CVE-2024-36880",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36880"
},
{
"cve": "CVE-2024-36881",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36881"
},
{
"cve": "CVE-2024-36882",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36882"
},
{
"cve": "CVE-2024-36883",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36883"
},
{
"cve": "CVE-2024-36884",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36884"
},
{
"cve": "CVE-2024-36885",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36885"
},
{
"cve": "CVE-2024-36886",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36886"
},
{
"cve": "CVE-2024-36887",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36887"
},
{
"cve": "CVE-2024-36888",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36888"
},
{
"cve": "CVE-2024-36889",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36889"
},
{
"cve": "CVE-2024-36890",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36890"
},
{
"cve": "CVE-2024-36891",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36891"
},
{
"cve": "CVE-2024-36892",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36892"
},
{
"cve": "CVE-2024-36893",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36893"
},
{
"cve": "CVE-2024-36894",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36894"
},
{
"cve": "CVE-2024-36895",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36895"
},
{
"cve": "CVE-2024-36896",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36896"
},
{
"cve": "CVE-2024-36897",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36897"
},
{
"cve": "CVE-2024-36898",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36898"
},
{
"cve": "CVE-2024-36899",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36899"
},
{
"cve": "CVE-2024-36900",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36900"
},
{
"cve": "CVE-2024-36901",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36901"
},
{
"cve": "CVE-2024-36902",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36902"
},
{
"cve": "CVE-2024-36903",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36903"
},
{
"cve": "CVE-2024-36904",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36904"
},
{
"cve": "CVE-2024-36905",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36905"
},
{
"cve": "CVE-2024-36906",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36906"
},
{
"cve": "CVE-2024-36907",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36907"
},
{
"cve": "CVE-2024-36908",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36908"
},
{
"cve": "CVE-2024-36909",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36909"
},
{
"cve": "CVE-2024-36910",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36910"
},
{
"cve": "CVE-2024-36911",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36911"
},
{
"cve": "CVE-2024-36912",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36912"
},
{
"cve": "CVE-2024-36913",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36913"
},
{
"cve": "CVE-2024-36914",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36914"
},
{
"cve": "CVE-2024-36915",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36915"
},
{
"cve": "CVE-2024-36916",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36916"
},
{
"cve": "CVE-2024-36917",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36917"
},
{
"cve": "CVE-2024-36918",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36918"
},
{
"cve": "CVE-2024-36919",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36919"
},
{
"cve": "CVE-2024-36920",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36920"
},
{
"cve": "CVE-2024-36921",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36921"
},
{
"cve": "CVE-2024-36922",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36922"
},
{
"cve": "CVE-2024-36923",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36923"
},
{
"cve": "CVE-2024-36924",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36924"
},
{
"cve": "CVE-2024-36925",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36925"
},
{
"cve": "CVE-2024-36926",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36926"
},
{
"cve": "CVE-2024-36927",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36927"
},
{
"cve": "CVE-2024-36928",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36928"
},
{
"cve": "CVE-2024-36929",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36929"
},
{
"cve": "CVE-2024-36930",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36930"
},
{
"cve": "CVE-2024-36931",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36931"
},
{
"cve": "CVE-2024-36932",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36932"
},
{
"cve": "CVE-2024-36933",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36933"
},
{
"cve": "CVE-2024-36934",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36934"
},
{
"cve": "CVE-2024-36935",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36935"
},
{
"cve": "CVE-2024-36936",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36936"
},
{
"cve": "CVE-2024-36937",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36937"
},
{
"cve": "CVE-2024-36938",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36938"
},
{
"cve": "CVE-2024-36939",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36939"
},
{
"cve": "CVE-2024-36940",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36940"
},
{
"cve": "CVE-2024-36941",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36941"
},
{
"cve": "CVE-2024-36942",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36942"
},
{
"cve": "CVE-2024-36943",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36943"
},
{
"cve": "CVE-2024-36944",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36944"
},
{
"cve": "CVE-2024-36945",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36945"
},
{
"cve": "CVE-2024-36946",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36946"
},
{
"cve": "CVE-2024-36947",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36947"
},
{
"cve": "CVE-2024-36948",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36948"
},
{
"cve": "CVE-2024-36949",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36949"
},
{
"cve": "CVE-2024-36950",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36950"
},
{
"cve": "CVE-2024-36951",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36951"
},
{
"cve": "CVE-2024-36952",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36952"
},
{
"cve": "CVE-2024-36953",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36953"
},
{
"cve": "CVE-2024-36954",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36954"
},
{
"cve": "CVE-2024-36955",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36955"
},
{
"cve": "CVE-2024-36956",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36956"
},
{
"cve": "CVE-2024-36957",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36957"
},
{
"cve": "CVE-2024-36958",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36958"
},
{
"cve": "CVE-2024-36959",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie z.B. dem Buildroot, dem Llvmn oder dem Netfilter, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz oder einem Use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen \u0027Denial of Service\u0027-Zustand herbeizuf\u00fchren oder einen nicht spezifizierten Angriff durchzuf\u00fchren"
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"398363",
"T035130",
"T004914",
"T032255"
]
},
"release_date": "2024-05-30T22:00:00Z",
"title": "CVE-2024-36959"
}
]
}
cve-2024-36930
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
spi: fix null pointer dereference within spi_sync
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e005d6754e3e440257006795b687c4ad8733b493"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a30659f1576d2c8e62e7426232bb18b885fd951a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2070d008cc08bff50a58f0f4d30f12d3ebf94c00"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4756fa529b2f12b7cb8f21fe229b0f6f47190829"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e005d6754e3e",
"status": "affected",
"version": "ae7d2346dc89",
"versionType": "git"
},
{
"lessThan": "a30659f1576d",
"status": "affected",
"version": "ae7d2346dc89",
"versionType": "git"
},
{
"lessThan": "2070d008cc08",
"status": "affected",
"version": "ae7d2346dc89",
"versionType": "git"
},
{
"lessThan": "4756fa529b2f",
"status": "affected",
"version": "ae7d2346dc89",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/spi/spi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: fix null pointer dereference within spi_sync\n\nIf spi_sync() is called with the non-empty queue and the same spi_message\nis then reused, the complete callback for the message remains set while\nthe context is cleared, leading to a null pointer dereference when the\ncallback is invoked from spi_finalize_current_message().\n\nWith function inlining disabled, the call stack might look like this:\n\n _raw_spin_lock_irqsave from complete_with_flags+0x18/0x58\n complete_with_flags from spi_complete+0x8/0xc\n spi_complete from spi_finalize_current_message+0xec/0x184\n spi_finalize_current_message from spi_transfer_one_message+0x2a8/0x474\n spi_transfer_one_message from __spi_pump_transfer_message+0x104/0x230\n __spi_pump_transfer_message from __spi_transfer_message_noqueue+0x30/0xc4\n __spi_transfer_message_noqueue from __spi_sync+0x204/0x248\n __spi_sync from spi_sync+0x24/0x3c\n spi_sync from mcp251xfd_regmap_crc_read+0x124/0x28c [mcp251xfd]\n mcp251xfd_regmap_crc_read [mcp251xfd] from _regmap_raw_read+0xf8/0x154\n _regmap_raw_read from _regmap_bus_read+0x44/0x70\n _regmap_bus_read from _regmap_read+0x60/0xd8\n _regmap_read from regmap_read+0x3c/0x5c\n regmap_read from mcp251xfd_alloc_can_err_skb+0x1c/0x54 [mcp251xfd]\n mcp251xfd_alloc_can_err_skb [mcp251xfd] from mcp251xfd_irq+0x194/0xe70 [mcp251xfd]\n mcp251xfd_irq [mcp251xfd] from irq_thread_fn+0x1c/0x78\n irq_thread_fn from irq_thread+0x118/0x1f4\n irq_thread from kthread+0xd8/0xf4\n kthread from ret_from_fork+0x14/0x28\n\nFix this by also setting message-\u003ecomplete to NULL when the transfer is\ncomplete."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:22.012Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e005d6754e3e440257006795b687c4ad8733b493"
},
{
"url": "https://git.kernel.org/stable/c/a30659f1576d2c8e62e7426232bb18b885fd951a"
},
{
"url": "https://git.kernel.org/stable/c/2070d008cc08bff50a58f0f4d30f12d3ebf94c00"
},
{
"url": "https://git.kernel.org/stable/c/4756fa529b2f12b7cb8f21fe229b0f6f47190829"
}
],
"title": "spi: fix null pointer dereference within spi_sync",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36930",
"datePublished": "2024-05-30T15:29:22.012Z",
"dateReserved": "2024-05-30T15:25:07.070Z",
"dateUpdated": "2024-08-02T03:43:50.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36031
Vulnerability from cvelistv5
Published
2024-05-30 15:23
Modified
2024-08-02 03:30
Severity
Summary
keys: Fix overwrite of key expiration on instantiation
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ad2011ea7879",
"status": "affected",
"version": "97be1e865e70",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ed79b93f725c",
"status": "affected",
"version": "2552b32b0b34",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e4519a016650",
"status": "affected",
"version": "791d5409cdb9",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "25777f3f4e1f",
"status": "affected",
"version": "afc360e8a125",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "939a08bcd433",
"status": "affected",
"version": "39299bdd2546",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "cc219cb8afbc",
"status": "affected",
"version": "39299bdd2546",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "9da27fb65a14",
"status": "affected",
"version": "39299bdd2546",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.7:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "6.7"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.11",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.16",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.9",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.10",
"status": "unaffected",
"version": "6.9.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36031",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:16:33.695503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-324",
"description": "CWE-324 Use of a Key Past its Expiration Date",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:29:28.918Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.891Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d5a4e06d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/939a08bcd4334bad4b201e60bd0ae1f278d71d41"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc219cb8afbc40ec100c0de941047bb29373126a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"security/keys/key.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ad2011ea7879",
"status": "affected",
"version": "97be1e865e70",
"versionType": "git"
},
{
"lessThan": "ed79b93f725c",
"status": "affected",
"version": "2552b32b0b34",
"versionType": "git"
},
{
"lessThan": "e4519a016650",
"status": "affected",
"version": "791d5409cdb9",
"versionType": "git"
},
{
"lessThan": "25777f3f4e1f",
"status": "affected",
"version": "afc360e8a125",
"versionType": "git"
},
{
"lessThan": "939a08bcd433",
"status": "affected",
"version": "39299bdd2546",
"versionType": "git"
},
{
"lessThan": "cc219cb8afbc",
"status": "affected",
"version": "39299bdd2546",
"versionType": "git"
},
{
"lessThan": "9da27fb65a14",
"status": "affected",
"version": "39299bdd2546",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"security/keys/key.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkeys: Fix overwrite of key expiration on instantiation\n\nThe expiry time of a key is unconditionally overwritten during\ninstantiation, defaulting to turn it permanent. This causes a problem\nfor DNS resolution as the expiration set by user-space is overwritten to\nTIME64_MAX, disabling further DNS updates. Fix this by restoring the\ncondition that key_set_expiry is only called when the pre-parser sets a\nspecific expiry."
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T06:46:54.288Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a"
},
{
"url": "https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be"
},
{
"url": "https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d5a4e06d"
},
{
"url": "https://git.kernel.org/stable/c/25777f3f4e1f371d16a594925f31e37ce07b6ec7"
},
{
"url": "https://git.kernel.org/stable/c/939a08bcd4334bad4b201e60bd0ae1f278d71d41"
},
{
"url": "https://git.kernel.org/stable/c/cc219cb8afbc40ec100c0de941047bb29373126a"
},
{
"url": "https://git.kernel.org/stable/c/9da27fb65a14c18efd4473e2e82b76b53ba60252"
}
],
"title": "keys: Fix overwrite of key expiration on instantiation",
"x_generator": {
"engine": "bippy-c9c4e1df01b2"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36031",
"datePublished": "2024-05-30T15:23:46.831Z",
"dateReserved": "2024-05-17T13:50:33.160Z",
"dateUpdated": "2024-08-02T03:30:12.891Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36889
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2024-08-02 03:43
Severity
Summary
mptcp: ensure snd_nxt is properly initialized on connect
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36889",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:29:56.745706Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:33:02.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/99951b62bf20cec9247f633a3bea898338b9e5b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc941fec0719d0471a5902424d6b2a17df233193"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39ca83ed73db9edcc6d70c0dc7a73085a4725012"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa0c07c1f20e05b30019bff083ec43665536f06f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/592f69b41766d366dbb8ff4ef5a67c4396527bbe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb7a0d334894206ae35f023a82cad5a290fd7386"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/mptcp/protocol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "99951b62bf20",
"status": "affected",
"version": "8fd738049ac3",
"versionType": "git"
},
{
"lessThan": "dc941fec0719",
"status": "affected",
"version": "8fd738049ac3",
"versionType": "git"
},
{
"lessThan": "39ca83ed73db",
"status": "affected",
"version": "8fd738049ac3",
"versionType": "git"
},
{
"lessThan": "aa0c07c1f20e",
"status": "affected",
"version": "8fd738049ac3",
"versionType": "git"
},
{
"lessThan": "592f69b41766",
"status": "affected",
"version": "8fd738049ac3",
"versionType": "git"
},
{
"lessThan": "fb7a0d334894",
"status": "affected",
"version": "8fd738049ac3",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/mptcp/protocol.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.9"
},
{
"lessThan": "5.9",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.218",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: ensure snd_nxt is properly initialized on connect\n\nChristoph reported a splat hinting at a corrupted snd_una:\n\n WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n Modules linked in:\n CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\n Workqueue: events mptcp_worker\n RIP: 0010:__mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n Code: be 06 01 00 00 bf 06 01 00 00 e8 a8 12 e7 fe e9 00 fe ff ff e8\n \t8e 1a e7 fe 0f b7 ab 3e 02 00 00 e9 d3 fd ff ff e8 7d 1a e7 fe\n \t\u003c0f\u003e 0b 4c 8b bb e0 05 00 00 e9 74 fc ff ff e8 6a 1a e7 fe 0f 0b e9\n RSP: 0018:ffffc9000013fd48 EFLAGS: 00010293\n RAX: 0000000000000000 RBX: ffff8881029bd280 RCX: ffffffff82382fe4\n RDX: ffff8881003cbd00 RSI: ffffffff823833c3 RDI: 0000000000000001\n RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888138ba8000\n R13: 0000000000000106 R14: ffff8881029bd908 R15: ffff888126560000\n FS: 0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f604a5dae38 CR3: 0000000101dac002 CR4: 0000000000170ef0\n Call Trace:\n \u003cTASK\u003e\n __mptcp_clean_una_wakeup net/mptcp/protocol.c:1055 [inline]\n mptcp_clean_una_wakeup net/mptcp/protocol.c:1062 [inline]\n __mptcp_retrans+0x7f/0x7e0 net/mptcp/protocol.c:2615\n mptcp_worker+0x434/0x740 net/mptcp/protocol.c:2767\n process_one_work+0x1e0/0x560 kernel/workqueue.c:3254\n process_scheduled_works kernel/workqueue.c:3335 [inline]\n worker_thread+0x3c7/0x640 kernel/workqueue.c:3416\n kthread+0x121/0x170 kernel/kthread.c:388\n ret_from_fork+0x44/0x50 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243\n \u003c/TASK\u003e\n\nWhen fallback to TCP happens early on a client socket, snd_nxt\nis not yet initialized and any incoming ack will copy such value\ninto snd_una. If the mptcp worker (dumbly) tries mptcp-level\nre-injection after such ack, that would unconditionally trigger a send\nbuffer cleanup using \u0027bad\u0027 snd_una values.\n\nWe could easily disable re-injection for fallback sockets, but such\ndumb behavior already helped catching a few subtle issues and a very\nlow to zero impact in practice.\n\nInstead address the issue always initializing snd_nxt (and write_seq,\nfor consistency) at connect time."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:28:56.794Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/99951b62bf20cec9247f633a3bea898338b9e5b4"
},
{
"url": "https://git.kernel.org/stable/c/dc941fec0719d0471a5902424d6b2a17df233193"
},
{
"url": "https://git.kernel.org/stable/c/39ca83ed73db9edcc6d70c0dc7a73085a4725012"
},
{
"url": "https://git.kernel.org/stable/c/aa0c07c1f20e05b30019bff083ec43665536f06f"
},
{
"url": "https://git.kernel.org/stable/c/592f69b41766d366dbb8ff4ef5a67c4396527bbe"
},
{
"url": "https://git.kernel.org/stable/c/fb7a0d334894206ae35f023a82cad5a290fd7386"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "mptcp: ensure snd_nxt is properly initialized on connect",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36889",
"datePublished": "2024-05-30T15:28:56.794Z",
"dateReserved": "2024-05-30T15:25:07.065Z",
"dateUpdated": "2024-08-02T03:43:49.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36929
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-09-05 08:03
Severity
Summary
net: core: reject skb_copy(_expand) for fraglist GSO skbs
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36929",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:42:14.703241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:55.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-05T08:03:34.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/faa83a7797f06cefed86731ba4baa3b4dfdc06c1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7af99cc21923a9650533c9d77265c8dd683a533"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/989bf6fd1e1d058e73a364dce1a0c53d33373f62"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfe34d86ef9765c388f145039006bb79b6c81ac6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aea5e2669c2863fdd8679c40ee310b3bcaa85aec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d091e579b864fa790dd6a0cd537a22c383126681"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "faa83a7797f0",
"status": "affected",
"version": "3a1296a38d0c",
"versionType": "git"
},
{
"lessThan": "c7af99cc2192",
"status": "affected",
"version": "3a1296a38d0c",
"versionType": "git"
},
{
"lessThan": "989bf6fd1e1d",
"status": "affected",
"version": "3a1296a38d0c",
"versionType": "git"
},
{
"lessThan": "cfe34d86ef97",
"status": "affected",
"version": "3a1296a38d0c",
"versionType": "git"
},
{
"lessThan": "aea5e2669c28",
"status": "affected",
"version": "3a1296a38d0c",
"versionType": "git"
},
{
"lessThan": "d091e579b864",
"status": "affected",
"version": "3a1296a38d0c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: core: reject skb_copy(_expand) for fraglist GSO skbs\n\nSKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become\ninvalid. Return NULL if such an skb is passed to skb_copy or\nskb_copy_expand, in order to prevent a crash on a potential later\ncall to skb_gso_segment."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:21.430Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/faa83a7797f06cefed86731ba4baa3b4dfdc06c1"
},
{
"url": "https://git.kernel.org/stable/c/c7af99cc21923a9650533c9d77265c8dd683a533"
},
{
"url": "https://git.kernel.org/stable/c/989bf6fd1e1d058e73a364dce1a0c53d33373f62"
},
{
"url": "https://git.kernel.org/stable/c/cfe34d86ef9765c388f145039006bb79b6c81ac6"
},
{
"url": "https://git.kernel.org/stable/c/aea5e2669c2863fdd8679c40ee310b3bcaa85aec"
},
{
"url": "https://git.kernel.org/stable/c/d091e579b864fa790dd6a0cd537a22c383126681"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "net: core: reject skb_copy(_expand) for fraglist GSO skbs",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36929",
"datePublished": "2024-05-30T15:29:21.430Z",
"dateReserved": "2024-05-30T15:25:07.069Z",
"dateUpdated": "2024-09-05T08:03:34.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36027
Vulnerability from cvelistv5
Published
2024-05-30 15:10
Modified
2024-08-02 03:30
Severity
Summary
btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36027",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:34:25.215751Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:34:35.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4b994fccbb6f294c4b31a6ca0114b09f7245043"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68879386180c0efd5a11e800b0525a01068c9457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/btrfs/extent_io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f4b994fccbb6",
"status": "affected",
"version": "aa6313e6ff2b",
"versionType": "git"
},
{
"lessThan": "68879386180c",
"status": "affected",
"version": "aa6313e6ff2b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/btrfs/extent_io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer\n\nBtrfs clears the content of an extent buffer marked as\nEXTENT_BUFFER_ZONED_ZEROOUT before the bio submission. This mechanism is\nintroduced to prevent a write hole of an extent buffer, which is once\nallocated, marked dirty, but turns out unnecessary and cleaned up within\none transaction operation.\n\nCurrently, btrfs_clear_buffer_dirty() marks the extent buffer as\nEXTENT_BUFFER_ZONED_ZEROOUT, and skips the entry function. If this call\nhappens while the buffer is under IO (with the WRITEBACK flag set,\nwithout the DIRTY flag), we can add the ZEROOUT flag and clear the\nbuffer\u0027s content just before a bio submission. As a result:\n\n1) it can lead to adding faulty delayed reference item which leads to a\n FS corrupted (EUCLEAN) error, and\n\n2) it writes out cleared tree node on disk\n\nThe former issue is previously discussed in [1]. The corruption happens\nwhen it runs a delayed reference update. So, on-disk data is safe.\n\n[1] https://lore.kernel.org/linux-btrfs/3f4f2a0ff1a6c818050434288925bdcf3cd719e5.1709124777.git.naohiro.aota@wdc.com/\n\nThe latter one can reach on-disk data. But, as that node is already\nprocessed by btrfs_clear_buffer_dirty(), that will be invalidated in the\nnext transaction commit anyway. So, the chance of hitting the corruption\nis relatively small.\n\nAnyway, we should skip flagging ZEROOUT on a non-DIRTY extent buffer, to\nkeep the content under IO intact."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:10:17.129Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f4b994fccbb6f294c4b31a6ca0114b09f7245043"
},
{
"url": "https://git.kernel.org/stable/c/68879386180c0efd5a11e800b0525a01068c9457"
}
],
"title": "btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36027",
"datePublished": "2024-05-30T15:10:17.129Z",
"dateReserved": "2024-05-17T13:50:33.159Z",
"dateUpdated": "2024-08-02T03:30:12.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36945
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
net/smc: fix neighbour and rtable leak in smc_ib_find_route()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T20:30:31.469457Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T20:30:45.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "ADP Container"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d5a466ab6e78d6f2e0f64435f1e17246c8e941ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5df93c029a907b0ff5a4eeadd77ba06ff0a277d2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/da91e447d06dc649fcf46e59122e7bf8f0b2e0db"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/smc/smc_ib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d5a466ab6e78",
"status": "affected",
"version": "e5c4744cfb59",
"versionType": "git"
},
{
"lessThan": "5df93c029a90",
"status": "affected",
"version": "e5c4744cfb59",
"versionType": "git"
},
{
"lessThan": "da91e447d06d",
"status": "affected",
"version": "e5c4744cfb59",
"versionType": "git"
},
{
"lessThan": "2ddc0dd7fec8",
"status": "affected",
"version": "e5c4744cfb59",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/smc/smc_ib.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.16"
},
{
"lessThan": "5.16",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: fix neighbour and rtable leak in smc_ib_find_route()\n\nIn smc_ib_find_route(), the neighbour found by neigh_lookup() and rtable\nresolved by ip_route_output_flow() are not released or put before return.\nIt may cause the refcount leak, so fix it."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:43.299Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d5a466ab6e78d6f2e0f64435f1e17246c8e941ff"
},
{
"url": "https://git.kernel.org/stable/c/5df93c029a907b0ff5a4eeadd77ba06ff0a277d2"
},
{
"url": "https://git.kernel.org/stable/c/da91e447d06dc649fcf46e59122e7bf8f0b2e0db"
},
{
"url": "https://git.kernel.org/stable/c/2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06"
}
],
"title": "net/smc: fix neighbour and rtable leak in smc_ib_find_route()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36945",
"datePublished": "2024-05-30T15:35:43.299Z",
"dateReserved": "2024-05-30T15:25:07.079Z",
"dateUpdated": "2024-08-02T03:43:50.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36956
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
thermal/debugfs: Free all thermal zone debug memory on zone removal
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36956",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:35:46.272344Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T16:55:26.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f51564e4b3992b53df79460ed5781a5330b5b1d5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/72c1afffa4c645fe0e0f1c03e5f34395ed65b5f4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thermal/thermal_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f51564e4b399",
"status": "affected",
"version": "7ef01f228c9f",
"versionType": "git"
},
{
"lessThan": "72c1afffa4c6",
"status": "affected",
"version": "7ef01f228c9f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thermal/thermal_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/debugfs: Free all thermal zone debug memory on zone removal\n\nBecause thermal_debug_tz_remove() does not free all memory allocated for\nthermal zone diagnostics, some of that memory becomes unreachable after\nfreeing the thermal zone\u0027s struct thermal_debugfs object.\n\nAddress this by making thermal_debug_tz_remove() free all of the memory\nin question.\n\nCc :6.8+ \u003cstable@vger.kernel.org\u003e # 6.8+"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:49.854Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f51564e4b3992b53df79460ed5781a5330b5b1d5"
},
{
"url": "https://git.kernel.org/stable/c/72c1afffa4c645fe0e0f1c03e5f34395ed65b5f4"
}
],
"title": "thermal/debugfs: Free all thermal zone debug memory on zone removal",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36956",
"datePublished": "2024-05-30T15:35:49.854Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2024-08-02T03:43:50.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36921
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
wifi: iwlwifi: mvm: guard against invalid STA ID on removal
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94f80a8ec15e238b78521f20f8afaed60521a294"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fab21d220017daa5fd8a3d788ff25ccfecfaae2f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "94f80a8ec15e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "fab21d220017",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "17f64517bf5c",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/mvm/mld-sta.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: mvm: guard against invalid STA ID on removal\n\nGuard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would\nresult in out-of-bounds array accesses. This prevents issues should the\ndriver get into a bad state during error handling."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:15.696Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/94f80a8ec15e238b78521f20f8afaed60521a294"
},
{
"url": "https://git.kernel.org/stable/c/fab21d220017daa5fd8a3d788ff25ccfecfaae2f"
},
{
"url": "https://git.kernel.org/stable/c/17f64517bf5c26af56b6c3566273aad6646c3c4f"
}
],
"title": "wifi: iwlwifi: mvm: guard against invalid STA ID on removal",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36921",
"datePublished": "2024-05-30T15:29:15.696Z",
"dateReserved": "2024-05-30T15:25:07.068Z",
"dateUpdated": "2024-08-02T03:43:49.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36904
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-09-05 08:03
Severity
Summary
tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36904",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:20:22.181493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:20:38.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-05T08:03:30.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84546cc1aeeb4df3e444b18a4293c9823f974be9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1796ca9c6f5bd50554214053af5f47d112818ee3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d9cf07810c30ef7948879567d10fd1f01121d34"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/27b0284d8be182a81feb65581ab6a724dfd596e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13ed7cdf079686ccd3618335205700c03f6fb446"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e48faad92be13166184d21506e4e54c79c13adc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2db7230f73a80dbb179deab78f88a7947f0ab7e"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_ipv4.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "84546cc1aeeb",
"status": "affected",
"version": "ec94c2696f0b",
"versionType": "git"
},
{
"lessThan": "1796ca9c6f5b",
"status": "affected",
"version": "ec94c2696f0b",
"versionType": "git"
},
{
"lessThan": "1d9cf07810c3",
"status": "affected",
"version": "ec94c2696f0b",
"versionType": "git"
},
{
"lessThan": "27b0284d8be1",
"status": "affected",
"version": "ec94c2696f0b",
"versionType": "git"
},
{
"lessThan": "13ed7cdf0796",
"status": "affected",
"version": "ec94c2696f0b",
"versionType": "git"
},
{
"lessThan": "6e48faad92be",
"status": "affected",
"version": "ec94c2696f0b",
"versionType": "git"
},
{
"lessThan": "517e32ea0a8c",
"status": "affected",
"version": "ec94c2696f0b",
"versionType": "git"
},
{
"lessThan": "f2db7230f73a",
"status": "affected",
"version": "ec94c2696f0b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_ipv4.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Use refcount_inc_not_zero() in tcp_twsk_unique().\n\nAnderson Nascimento reported a use-after-free splat in tcp_twsk_unique()\nwith nice analysis.\n\nSince commit ec94c2696f0b (\"tcp/dccp: avoid one atomic operation for\ntimewait hashdance\"), inet_twsk_hashdance() sets TIME-WAIT socket\u0027s\nsk_refcnt after putting it into ehash and releasing the bucket lock.\n\nThus, there is a small race window where other threads could try to\nreuse the port during connect() and call sock_hold() in tcp_twsk_unique()\nfor the TIME-WAIT socket with zero refcnt.\n\nIf that happens, the refcnt taken by tcp_twsk_unique() is overwritten\nand sock_put() will cause underflow, triggering a real use-after-free\nsomewhere else.\n\nTo avoid the use-after-free, we need to use refcount_inc_not_zero() in\ntcp_twsk_unique() and give up on reusing the port if it returns false.\n\n[0]:\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 0 PID: 1039313 at lib/refcount.c:25 refcount_warn_saturate+0xe5/0x110\nCPU: 0 PID: 1039313 Comm: trigger Not tainted 6.8.6-200.fc39.x86_64 #1\nHardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.21805430.B64.2305221830 05/22/2023\nRIP: 0010:refcount_warn_saturate+0xe5/0x110\nCode: 42 8e ff 0f 0b c3 cc cc cc cc 80 3d aa 13 ea 01 00 0f 85 5e ff ff ff 48 c7 c7 f8 8e b7 82 c6 05 96 13 ea 01 01 e8 7b 42 8e ff \u003c0f\u003e 0b c3 cc cc cc cc 48 c7 c7 50 8f b7 82 c6 05 7a 13 ea 01 01 e8\nRSP: 0018:ffffc90006b43b60 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffff888009bb3ef0 RCX: 0000000000000027\nRDX: ffff88807be218c8 RSI: 0000000000000001 RDI: ffff88807be218c0\nRBP: 0000000000069d70 R08: 0000000000000000 R09: ffffc90006b439f0\nR10: ffffc90006b439e8 R11: 0000000000000003 R12: ffff8880029ede84\nR13: 0000000000004e20 R14: ffffffff84356dc0 R15: ffff888009bb3ef0\nFS: 00007f62c10926c0(0000) GS:ffff88807be00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020ccb000 CR3: 000000004628c005 CR4: 0000000000f70ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? refcount_warn_saturate+0xe5/0x110\n ? __warn+0x81/0x130\n ? refcount_warn_saturate+0xe5/0x110\n ? report_bug+0x171/0x1a0\n ? refcount_warn_saturate+0xe5/0x110\n ? handle_bug+0x3c/0x80\n ? exc_invalid_op+0x17/0x70\n ? asm_exc_invalid_op+0x1a/0x20\n ? refcount_warn_saturate+0xe5/0x110\n tcp_twsk_unique+0x186/0x190\n __inet_check_established+0x176/0x2d0\n __inet_hash_connect+0x74/0x7d0\n ? __pfx___inet_check_established+0x10/0x10\n tcp_v4_connect+0x278/0x530\n __inet_stream_connect+0x10f/0x3d0\n inet_stream_connect+0x3a/0x60\n __sys_connect+0xa8/0xd0\n __x64_sys_connect+0x18/0x20\n do_syscall_64+0x83/0x170\n entry_SYSCALL_64_after_hwframe+0x78/0x80\nRIP: 0033:0x7f62c11a885d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d a3 45 0c 00 f7 d8 64 89 01 48\nRSP: 002b:00007f62c1091e58 EFLAGS: 00000296 ORIG_RAX: 000000000000002a\nRAX: ffffffffffffffda RBX: 0000000020ccb004 RCX: 00007f62c11a885d\nRDX: 0000000000000010 RSI: 0000000020ccb000 RDI: 0000000000000003\nRBP: 00007f62c1091e90 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000296 R12: 00007f62c10926c0\nR13: ffffffffffffff88 R14: 0000000000000000 R15: 00007ffe237885b0\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:05.457Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/84546cc1aeeb4df3e444b18a4293c9823f974be9"
},
{
"url": "https://git.kernel.org/stable/c/1796ca9c6f5bd50554214053af5f47d112818ee3"
},
{
"url": "https://git.kernel.org/stable/c/1d9cf07810c30ef7948879567d10fd1f01121d34"
},
{
"url": "https://git.kernel.org/stable/c/27b0284d8be182a81feb65581ab6a724dfd596e8"
},
{
"url": "https://git.kernel.org/stable/c/13ed7cdf079686ccd3618335205700c03f6fb446"
},
{
"url": "https://git.kernel.org/stable/c/6e48faad92be13166184d21506e4e54c79c13adc"
},
{
"url": "https://git.kernel.org/stable/c/517e32ea0a8c72202d0d8aa8df50a7cd3d6fdefc"
},
{
"url": "https://git.kernel.org/stable/c/f2db7230f73a80dbb179deab78f88a7947f0ab7e"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36904",
"datePublished": "2024-05-30T15:29:05.457Z",
"dateReserved": "2024-05-30T15:25:07.067Z",
"dateUpdated": "2024-09-05T08:03:30.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36937
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
xdp: use flags field to disambiguate broadcast redirect
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/12481f30128fbebc2eeb55eb2d56390fdfa30c5e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/272bfb019f3cc018f654b992115774e77b4f3ffc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e22e25820fa04ea5eaac4ef7ee200e9923f466a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fd81f9d333e7b3532036577b1beb74ba1323553"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5bcf0dcbf9066348058b88a510c57f70f384c92c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "12481f30128f",
"status": "affected",
"version": "e624d4ed4aa8",
"versionType": "git"
},
{
"lessThan": "272bfb019f3c",
"status": "affected",
"version": "e624d4ed4aa8",
"versionType": "git"
},
{
"lessThan": "e22e25820fa0",
"status": "affected",
"version": "e624d4ed4aa8",
"versionType": "git"
},
{
"lessThan": "6fd81f9d333e",
"status": "affected",
"version": "e624d4ed4aa8",
"versionType": "git"
},
{
"lessThan": "5bcf0dcbf906",
"status": "affected",
"version": "e624d4ed4aa8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/filter.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: use flags field to disambiguate broadcast redirect\n\nWhen redirecting a packet using XDP, the bpf_redirect_map() helper will set\nup the redirect destination information in struct bpf_redirect_info (using\nthe __bpf_xdp_redirect_map() helper function), and the xdp_do_redirect()\nfunction will read this information after the XDP program returns and pass\nthe frame on to the right redirect destination.\n\nWhen using the BPF_F_BROADCAST flag to do multicast redirect to a whole\nmap, __bpf_xdp_redirect_map() sets the \u0027map\u0027 pointer in struct\nbpf_redirect_info to point to the destination map to be broadcast. And\nxdp_do_redirect() reacts to the value of this map pointer to decide whether\nit\u0027s dealing with a broadcast or a single-value redirect. However, if the\ndestination map is being destroyed before xdp_do_redirect() is called, the\nmap pointer will be cleared out (by bpf_clear_redirect_map()) without\nwaiting for any XDP programs to stop running. This causes xdp_do_redirect()\nto think that the redirect was to a single target, but the target pointer\nis also NULL (since broadcast redirects don\u0027t have a single target), so\nthis causes a crash when a NULL pointer is passed to dev_map_enqueue().\n\nTo fix this, change xdp_do_redirect() to react directly to the presence of\nthe BPF_F_BROADCAST flag in the \u0027flags\u0027 value in struct bpf_redirect_info\nto disambiguate between a single-target and a broadcast redirect. And only\nread the \u0027map\u0027 pointer if the broadcast flag is set, aborting if that has\nbeen cleared out in the meantime. This prevents the crash, while keeping\nthe atomic (cmpxchg-based) clearing of the map pointer itself, and without\nadding any more checks in the non-broadcast fast path."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:26.353Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/12481f30128fbebc2eeb55eb2d56390fdfa30c5e"
},
{
"url": "https://git.kernel.org/stable/c/272bfb019f3cc018f654b992115774e77b4f3ffc"
},
{
"url": "https://git.kernel.org/stable/c/e22e25820fa04ea5eaac4ef7ee200e9923f466a4"
},
{
"url": "https://git.kernel.org/stable/c/6fd81f9d333e7b3532036577b1beb74ba1323553"
},
{
"url": "https://git.kernel.org/stable/c/5bcf0dcbf9066348058b88a510c57f70f384c92c"
}
],
"title": "xdp: use flags field to disambiguate broadcast redirect",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36937",
"datePublished": "2024-05-30T15:29:26.353Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2024-08-02T03:43:50.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36016
Vulnerability from cvelistv5
Published
2024-05-29 18:46
Modified
2024-08-22 17:58
Severity
Summary
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b890d45aaf02",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "47388e807f85",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:2.6.35:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "f126ce7305fe",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "9513d4148950",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "b229bc6c6ea9",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "0fb736c9931e",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "4c267110fc11",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThanOrEqual": "46f52c89a7e7",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "774d83b008ec",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.316",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.278",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.219",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.161",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.93",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.33",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.10",
"status": "unaffected",
"version": "6.9.3",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:00:26.164343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T17:58:33.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.609Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9513d4148950b05bc99fa7314dc883cc0e1605e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0fb736c9931e02dbc7d9a75044c8e1c039e50f04"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c267110fc110390704cc065edb9817fdd10ff54"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46f52c89a7e7d2691b97a9728e4591d071ca8abc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/774d83b008eccb1c48c14dc5486e7aa255731350"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f126ce7305fe88f49cdabc6db4168b9318898ea3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b890d45aaf02b564e6cae2d2a590f9649330857d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47388e807f85948eefc403a8a5fdc5b406a65d5a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/n_gsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9513d4148950",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "git"
},
{
"lessThan": "b229bc6c6ea9",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "git"
},
{
"lessThan": "0fb736c9931e",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "git"
},
{
"lessThan": "4c267110fc11",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "git"
},
{
"lessThan": "46f52c89a7e7",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "git"
},
{
"lessThan": "774d83b008ec",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "git"
},
{
"lessThan": "f126ce7305fe",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "git"
},
{
"lessThan": "b890d45aaf02",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "git"
},
{
"lessThan": "47388e807f85",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/n_gsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix possible out-of-bounds in gsm0_receive()\n\nAssuming the following:\n- side A configures the n_gsm in basic option mode\n- side B sends the header of a basic option mode frame with data length 1\n- side A switches to advanced option mode\n- side B sends 2 data bytes which exceeds gsm-\u003elen\n Reason: gsm-\u003elen is not used in advanced option mode.\n- side A switches to basic option mode\n- side B keeps sending until gsm0_receive() writes past gsm-\u003ebuf\n Reason: Neither gsm-\u003estate nor gsm-\u003elen have been reset after\n reconfiguration.\n\nFix this by changing gsm-\u003ecount to gsm-\u003elen comparison from equal to less\nthan. Also add upper limit checks against the constant MAX_MRU in\ngsm0_receive() and gsm1_receive() to harden against memory corruption of\ngsm-\u003elen and gsm-\u003emru.\n\nAll other checks remain as we still need to limit the data according to the\nuser configuration and actual payload size."
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T06:46:53.094Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9513d4148950b05bc99fa7314dc883cc0e1605e5"
},
{
"url": "https://git.kernel.org/stable/c/b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56"
},
{
"url": "https://git.kernel.org/stable/c/0fb736c9931e02dbc7d9a75044c8e1c039e50f04"
},
{
"url": "https://git.kernel.org/stable/c/4c267110fc110390704cc065edb9817fdd10ff54"
},
{
"url": "https://git.kernel.org/stable/c/46f52c89a7e7d2691b97a9728e4591d071ca8abc"
},
{
"url": "https://git.kernel.org/stable/c/774d83b008eccb1c48c14dc5486e7aa255731350"
},
{
"url": "https://git.kernel.org/stable/c/f126ce7305fe88f49cdabc6db4168b9318898ea3"
},
{
"url": "https://git.kernel.org/stable/c/b890d45aaf02b564e6cae2d2a590f9649330857d"
},
{
"url": "https://git.kernel.org/stable/c/47388e807f85948eefc403a8a5fdc5b406a65d5a"
}
],
"title": "tty: n_gsm: fix possible out-of-bounds in gsm0_receive()",
"x_generator": {
"engine": "bippy-c9c4e1df01b2"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36016",
"datePublished": "2024-05-29T18:46:34.778Z",
"dateReserved": "2024-05-17T13:50:33.154Z",
"dateUpdated": "2024-08-22T17:58:33.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36025
Vulnerability from cvelistv5
Published
2024-05-30 15:07
Modified
2024-08-02 03:30
Severity
Summary
scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T18:50:12.188333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:50:20.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c820f7c8e9b46238d277c575392fe9930207aab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9fc74e367be4247a5ac39bb8ec41eaa73fade510"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/60b87b5ecbe07d70897d35947b0bb3e76ccd1b3a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea8ac95c22c93acecb710209a7fd10b851afe817"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4406e4176f47177f5e51b4cc7e6a7a2ff3dbfbbd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_edif.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8c820f7c8e9b",
"status": "affected",
"version": "7878f22a2e03",
"versionType": "git"
},
{
"lessThan": "9fc74e367be4",
"status": "affected",
"version": "7878f22a2e03",
"versionType": "git"
},
{
"lessThan": "60b87b5ecbe0",
"status": "affected",
"version": "7878f22a2e03",
"versionType": "git"
},
{
"lessThan": "ea8ac95c22c9",
"status": "affected",
"version": "7878f22a2e03",
"versionType": "git"
},
{
"lessThan": "4406e4176f47",
"status": "affected",
"version": "7878f22a2e03",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/qla2xxx/qla_edif.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.156",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix off by one in qla_edif_app_getstats()\n\nThe app_reply-\u003eelem[] array is allocated earlier in this function and it\nhas app_req.num_ports elements. Thus this \u003e comparison needs to be \u003e= to\nprevent memory corruption."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:07:30.702Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8c820f7c8e9b46238d277c575392fe9930207aab"
},
{
"url": "https://git.kernel.org/stable/c/9fc74e367be4247a5ac39bb8ec41eaa73fade510"
},
{
"url": "https://git.kernel.org/stable/c/60b87b5ecbe07d70897d35947b0bb3e76ccd1b3a"
},
{
"url": "https://git.kernel.org/stable/c/ea8ac95c22c93acecb710209a7fd10b851afe817"
},
{
"url": "https://git.kernel.org/stable/c/4406e4176f47177f5e51b4cc7e6a7a2ff3dbfbbd"
}
],
"title": "scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36025",
"datePublished": "2024-05-30T15:07:30.702Z",
"dateReserved": "2024-05-17T13:50:33.159Z",
"dateUpdated": "2024-08-02T03:30:12.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36951
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
drm/amdkfd: range check cp bad op exception interrupts
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:43:30.455528Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:43.504Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41dc6791596656dd41100b85647ed489e1d5c2f2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6735bfe941486c5dfc9c3085d2d75d4923f9449"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0cac183b98d8a8c692c98e8dba37df15a9e9210d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c",
"drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c",
"drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c",
"include/uapi/linux/kfd_ioctl.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "41dc67915966",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "b6735bfe9414",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "0cac183b98d8",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_int_process_v10.c",
"drivers/gpu/drm/amd/amdkfd/kfd_int_process_v11.c",
"drivers/gpu/drm/amd/amdkfd/kfd_int_process_v9.c",
"include/uapi/linux/kfd_ioctl.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: range check cp bad op exception interrupts\n\nDue to a CP interrupt bug, bad packet garbage exception codes are raised.\nDo a range check so that the debugger and runtime do not receive garbage\ncodes.\nUpdate the user api to guard exception code type checking as well."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:46.868Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/41dc6791596656dd41100b85647ed489e1d5c2f2"
},
{
"url": "https://git.kernel.org/stable/c/b6735bfe941486c5dfc9c3085d2d75d4923f9449"
},
{
"url": "https://git.kernel.org/stable/c/0cac183b98d8a8c692c98e8dba37df15a9e9210d"
}
],
"title": "drm/amdkfd: range check cp bad op exception interrupts",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36951",
"datePublished": "2024-05-30T15:35:46.868Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2024-08-02T03:43:50.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36882
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2024-08-02 03:43
Severity
Summary
mm: use memalloc_nofs_save() in page_cache_ra_order()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36882",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T17:54:43.270957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:54:51.313Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7629ef6dda1564098aadeef38e5fbd11ee8627c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/468971c3f4b8187f25334503b68050a0e1370147"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf6a1d16c6df3c30b03f0c6a92a2ba7f86dffb45"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/30153e4466647a17eebfced13eede5cbe4290e69"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/readahead.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7629ef6dda15",
"status": "affected",
"version": "793917d997df",
"versionType": "git"
},
{
"lessThan": "468971c3f4b8",
"status": "affected",
"version": "793917d997df",
"versionType": "git"
},
{
"lessThan": "cf6a1d16c6df",
"status": "affected",
"version": "793917d997df",
"versionType": "git"
},
{
"lessThan": "30153e446664",
"status": "affected",
"version": "793917d997df",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/readahead.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.18"
},
{
"lessThan": "5.18",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: use memalloc_nofs_save() in page_cache_ra_order()\n\nSee commit f2c817bed58d (\"mm: use memalloc_nofs_save in readahead path\"),\nensure that page_cache_ra_order() do not attempt to reclaim file-backed\npages too, or it leads to a deadlock, found issue when test ext4 large\nfolio.\n\n INFO: task DataXceiver for:7494 blocked for more than 120 seconds.\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:DataXceiver for state:D stack:0 pid:7494 ppid:1 flags:0x00000200\n Call trace:\n __switch_to+0x14c/0x240\n __schedule+0x82c/0xdd0\n schedule+0x58/0xf0\n io_schedule+0x24/0xa0\n __folio_lock+0x130/0x300\n migrate_pages_batch+0x378/0x918\n migrate_pages+0x350/0x700\n compact_zone+0x63c/0xb38\n compact_zone_order+0xc0/0x118\n try_to_compact_pages+0xb0/0x280\n __alloc_pages_direct_compact+0x98/0x248\n __alloc_pages+0x510/0x1110\n alloc_pages+0x9c/0x130\n folio_alloc+0x20/0x78\n filemap_alloc_folio+0x8c/0x1b0\n page_cache_ra_order+0x174/0x308\n ondemand_readahead+0x1c8/0x2b8\n page_cache_async_ra+0x68/0xb8\n filemap_readahead.isra.0+0x64/0xa8\n filemap_get_pages+0x3fc/0x5b0\n filemap_splice_read+0xf4/0x280\n ext4_file_splice_read+0x2c/0x48 [ext4]\n vfs_splice_read.part.0+0xa8/0x118\n splice_direct_to_actor+0xbc/0x288\n do_splice_direct+0x9c/0x108\n do_sendfile+0x328/0x468\n __arm64_sys_sendfile64+0x8c/0x148\n invoke_syscall+0x4c/0x118\n el0_svc_common.constprop.0+0xc8/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x4c/0x1f8\n el0t_64_sync_handler+0xc0/0xc8\n el0t_64_sync+0x188/0x190"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:28:52.706Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7629ef6dda1564098aadeef38e5fbd11ee8627c4"
},
{
"url": "https://git.kernel.org/stable/c/468971c3f4b8187f25334503b68050a0e1370147"
},
{
"url": "https://git.kernel.org/stable/c/cf6a1d16c6df3c30b03f0c6a92a2ba7f86dffb45"
},
{
"url": "https://git.kernel.org/stable/c/30153e4466647a17eebfced13eede5cbe4290e69"
}
],
"title": "mm: use memalloc_nofs_save() in page_cache_ra_order()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36882",
"datePublished": "2024-05-30T15:28:52.706Z",
"dateReserved": "2024-05-30T15:25:07.064Z",
"dateUpdated": "2024-08-02T03:43:49.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36888
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2024-08-02 03:43
Severity
Summary
workqueue: Fix selection of wake_cpu in kick_pool()
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "c57824d4fe07",
"status": "affected",
"version": "8639ecebc9b1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6d559e70b3eb",
"status": "affected",
"version": "8639ecebc9b1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "57a01eafdcf7",
"status": "affected",
"version": "8639ecebc9b1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "67",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.9",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.6:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "6.6"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T16:08:09.861765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:30:56.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c57824d4fe07c2131f8c48687cbd5ee2be60c767"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6d559e70b3eb6623935cbe7f94c1912c1099777b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57a01eafdcf78f6da34fad9ff075ed5dfdd9f420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/workqueue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c57824d4fe07",
"status": "affected",
"version": "8639ecebc9b1",
"versionType": "git"
},
{
"lessThan": "6d559e70b3eb",
"status": "affected",
"version": "8639ecebc9b1",
"versionType": "git"
},
{
"lessThan": "57a01eafdcf7",
"status": "affected",
"version": "8639ecebc9b1",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/workqueue.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nworkqueue: Fix selection of wake_cpu in kick_pool()\n\nWith cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following\nkernel oops was observed:\n\nsmp: Bringing up secondary CPUs ...\nsmp: Brought up 1 node, 8 CPUs\nUnable to handle kernel pointer dereference in virtual kernel address space\nFailing address: 0000000000000000 TEID: 0000000000000803\n[..]\n Call Trace:\narch_vcpu_is_preempted+0x12/0x80\nselect_idle_sibling+0x42/0x560\nselect_task_rq_fair+0x29a/0x3b0\ntry_to_wake_up+0x38e/0x6e0\nkick_pool+0xa4/0x198\n__queue_work.part.0+0x2bc/0x3a8\ncall_timer_fn+0x36/0x160\n__run_timers+0x1e2/0x328\n__run_timer_base+0x5a/0x88\nrun_timer_softirq+0x40/0x78\n__do_softirq+0x118/0x388\nirq_exit_rcu+0xc0/0xd8\ndo_ext_irq+0xae/0x168\next_int_handler+0xbe/0xf0\npsw_idle_exit+0x0/0xc\ndefault_idle_call+0x3c/0x110\ndo_idle+0xd4/0x158\ncpu_startup_entry+0x40/0x48\nrest_init+0xc6/0xc8\nstart_kernel+0x3c4/0x5e0\nstartup_continue+0x3c/0x50\n\nThe crash is caused by calling arch_vcpu_is_preempted() for an offline\nCPU. To avoid this, select the cpu with cpumask_any_and_distribute()\nto mask __pod_cpumask with cpu_online_mask. In case no cpu is left in\nthe pool, skip the assignment.\n\ntj: This doesn\u0027t fully fix the bug as CPUs can still go down between picking\nthe target CPU and the wake call. Fixing that likely requires adding\ncpu_online() test to either the sched or s390 arch code. However, regardless\nof how that is fixed, workqueue shouldn\u0027t be picking a CPU which isn\u0027t\nonline as that would result in unpredictable and worse behavior."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:28:56.214Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c57824d4fe07c2131f8c48687cbd5ee2be60c767"
},
{
"url": "https://git.kernel.org/stable/c/6d559e70b3eb6623935cbe7f94c1912c1099777b"
},
{
"url": "https://git.kernel.org/stable/c/57a01eafdcf78f6da34fad9ff075ed5dfdd9f420"
}
],
"title": "workqueue: Fix selection of wake_cpu in kick_pool()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36888",
"datePublished": "2024-05-30T15:28:56.214Z",
"dateReserved": "2024-05-30T15:25:07.065Z",
"dateUpdated": "2024-08-02T03:43:49.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-52881
Vulnerability from cvelistv5
Published
2024-05-29 10:15
Modified
2024-08-15 15:11
Severity
Summary
tcp: do not accept ACK of bytes we never sent
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.169Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T16:46:40.495686Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-15T15:11:03.358Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_input.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "69eae75ca525",
"status": "affected",
"version": "354e4aa391ed",
"versionType": "git"
},
{
"lessThan": "458f07ffeccd",
"status": "affected",
"version": "354e4aa391ed",
"versionType": "git"
},
{
"lessThan": "7ffff0cc929f",
"status": "affected",
"version": "354e4aa391ed",
"versionType": "git"
},
{
"lessThan": "b17a886ed29f",
"status": "affected",
"version": "354e4aa391ed",
"versionType": "git"
},
{
"lessThan": "0d4e0afdd665",
"status": "affected",
"version": "354e4aa391ed",
"versionType": "git"
},
{
"lessThan": "008b807fe487",
"status": "affected",
"version": "354e4aa391ed",
"versionType": "git"
},
{
"lessThan": "2087d53a66e9",
"status": "affected",
"version": "354e4aa391ed",
"versionType": "git"
},
{
"lessThan": "3d501dd326fb",
"status": "affected",
"version": "354e4aa391ed",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp_input.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.8"
},
{
"lessThan": "3.8",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.333",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.302",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.264",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.204",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.143",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.68",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.7",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: do not accept ACK of bytes we never sent\n\nThis patch is based on a detailed report and ideas from Yepeng Pan\nand Christian Rossow.\n\nACK seq validation is currently following RFC 5961 5.2 guidelines:\n\n The ACK value is considered acceptable only if\n it is in the range of ((SND.UNA - MAX.SND.WND) \u003c= SEG.ACK \u003c=\n SND.NXT). All incoming segments whose ACK value doesn\u0027t satisfy the\n above condition MUST be discarded and an ACK sent back. It needs to\n be noted that RFC 793 on page 72 (fifth check) says: \"If the ACK is a\n duplicate (SEG.ACK \u003c SND.UNA), it can be ignored. If the ACK\n acknowledges something not yet sent (SEG.ACK \u003e SND.NXT) then send an\n ACK, drop the segment, and return\". The \"ignored\" above implies that\n the processing of the incoming data segment continues, which means\n the ACK value is treated as acceptable. This mitigation makes the\n ACK check more stringent since any ACK \u003c SND.UNA wouldn\u0027t be\n accepted, instead only ACKs that are in the range ((SND.UNA -\n MAX.SND.WND) \u003c= SEG.ACK \u003c= SND.NXT) get through.\n\nThis can be refined for new (and possibly spoofed) flows,\nby not accepting ACK for bytes that were never sent.\n\nThis greatly improves TCP security at a little cost.\n\nI added a Fixes: tag to make sure this patch will reach stable trees,\neven if the \u0027blamed\u0027 patch was adhering to the RFC.\n\ntp-\u003ebytes_acked was added in linux-4.2\n\nFollowing packetdrill test (courtesy of Yepeng Pan) shows\nthe issue at hand:\n\n0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3\n+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0\n+0 bind(3, ..., ...) = 0\n+0 listen(3, 1024) = 0\n\n// ---------------- Handshake ------------------- //\n\n// when window scale is set to 14 the window size can be extended to\n// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet\n// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)\n// ,though this ack number acknowledges some data never\n// sent by the server.\n\n+0 \u003c S 0:0(0) win 65535 \u003cmss 1400,nop,wscale 14\u003e\n+0 \u003e S. 0:0(0) ack 1 \u003c...\u003e\n+0 \u003c . 1:1(0) ack 1 win 65535\n+0 accept(3, ..., ...) = 4\n\n// For the established connection, we send an ACK packet,\n// the ack packet uses ack number 1 - 1073725300 + 2^32,\n// where 2^32 is used to wrap around.\n// Note: we used 1073725300 instead of 1073725440 to avoid possible\n// edge cases.\n// 1 - 1073725300 + 2^32 = 3221241997\n\n// Oops, old kernels happily accept this packet.\n+0 \u003c . 1:1001(1000) ack 3221241997 win 65535\n\n// After the kernel fix the following will be replaced by a challenge ACK,\n// and prior malicious frame would be dropped.\n+0 \u003e . 1:1(0) ack 1001"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-29T10:15:14.186Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57"
},
{
"url": "https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a"
},
{
"url": "https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0"
},
{
"url": "https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a"
},
{
"url": "https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc"
},
{
"url": "https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440"
},
{
"url": "https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757"
},
{
"url": "https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27"
}
],
"title": "tcp: do not accept ACK of bytes we never sent",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52881",
"datePublished": "2024-05-29T10:15:14.186Z",
"dateReserved": "2024-05-21T15:35:00.781Z",
"dateUpdated": "2024-08-15T15:11:03.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36953
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:25:29.061156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:49.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4404465a1bee3607ad90a4c5f9e16dfd75b85728"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17db92da8be5dd3bf63c01f4109fe47db64fc66f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a5b0378ac6776c7c31b18e0f3c1389bd6005e80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f5e866f1a582b00939e23104"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ddb4f372fc63210034b903d96ebbeb3c7195adb"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm64/kvm/vgic/vgic-kvm-device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4404465a1bee",
"status": "affected",
"version": "7d450e282171",
"versionType": "git"
},
{
"lessThan": "17db92da8be5",
"status": "affected",
"version": "7d450e282171",
"versionType": "git"
},
{
"lessThan": "3a5b0378ac67",
"status": "affected",
"version": "7d450e282171",
"versionType": "git"
},
{
"lessThan": "8d6a1c8e3de3",
"status": "affected",
"version": "7d450e282171",
"versionType": "git"
},
{
"lessThan": "01981276d64e",
"status": "affected",
"version": "7d450e282171",
"versionType": "git"
},
{
"lessThan": "6ddb4f372fc6",
"status": "affected",
"version": "7d450e282171",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm64/kvm/vgic/vgic-kvm-device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.7"
},
{
"lessThan": "4.7",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()\n\nvgic_v2_parse_attr() is responsible for finding the vCPU that matches\nthe user-provided CPUID, which (of course) may not be valid. If the ID\nis invalid, kvm_get_vcpu_by_id() returns NULL, which isn\u0027t handled\ngracefully.\n\nSimilar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id()\nactually returns something and fail the ioctl if not."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:48.070Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4404465a1bee3607ad90a4c5f9e16dfd75b85728"
},
{
"url": "https://git.kernel.org/stable/c/17db92da8be5dd3bf63c01f4109fe47db64fc66f"
},
{
"url": "https://git.kernel.org/stable/c/3a5b0378ac6776c7c31b18e0f3c1389bd6005e80"
},
{
"url": "https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f5e866f1a582b00939e23104"
},
{
"url": "https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487"
},
{
"url": "https://git.kernel.org/stable/c/6ddb4f372fc63210034b903d96ebbeb3c7195adb"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36953",
"datePublished": "2024-05-30T15:35:48.070Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2024-08-02T03:43:50.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36903
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
ipv6: Fix potential uninit-value access in __ip6_make_skb()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:50:05.807509Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:08.383Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/68c8ba16ab712eb709c6bab80ff151079d11d97a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2367bf254f3a27ecc6e229afd7a8b0a1395f7be3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4e13d3a9c25b7080f8a619f961e943fe08c2672c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "68c8ba16ab71",
"status": "affected",
"version": "ea30388baebc",
"versionType": "git"
},
{
"lessThan": "2367bf254f3a",
"status": "affected",
"version": "ea30388baebc",
"versionType": "git"
},
{
"lessThan": "4e13d3a9c25b",
"status": "affected",
"version": "ea30388baebc",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: Fix potential uninit-value access in __ip6_make_skb()\n\nAs it was done in commit fc1092f51567 (\"ipv4: Fix uninit-value access in\n__ip_make_skb()\") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6-\u003eflowi6_flags\ninstead of testing HDRINCL on the socket to avoid a race condition which\ncauses uninit-value access."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:04.866Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/68c8ba16ab712eb709c6bab80ff151079d11d97a"
},
{
"url": "https://git.kernel.org/stable/c/2367bf254f3a27ecc6e229afd7a8b0a1395f7be3"
},
{
"url": "https://git.kernel.org/stable/c/4e13d3a9c25b7080f8a619f961e943fe08c2672c"
}
],
"title": "ipv6: Fix potential uninit-value access in __ip6_make_skb()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36903",
"datePublished": "2024-05-30T15:29:04.866Z",
"dateReserved": "2024-05-30T15:25:07.066Z",
"dateUpdated": "2024-08-02T03:43:49.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36947
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
qibfs: fix dentry leak
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T16:31:52.904125Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T16:32:11.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.138Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24dd9b08df718f20ccf2dd1519909fefd8c233ee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd8f78c71defbcb7a9ed331e7f287507df972b00"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/db71ca93259dd1078bcfea3afafde2143cfc2da7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02ee394a5d899d9bd2f0759382e9481cab6166f8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa23317d0268b309bb3f0801ddd0d61813ff5afb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/qib/qib_fs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "24dd9b08df71",
"status": "affected",
"version": "e41d23781859",
"versionType": "git"
},
{
"lessThan": "bd8f78c71def",
"status": "affected",
"version": "e41d23781859",
"versionType": "git"
},
{
"lessThan": "db71ca93259d",
"status": "affected",
"version": "e41d23781859",
"versionType": "git"
},
{
"lessThan": "02ee394a5d89",
"status": "affected",
"version": "e41d23781859",
"versionType": "git"
},
{
"lessThan": "aa23317d0268",
"status": "affected",
"version": "e41d23781859",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/qib/qib_fs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nqibfs: fix dentry leak\n\nsimple_recursive_removal() drops the pinning references to all positives\nin subtree. For the cases when its argument has been kept alive by\nthe pinning alone that\u0027s exactly the right thing to do, but here\nthe argument comes from dcache lookup, that needs to be balanced by\nexplicit dput().\n\nFucked-up-by: Al Viro \u003cviro@zeniv.linux.org.uk\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:44.482Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/24dd9b08df718f20ccf2dd1519909fefd8c233ee"
},
{
"url": "https://git.kernel.org/stable/c/bd8f78c71defbcb7a9ed331e7f287507df972b00"
},
{
"url": "https://git.kernel.org/stable/c/db71ca93259dd1078bcfea3afafde2143cfc2da7"
},
{
"url": "https://git.kernel.org/stable/c/02ee394a5d899d9bd2f0759382e9481cab6166f8"
},
{
"url": "https://git.kernel.org/stable/c/aa23317d0268b309bb3f0801ddd0d61813ff5afb"
}
],
"title": "qibfs: fix dentry leak",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36947",
"datePublished": "2024-05-30T15:35:44.482Z",
"dateReserved": "2024-05-30T15:25:07.079Z",
"dateUpdated": "2024-08-02T03:43:50.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36017
Vulnerability from cvelistv5
Published
2024-05-30 12:52
Modified
2024-08-02 03:30
Severity
Summary
rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T18:50:37.165926Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:50:48.941Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ac69ff2d0d5be9734c4402de932aa3dc8549c1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5e7ef2d88666a0212db8c38e6703864b9ce70169"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c8f44b02500c7d14b5e6618fe4ef9a0da47b3de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f3c1bf3054f96ddeab0621d920445bada769b40e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e4c7193954f4faab92f6e8d88bc5565317b44e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/206003c748b88890a910ef7142d18f77be57550b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a4b9757789a1551d2df130df23bfb3545bfa7e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1aec77b2bb2ed1db0f5efc61c4c1ca3813307489"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/rtnetlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8ac69ff2d0d5",
"status": "affected",
"version": "79aab093a0b5",
"versionType": "git"
},
{
"lessThan": "5e7ef2d88666",
"status": "affected",
"version": "79aab093a0b5",
"versionType": "git"
},
{
"lessThan": "6c8f44b02500",
"status": "affected",
"version": "79aab093a0b5",
"versionType": "git"
},
{
"lessThan": "f3c1bf3054f9",
"status": "affected",
"version": "79aab093a0b5",
"versionType": "git"
},
{
"lessThan": "6e4c7193954f",
"status": "affected",
"version": "79aab093a0b5",
"versionType": "git"
},
{
"lessThan": "206003c748b8",
"status": "affected",
"version": "79aab093a0b5",
"versionType": "git"
},
{
"lessThan": "4a4b9757789a",
"status": "affected",
"version": "79aab093a0b5",
"versionType": "git"
},
{
"lessThan": "1aec77b2bb2e",
"status": "affected",
"version": "79aab093a0b5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/rtnetlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.9"
},
{
"lessThan": "4.9",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation\n\nEach attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a\nstruct ifla_vf_vlan_info so the size of such attribute needs to be at least\nof sizeof(struct ifla_vf_vlan_info) which is 14 bytes.\nThe current size validation in do_setvfinfo is against NLA_HDRLEN (4 bytes)\nwhich is less than sizeof(struct ifla_vf_vlan_info) so this validation\nis not enough and a too small attribute might be cast to a\nstruct ifla_vf_vlan_info, this might result in an out of bands\nread access when accessing the saved (casted) entry in ivvl."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T12:52:03.554Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8ac69ff2d0d5be9734c4402de932aa3dc8549c1a"
},
{
"url": "https://git.kernel.org/stable/c/5e7ef2d88666a0212db8c38e6703864b9ce70169"
},
{
"url": "https://git.kernel.org/stable/c/6c8f44b02500c7d14b5e6618fe4ef9a0da47b3de"
},
{
"url": "https://git.kernel.org/stable/c/f3c1bf3054f96ddeab0621d920445bada769b40e"
},
{
"url": "https://git.kernel.org/stable/c/6e4c7193954f4faab92f6e8d88bc5565317b44e7"
},
{
"url": "https://git.kernel.org/stable/c/206003c748b88890a910ef7142d18f77be57550b"
},
{
"url": "https://git.kernel.org/stable/c/4a4b9757789a1551d2df130df23bfb3545bfa7e8"
},
{
"url": "https://git.kernel.org/stable/c/1aec77b2bb2ed1db0f5efc61c4c1ca3813307489"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36017",
"datePublished": "2024-05-30T12:52:03.554Z",
"dateReserved": "2024-05-17T13:50:33.154Z",
"dateUpdated": "2024-08-02T03:30:12.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36924
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:15:38.409036Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:15:46.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6503c39398506cadda9f4c81695a9655ca5fb4fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e8bf2c05e8ad68e90f9d5889a9e4ef3f6fe00683"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee833d7e62de2b84ed1332d501b67f12e7e5678f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ded20192dff31c91cef2a04f7e20e60e9bb887d3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_els.c",
"drivers/scsi/lpfc/lpfc_hbadisc.c",
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6503c3939850",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "e8bf2c05e8ad",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "ee833d7e62de",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "ded20192dff3",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_els.c",
"drivers/scsi/lpfc/lpfc_hbadisc.c",
"drivers/scsi/lpfc/lpfc_sli.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()\n\nlpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the\nhbalock. Thus, lpfc_worker_wake_up() should not be called while holding the\nhbalock to avoid potential deadlock."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:18.113Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6503c39398506cadda9f4c81695a9655ca5fb4fd"
},
{
"url": "https://git.kernel.org/stable/c/e8bf2c05e8ad68e90f9d5889a9e4ef3f6fe00683"
},
{
"url": "https://git.kernel.org/stable/c/ee833d7e62de2b84ed1332d501b67f12e7e5678f"
},
{
"url": "https://git.kernel.org/stable/c/ded20192dff31c91cef2a04f7e20e60e9bb887d3"
}
],
"title": "scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36924",
"datePublished": "2024-05-30T15:29:18.113Z",
"dateReserved": "2024-05-30T15:25:07.069Z",
"dateUpdated": "2024-08-02T03:43:50.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36029
Vulnerability from cvelistv5
Published
2024-05-30 15:19
Modified
2024-08-02 03:30
Severity
Summary
mmc: sdhci-msm: pervent access to suspended controller
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36029",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:34:39.267848Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:34:47.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1200481cd6069d16ce20133bcd86f5825e26a045"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a957ea5aa3d3518067a1ba32c6127322ad348d20"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56b99a52229d7f8cd1f53d899f57aa7eb4b199af"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f653b04a818c490b045c97834d559911479aa1c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f8def10f73a516b771051a2f70f2f0446902cb4f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mmc/host/sdhci-msm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1200481cd606",
"status": "affected",
"version": "67e6db113c90",
"versionType": "git"
},
{
"lessThan": "a957ea5aa3d3",
"status": "affected",
"version": "67e6db113c90",
"versionType": "git"
},
{
"lessThan": "56b99a52229d",
"status": "affected",
"version": "67e6db113c90",
"versionType": "git"
},
{
"lessThan": "f653b04a818c",
"status": "affected",
"version": "67e6db113c90",
"versionType": "git"
},
{
"lessThan": "f8def10f73a5",
"status": "affected",
"version": "67e6db113c90",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mmc/host/sdhci-msm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.10"
},
{
"lessThan": "4.10",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.158",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.90",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.30",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sdhci-msm: pervent access to suspended controller\n\nGeneric sdhci code registers LED device and uses host-\u003eruntime_suspended\nflag to protect access to it. The sdhci-msm driver doesn\u0027t set this flag,\nwhich causes a crash when LED is accessed while controller is runtime\nsuspended. Fix this by setting the flag correctly."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:19:43.110Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1200481cd6069d16ce20133bcd86f5825e26a045"
},
{
"url": "https://git.kernel.org/stable/c/a957ea5aa3d3518067a1ba32c6127322ad348d20"
},
{
"url": "https://git.kernel.org/stable/c/56b99a52229d7f8cd1f53d899f57aa7eb4b199af"
},
{
"url": "https://git.kernel.org/stable/c/f653b04a818c490b045c97834d559911479aa1c5"
},
{
"url": "https://git.kernel.org/stable/c/f8def10f73a516b771051a2f70f2f0446902cb4f"
}
],
"title": "mmc: sdhci-msm: pervent access to suspended controller",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36029",
"datePublished": "2024-05-30T15:19:43.110Z",
"dateReserved": "2024-05-17T13:50:33.160Z",
"dateUpdated": "2024-08-02T03:30:12.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36910
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
uio_hv_generic: Don't free decrypted memory
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "dabf12bf9943",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6466a0f6d235",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "fe2c58602354",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3d788b2fbe6a",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T15:18:50.996659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:42.590Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dabf12bf994318d939f70d47cfda30e47abb2c54"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6466a0f6d235c8a18c602cb587160d7e49876db9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe2c58602354fbd60680dc42ac3a0b772cda7d23"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3d788b2fbe6a1a1a9e3db09742b90809d51638b7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/uio/uio_hv_generic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "dabf12bf9943",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "6466a0f6d235",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "fe2c58602354",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "3d788b2fbe6a",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/uio/uio_hv_generic.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nuio_hv_generic: Don\u0027t free decrypted memory\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe VMBus device UIO driver could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the gpadl\nto decide whether to free the memory."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:08.902Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/dabf12bf994318d939f70d47cfda30e47abb2c54"
},
{
"url": "https://git.kernel.org/stable/c/6466a0f6d235c8a18c602cb587160d7e49876db9"
},
{
"url": "https://git.kernel.org/stable/c/fe2c58602354fbd60680dc42ac3a0b772cda7d23"
},
{
"url": "https://git.kernel.org/stable/c/3d788b2fbe6a1a1a9e3db09742b90809d51638b7"
}
],
"title": "uio_hv_generic: Don\u0027t free decrypted memory",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36910",
"datePublished": "2024-05-30T15:29:08.902Z",
"dateReserved": "2024-05-30T15:25:07.067Z",
"dateUpdated": "2024-08-02T03:43:50.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36949
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
amd/amdkfd: sync all devices to wait all processes being evicted
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T15:33:14.901395Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T15:33:21.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.068Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6f6626528fe724b512c34f3fb5946c36a135f58"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed28ef3840bbf93a64376ea7814ce39f86352e14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d06af584be5a769d124b7302b32a033e9559761d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b6f6626528fe",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "ed28ef3840bb",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "d06af584be5a",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdkfd/kfd_device.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\namd/amdkfd: sync all devices to wait all processes being evicted\n\nIf there are more than one device doing reset in parallel, the first\ndevice will call kfd_suspend_all_processes() to evict all processes\non all devices, this call takes time to finish. other device will\nstart reset and recover without waiting. if the process has not been\nevicted before doing recover, it will be restored, then caused page\nfault."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:45.679Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b6f6626528fe724b512c34f3fb5946c36a135f58"
},
{
"url": "https://git.kernel.org/stable/c/ed28ef3840bbf93a64376ea7814ce39f86352e14"
},
{
"url": "https://git.kernel.org/stable/c/d06af584be5a769d124b7302b32a033e9559761d"
}
],
"title": "amd/amdkfd: sync all devices to wait all processes being evicted",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36949",
"datePublished": "2024-05-30T15:35:45.679Z",
"dateReserved": "2024-05-30T15:25:07.079Z",
"dateUpdated": "2024-08-02T03:43:50.068Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-52882
Vulnerability from cvelistv5
Published
2024-05-30 15:23
Modified
2024-08-02 23:18
Severity
Summary
clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:18:41.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe11826ffa200e1a7a826e745163cb2f47875f66"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bfc78b4628497eb6df09a6b5bba9dd31616ee175"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1fa9a9816204ac4b118b2e613d3a7c981355019"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/70f64cb29014e4c4f1fabd3265feebd80590d069"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b82eb134d2942ecc669e2ab2be3f0a58d79428a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9708e5081cfc4f085690294163389bcf82655f90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e91ed763dc07437777bd012af7a2bd4493731ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/clk/sunxi-ng/ccu-sun50i-h6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fe11826ffa20",
"status": "affected",
"version": "524353ea480b",
"versionType": "git"
},
{
"lessThan": "bfc78b462849",
"status": "affected",
"version": "524353ea480b",
"versionType": "git"
},
{
"lessThan": "f1fa9a981620",
"status": "affected",
"version": "524353ea480b",
"versionType": "git"
},
{
"lessThan": "70f64cb29014",
"status": "affected",
"version": "524353ea480b",
"versionType": "git"
},
{
"lessThan": "0b82eb134d29",
"status": "affected",
"version": "524353ea480b",
"versionType": "git"
},
{
"lessThan": "9708e5081cfc",
"status": "affected",
"version": "524353ea480b",
"versionType": "git"
},
{
"lessThan": "7e91ed763dc0",
"status": "affected",
"version": "524353ea480b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/clk/sunxi-ng/ccu-sun50i-h6.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.17"
},
{
"lessThan": "4.17",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change\n\nWhile PLL CPUX clock rate change when CPU is running from it works in\nvast majority of cases, now and then it causes instability. This leads\nto system crashes and other undefined behaviour. After a lot of testing\n(30+ hours) while also doing a lot of frequency switches, we can\u0027t\nobserve any instability issues anymore when doing reparenting to stable\nclock like 24 MHz oscillator."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:23:46.242Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fe11826ffa200e1a7a826e745163cb2f47875f66"
},
{
"url": "https://git.kernel.org/stable/c/bfc78b4628497eb6df09a6b5bba9dd31616ee175"
},
{
"url": "https://git.kernel.org/stable/c/f1fa9a9816204ac4b118b2e613d3a7c981355019"
},
{
"url": "https://git.kernel.org/stable/c/70f64cb29014e4c4f1fabd3265feebd80590d069"
},
{
"url": "https://git.kernel.org/stable/c/0b82eb134d2942ecc669e2ab2be3f0a58d79428a"
},
{
"url": "https://git.kernel.org/stable/c/9708e5081cfc4f085690294163389bcf82655f90"
},
{
"url": "https://git.kernel.org/stable/c/7e91ed763dc07437777bd012af7a2bd4493731ff"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52882",
"datePublished": "2024-05-30T15:23:46.242Z",
"dateReserved": "2024-05-21T15:35:00.781Z",
"dateUpdated": "2024-08-02T23:18:41.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36933
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:40:25.095830Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:53.616Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.871Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46134031c20fd313d03b90169d64b2e05ca6b65c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bbccf0caef2fa917d6d0692385a06ce3c262a216"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a4603fbc285752d19e4b415466db18ef3617e4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37ed6f244ec5bda2e90b085084e322ea55d0aaa2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/696d18bb59727a2e0526c0802a812620be1c9340"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29a07f2ee4d273760c2acbfc756e29eccd82470a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b911a9690d72641879ea6d13cce1de31d346d79"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nsh/nsh.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a7c2c3c1caab",
"status": "affected",
"version": "c411ed854584",
"versionType": "git"
},
{
"lessThan": "46134031c20f",
"status": "affected",
"version": "c411ed854584",
"versionType": "git"
},
{
"lessThan": "bbccf0caef2f",
"status": "affected",
"version": "c411ed854584",
"versionType": "git"
},
{
"lessThan": "5a4603fbc285",
"status": "affected",
"version": "c411ed854584",
"versionType": "git"
},
{
"lessThan": "37ed6f244ec5",
"status": "affected",
"version": "c411ed854584",
"versionType": "git"
},
{
"lessThan": "696d18bb5972",
"status": "affected",
"version": "c411ed854584",
"versionType": "git"
},
{
"lessThan": "29a07f2ee4d2",
"status": "affected",
"version": "c411ed854584",
"versionType": "git"
},
{
"lessThan": "4b911a9690d7",
"status": "affected",
"version": "c411ed854584",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nsh/nsh.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.14"
},
{
"lessThan": "4.14",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnsh: Restore skb-\u003e{protocol,data,mac_header} for outer header in nsh_gso_segment().\n\nsyzbot triggered various splats (see [0] and links) by a crafted GSO\npacket of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:\n\n ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP\n\nNSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner\nprotocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls\nskb_mac_gso_segment() to invoke inner protocol GSO handlers.\n\nnsh_gso_segment() does the following for the original skb before\ncalling skb_mac_gso_segment()\n\n 1. reset skb-\u003enetwork_header\n 2. save the original skb-\u003e{mac_heaeder,mac_len} in a local variable\n 3. pull the NSH header\n 4. resets skb-\u003emac_header\n 5. set up skb-\u003emac_len and skb-\u003eprotocol for the inner protocol.\n\nand does the following for the segmented skb\n\n 6. set ntohs(ETH_P_NSH) to skb-\u003eprotocol\n 7. push the NSH header\n 8. restore skb-\u003emac_header\n 9. set skb-\u003emac_header + mac_len to skb-\u003enetwork_header\n 10. restore skb-\u003emac_len\n\nThere are two problems in 6-7 and 8-9.\n\n (a)\n After 6 \u0026 7, skb-\u003edata points to the NSH header, so the outer header\n (ETH_P_8021AD in this case) is stripped when skb is sent out of netdev.\n\n Also, if NSH is encapsulated by NSH + Ethernet (so NSH-Ethernet-NSH),\n skb_pull() in the first nsh_gso_segment() will make skb-\u003edata point\n to the middle of the outer NSH or Ethernet header because the Ethernet\n header is not pulled by the second nsh_gso_segment().\n\n (b)\n While restoring skb-\u003e{mac_header,network_header} in 8 \u0026 9,\n nsh_gso_segment() does not assume that the data in the linear\n buffer is shifted.\n\n However, udp6_ufo_fragment() could shift the data and change\n skb-\u003emac_header accordingly as demonstrated by syzbot.\n\n If this happens, even the restored skb-\u003emac_header points to\n the middle of the outer header.\n\nIt seems nsh_gso_segment() has never worked with outer headers so far.\n\nAt the end of nsh_gso_segment(), the outer header must be restored for\nthe segmented skb, instead of the NSH header.\n\nTo do that, let\u0027s calculate the outer header position relatively from\nthe inner header and set skb-\u003e{data,mac_header,protocol} properly.\n\n[0]:\nBUG: KMSAN: uninit-value in ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\nBUG: KMSAN: uninit-value in ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\nBUG: KMSAN: uninit-value in ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:524 [inline]\n ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline]\n ipvlan_queue_xmit+0xf44/0x16b0 drivers/net/ipvlan/ipvlan_core.c:668\n ipvlan_start_xmit+0x5c/0x1a0 drivers/net/ipvlan/ipvlan_main.c:222\n __netdev_start_xmit include/linux/netdevice.h:4989 [inline]\n netdev_start_xmit include/linux/netdevice.h:5003 [inline]\n xmit_one net/core/dev.c:3547 [inline]\n dev_hard_start_xmit+0x244/0xa10 net/core/dev.c:3563\n __dev_queue_xmit+0x33ed/0x51c0 net/core/dev.c:4351\n dev_queue_xmit include/linux/netdevice.h:3171 [inline]\n packet_xmit+0x9c/0x6b0 net/packet/af_packet.c:276\n packet_snd net/packet/af_packet.c:3081 [inline]\n packet_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg net/socket.c:745 [inline]\n __sys_sendto+0x735/0xa10 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3819 [inline]\n slab_alloc_node mm/slub.c:3860 [inline]\n __do_kmalloc_node mm/slub.c:3980 [inline]\n __kmalloc_node_track_caller+0x705/0x1000 mm/slub.c:4001\n kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582\n __\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:23.764Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a7c2c3c1caabcb4a3d6c47284c397507aaf54fe9"
},
{
"url": "https://git.kernel.org/stable/c/46134031c20fd313d03b90169d64b2e05ca6b65c"
},
{
"url": "https://git.kernel.org/stable/c/bbccf0caef2fa917d6d0692385a06ce3c262a216"
},
{
"url": "https://git.kernel.org/stable/c/5a4603fbc285752d19e4b415466db18ef3617e4a"
},
{
"url": "https://git.kernel.org/stable/c/37ed6f244ec5bda2e90b085084e322ea55d0aaa2"
},
{
"url": "https://git.kernel.org/stable/c/696d18bb59727a2e0526c0802a812620be1c9340"
},
{
"url": "https://git.kernel.org/stable/c/29a07f2ee4d273760c2acbfc756e29eccd82470a"
},
{
"url": "https://git.kernel.org/stable/c/4b911a9690d72641879ea6d13cce1de31d346d79"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "nsh: Restore skb-\u003e{protocol,data,mac_header} for outer header in nsh_gso_segment().",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36933",
"datePublished": "2024-05-30T15:29:23.764Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2024-08-02T03:43:49.871Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36880
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2024-08-02 03:43
Severity
Summary
Bluetooth: qca: add missing firmware sanity checks
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36880",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T16:40:42.596232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:41.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed53949cc92e28aaa3463d246942bda1fbb7f307"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1caceadfb50432dbf6d808796cb6c34ebb6d662c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/427281f9498ed614f9aabc80e46ec077c487da6d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02f05ed44b71152d5e11d29be28aed91c0489b4e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e4edfa1e2bd821a317e7d006517dcf2f3fac68d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/btqca.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ed53949cc92e",
"status": "affected",
"version": "83e81961ff7e",
"versionType": "git"
},
{
"lessThan": "1caceadfb504",
"status": "affected",
"version": "83e81961ff7e",
"versionType": "git"
},
{
"lessThan": "427281f9498e",
"status": "affected",
"version": "83e81961ff7e",
"versionType": "git"
},
{
"lessThan": "02f05ed44b71",
"status": "affected",
"version": "83e81961ff7e",
"versionType": "git"
},
{
"lessThan": "2e4edfa1e2bd",
"status": "affected",
"version": "83e81961ff7e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/btqca.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.3"
},
{
"lessThan": "4.3",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: add missing firmware sanity checks\n\nAdd the missing sanity checks when parsing the firmware files before\ndownloading them to avoid accessing and corrupting memory beyond the\nvmalloced buffer."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:28:51.518Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ed53949cc92e28aaa3463d246942bda1fbb7f307"
},
{
"url": "https://git.kernel.org/stable/c/1caceadfb50432dbf6d808796cb6c34ebb6d662c"
},
{
"url": "https://git.kernel.org/stable/c/427281f9498ed614f9aabc80e46ec077c487da6d"
},
{
"url": "https://git.kernel.org/stable/c/02f05ed44b71152d5e11d29be28aed91c0489b4e"
},
{
"url": "https://git.kernel.org/stable/c/2e4edfa1e2bd821a317e7d006517dcf2f3fac68d"
}
],
"title": "Bluetooth: qca: add missing firmware sanity checks",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36880",
"datePublished": "2024-05-30T15:28:51.518Z",
"dateReserved": "2024-05-30T15:25:07.064Z",
"dateUpdated": "2024-08-02T03:43:49.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36883
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2024-08-02 03:43
Severity
Summary
net: fix out-of-bounds access in ops_init
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36883",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:28:57.397023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:29:08.414Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3cdc34d76c4f777579e28ad373979d36c030cfd3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7b0e64583eab8c1d896b47e5dd0bf2e7d86ec41f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c3248bc708a7797be573214065cf908ff1f54c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9518b79bfd2fbf99fa9b7e8e36bcb1825e7ba030"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2d60ff5874aefd006717ca5e22ac1e25eac29c42"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b6dbfd5bcc267a95a0bf1bf96af46243f96ec6cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f4f94587e1bf87cb40ec33955a9d90148dd026ab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a26ff37e624d12e28077e5b24d2b264f62764ad6"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/net_namespace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3cdc34d76c4f",
"status": "affected",
"version": "073862ba5d24",
"versionType": "git"
},
{
"lessThan": "7b0e64583eab",
"status": "affected",
"version": "073862ba5d24",
"versionType": "git"
},
{
"lessThan": "0c3248bc708a",
"status": "affected",
"version": "073862ba5d24",
"versionType": "git"
},
{
"lessThan": "9518b79bfd2f",
"status": "affected",
"version": "073862ba5d24",
"versionType": "git"
},
{
"lessThan": "2d60ff5874ae",
"status": "affected",
"version": "073862ba5d24",
"versionType": "git"
},
{
"lessThan": "b6dbfd5bcc26",
"status": "affected",
"version": "073862ba5d24",
"versionType": "git"
},
{
"lessThan": "f4f94587e1bf",
"status": "affected",
"version": "073862ba5d24",
"versionType": "git"
},
{
"lessThan": "a26ff37e624d",
"status": "affected",
"version": "073862ba5d24",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/net_namespace.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"lessThan": "3.3",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix out-of-bounds access in ops_init\n\nnet_alloc_generic is called by net_alloc, which is called without any\nlocking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It\nis read twice, first to allocate an array, then to set s.len, which is\nlater used to limit the bounds of the array access.\n\nIt is possible that the array is allocated and another thread is\nregistering a new pernet ops, increments max_gen_ptrs, which is then used\nto set s.len with a larger than allocated length for the variable array.\n\nFix it by reading max_gen_ptrs only once in net_alloc_generic. If\nmax_gen_ptrs is later incremented, it will be caught in net_assign_generic."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:28:53.302Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3cdc34d76c4f777579e28ad373979d36c030cfd3"
},
{
"url": "https://git.kernel.org/stable/c/7b0e64583eab8c1d896b47e5dd0bf2e7d86ec41f"
},
{
"url": "https://git.kernel.org/stable/c/0c3248bc708a7797be573214065cf908ff1f54c7"
},
{
"url": "https://git.kernel.org/stable/c/9518b79bfd2fbf99fa9b7e8e36bcb1825e7ba030"
},
{
"url": "https://git.kernel.org/stable/c/2d60ff5874aefd006717ca5e22ac1e25eac29c42"
},
{
"url": "https://git.kernel.org/stable/c/b6dbfd5bcc267a95a0bf1bf96af46243f96ec6cd"
},
{
"url": "https://git.kernel.org/stable/c/f4f94587e1bf87cb40ec33955a9d90148dd026ab"
},
{
"url": "https://git.kernel.org/stable/c/a26ff37e624d12e28077e5b24d2b264f62764ad6"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "net: fix out-of-bounds access in ops_init",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36883",
"datePublished": "2024-05-30T15:28:53.302Z",
"dateReserved": "2024-05-30T15:25:07.064Z",
"dateUpdated": "2024-08-02T03:43:50.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36948
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
drm/xe/xe_migrate: Cast to output precision before multiplying operands
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e23a904dfeb5a9e3d4ec527a365e962478cccf05"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9cb46b31f3d08ed3fce86349e8c12f96d7c88717"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/xe/xe_migrate.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e23a904dfeb5",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "9cb46b31f3d0",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/xe/xe_migrate.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/xe_migrate: Cast to output precision before multiplying operands\n\nAddressing potential overflow in result of multiplication of two lower\nprecision (u32) operands before widening it to higher precision\n(u64).\n\n-v2\nFix commit message and description. (Rodrigo)\n\n(cherry picked from commit 34820967ae7b45411f8f4f737c2d63b0c608e0d7)"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:45.082Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e23a904dfeb5a9e3d4ec527a365e962478cccf05"
},
{
"url": "https://git.kernel.org/stable/c/9cb46b31f3d08ed3fce86349e8c12f96d7c88717"
}
],
"title": "drm/xe/xe_migrate: Cast to output precision before multiplying operands",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36948",
"datePublished": "2024-05-30T15:35:45.082Z",
"dateReserved": "2024-05-30T15:25:07.079Z",
"dateUpdated": "2024-08-02T03:43:50.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36914
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
drm/amd/display: Skip on writeback when it's not applicable
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:45:36.952476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:03.591Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/951a498fa993c5501994ec2df97c9297b02488c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e9baa7110e9f3756bd5a812af376c288d9be894d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ecedd99a9369fb5cde601ae9abd58bca2739f1ae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "951a498fa993",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "e9baa7110e9f",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "ecedd99a9369",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip on writeback when it\u0027s not applicable\n\n[WHY]\ndynamic memory safety error detector (KASAN) catches and generates error\nmessages \"BUG: KASAN: slab-out-of-bounds\" as writeback connector does not\nsupport certain features which are not initialized.\n\n[HOW]\nSkip them when connector type is DRM_MODE_CONNECTOR_WRITEBACK."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:11.581Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/951a498fa993c5501994ec2df97c9297b02488c7"
},
{
"url": "https://git.kernel.org/stable/c/e9baa7110e9f3756bd5a812af376c288d9be894d"
},
{
"url": "https://git.kernel.org/stable/c/ecedd99a9369fb5cde601ae9abd58bca2739f1ae"
}
],
"title": "drm/amd/display: Skip on writeback when it\u0027s not applicable",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36914",
"datePublished": "2024-05-30T15:29:11.581Z",
"dateReserved": "2024-05-30T15:25:07.068Z",
"dateUpdated": "2024-08-02T03:43:50.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36920
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
scsi: mpi3mr: Avoid memcpy field-spanning write WARNING
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T18:22:06.427418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:22:15.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f0266044dc611563539705bff0b3e1545fbb6aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f09318244c6cafd10aca741b9c01e0a2c362d43a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4d2772324f43cf5674ac3dbe3f74a7e656396716"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/429846b4b6ce9853e0d803a2357bb2e55083adf0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/mpi3mr/mpi3mr_app.c",
"include/uapi/scsi/scsi_bsg_mpi3mr.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5f0266044dc6",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "f09318244c6c",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "4d2772324f43",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "429846b4b6ce",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/mpi3mr/mpi3mr_app.c",
"include/uapi/scsi/scsi_bsg_mpi3mr.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: mpi3mr: Avoid memcpy field-spanning write WARNING\n\nWhen the \"storcli2 show\" command is executed for eHBA-9600, mpi3mr driver\nprints this WARNING message:\n\n memcpy: detected field-spanning write (size 128) of single field \"bsg_reply_buf-\u003ereply_buf\" at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 (size 1)\n WARNING: CPU: 0 PID: 12760 at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 mpi3mr_bsg_request+0x6b12/0x7f10 [mpi3mr]\n\nThe cause of the WARN is 128 bytes memcpy to the 1 byte size array \"__u8\nreplay_buf[1]\" in the struct mpi3mr_bsg_in_reply_buf. The array is intended\nto be a flexible length array, so the WARN is a false positive.\n\nTo suppress the WARN, remove the constant number \u00271\u0027 from the array\ndeclaration and clarify that it has flexible length. Also, adjust the\nmemory allocation size to match the change."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:15.121Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5f0266044dc611563539705bff0b3e1545fbb6aa"
},
{
"url": "https://git.kernel.org/stable/c/f09318244c6cafd10aca741b9c01e0a2c362d43a"
},
{
"url": "https://git.kernel.org/stable/c/4d2772324f43cf5674ac3dbe3f74a7e656396716"
},
{
"url": "https://git.kernel.org/stable/c/429846b4b6ce9853e0d803a2357bb2e55083adf0"
}
],
"title": "scsi: mpi3mr: Avoid memcpy field-spanning write WARNING",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36920",
"datePublished": "2024-05-30T15:29:15.121Z",
"dateReserved": "2024-05-30T15:25:07.068Z",
"dateUpdated": "2024-08-02T03:43:49.112Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36028
Vulnerability from cvelistv5
Published
2024-05-30 15:19
Modified
2024-08-02 03:30
Severity
Summary
mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:13.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2effe407f7563add41750fd7e03da4ea44b98099"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e0a322877416e8c648819a8e441cf8c790b2cce"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9c9b32d46afab2d911897914181c488954012300"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52ccdde16b6540abe43b6f8d8e1e1ec90b0983af"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/hugetlb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2effe407f756",
"status": "affected",
"version": "1b4ce2952b4f",
"versionType": "git"
},
{
"lessThan": "7e0a32287741",
"status": "affected",
"version": "32c877191e02",
"versionType": "git"
},
{
"lessThan": "9c9b32d46afa",
"status": "affected",
"version": "32c877191e02",
"versionType": "git"
},
{
"lessThan": "52ccdde16b65",
"status": "affected",
"version": "32c877191e02",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/hugetlb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()\n\nWhen I did memory failure tests recently, below warning occurs:\n\nDEBUG_LOCKS_WARN_ON(1)\nWARNING: CPU: 8 PID: 1011 at kernel/locking/lockdep.c:232 __lock_acquire+0xccb/0x1ca0\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\nFS: 00007ff9f32aa740(0000) GS:ffffa1ce5fc00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff9f3134ba0 CR3: 00000008484e4000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n \u003c/TASK\u003e\nKernel panic - not syncing: kernel: panic_on_warn set ...\nCPU: 8 PID: 1011 Comm: bash Kdump: loaded Not tainted 6.9.0-rc3-next-20240410-00012-gdb69f219f4be #3\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.14.0-0-g155821a1990b-prebuilt.qemu.org 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n panic+0x326/0x350\n check_panic_on_warn+0x4f/0x50\n __warn+0x98/0x190\n report_bug+0x18e/0x1a0\n handle_bug+0x3d/0x70\n exc_invalid_op+0x18/0x70\n asm_exc_invalid_op+0x1a/0x20\nRIP: 0010:__lock_acquire+0xccb/0x1ca0\nRSP: 0018:ffffa7a1c7fe3bd0 EFLAGS: 00000082\nRAX: 0000000000000000 RBX: eb851eb853975fcf RCX: ffffa1ce5fc1c9c8\nRDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffffa1ce5fc1c9c0\nRBP: ffffa1c6865d3280 R08: ffffffffb0f570a8 R09: 0000000000009ffb\nR10: 0000000000000286 R11: ffffffffb0f2ad50 R12: ffffa1c6865d3d10\nR13: ffffa1c6865d3c70 R14: 0000000000000000 R15: 0000000000000004\n lock_acquire+0xbe/0x2d0\n _raw_spin_lock_irqsave+0x3a/0x60\n hugepage_subpool_put_pages.part.0+0xe/0xc0\n free_huge_folio+0x253/0x3f0\n dissolve_free_huge_page+0x147/0x210\n __page_handle_poison+0x9/0x70\n memory_failure+0x4e6/0x8c0\n hard_offline_page_store+0x55/0xa0\n kernfs_fop_write_iter+0x12c/0x1d0\n vfs_write+0x380/0x540\n ksys_write+0x64/0xe0\n do_syscall_64+0xbc/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff9f3114887\nRSP: 002b:00007ffecbacb458 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007ff9f3114887\nRDX: 000000000000000c RSI: 0000564494164e10 RDI: 0000000000000001\nRBP: 0000564494164e10 R08: 00007ff9f31d1460 R09: 000000007fffffff\nR10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000c\nR13: 00007ff9f321b780 R14: 00007ff9f3217600 R15: 00007ff9f3216a00\n \u003c/TASK\u003e\n\nAfter git bisecting and digging into the code, I believe the root cause is\nthat _deferred_list field of folio is unioned with _hugetlb_subpool field.\nIn __update_and_free_hugetlb_folio(), folio-\u003e_deferred_\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:19:42.538Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2effe407f7563add41750fd7e03da4ea44b98099"
},
{
"url": "https://git.kernel.org/stable/c/7e0a322877416e8c648819a8e441cf8c790b2cce"
},
{
"url": "https://git.kernel.org/stable/c/9c9b32d46afab2d911897914181c488954012300"
},
{
"url": "https://git.kernel.org/stable/c/52ccdde16b6540abe43b6f8d8e1e1ec90b0983af"
}
],
"title": "mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36028",
"datePublished": "2024-05-30T15:19:42.538Z",
"dateReserved": "2024-05-17T13:50:33.159Z",
"dateUpdated": "2024-08-02T03:30:13.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36885
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2024-08-02 03:43
Severity
Summary
drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36885",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:54:24.717999Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:04.868Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a88c18da464db0ba8ea25196d0a06490f65322e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e05af009302893f39b072811a68fa4a196284c75"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/nvkm/core/firmware.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1a88c18da464",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "e05af0093028",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "52a6947bf576",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/nvkm/core/firmware.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()\n\nCurrently, enabling SG_DEBUG in the kernel will cause nouveau to hit a\nBUG() on startup:\n\n kernel BUG at include/linux/scatterlist.h:187!\n invalid opcode: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 7 PID: 930 Comm: (udev-worker) Not tainted 6.9.0-rc3Lyude-Test+ #30\n Hardware name: MSI MS-7A39/A320M GAMING PRO (MS-7A39), BIOS 1.I0 01/22/2019\n RIP: 0010:sg_init_one+0x85/0xa0\n Code: 69 88 32 01 83 e1 03 f6 c3 03 75 20 a8 01 75 1e 48 09 cb 41 89 54\n 24 08 49 89 1c 24 41 89 6c 24 0c 5b 5d 41 5c e9 7b b9 88 00 \u003c0f\u003e 0b 0f 0b\n 0f 0b 48 8b 05 5e 46 9a 01 eb b2 66 66 2e 0f 1f 84 00\n RSP: 0018:ffffa776017bf6a0 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffffa77600d87000 RCX: 000000000000002b\n RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffa77680d87000\n RBP: 000000000000e000 R08: 0000000000000000 R09: 0000000000000000\n R10: ffff98f4c46aa508 R11: 0000000000000000 R12: ffff98f4c46aa508\n R13: ffff98f4c46aa008 R14: ffffa77600d4a000 R15: ffffa77600d4a018\n FS: 00007feeb5aae980(0000) GS:ffff98f5c4dc0000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007f22cb9a4520 CR3: 00000001043ba000 CR4: 00000000003506f0\n Call Trace:\n \u003cTASK\u003e\n ? die+0x36/0x90\n ? do_trap+0xdd/0x100\n ? sg_init_one+0x85/0xa0\n ? do_error_trap+0x65/0x80\n ? sg_init_one+0x85/0xa0\n ? exc_invalid_op+0x50/0x70\n ? sg_init_one+0x85/0xa0\n ? asm_exc_invalid_op+0x1a/0x20\n ? sg_init_one+0x85/0xa0\n nvkm_firmware_ctor+0x14a/0x250 [nouveau]\n nvkm_falcon_fw_ctor+0x42/0x70 [nouveau]\n ga102_gsp_booter_ctor+0xb4/0x1a0 [nouveau]\n r535_gsp_oneinit+0xb3/0x15f0 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? nvkm_udevice_new+0x95/0x140 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? srso_return_thunk+0x5/0x5f\n ? ktime_get+0x47/0xb0\n ? srso_return_thunk+0x5/0x5f\n nvkm_subdev_oneinit_+0x4f/0x120 [nouveau]\n nvkm_subdev_init_+0x39/0x140 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n nvkm_subdev_init+0x44/0x90 [nouveau]\n nvkm_device_init+0x166/0x2e0 [nouveau]\n nvkm_udevice_init+0x47/0x70 [nouveau]\n nvkm_object_init+0x41/0x1c0 [nouveau]\n nvkm_ioctl_new+0x16a/0x290 [nouveau]\n ? __pfx_nvkm_client_child_new+0x10/0x10 [nouveau]\n ? __pfx_nvkm_udevice_new+0x10/0x10 [nouveau]\n nvkm_ioctl+0x126/0x290 [nouveau]\n nvif_object_ctor+0x112/0x190 [nouveau]\n nvif_device_ctor+0x23/0x60 [nouveau]\n nouveau_cli_init+0x164/0x640 [nouveau]\n nouveau_drm_device_init+0x97/0x9e0 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n ? pci_update_current_state+0x72/0xb0\n ? srso_return_thunk+0x5/0x5f\n nouveau_drm_probe+0x12c/0x280 [nouveau]\n ? srso_return_thunk+0x5/0x5f\n local_pci_probe+0x45/0xa0\n pci_device_probe+0xc7/0x270\n really_probe+0xe6/0x3a0\n __driver_probe_device+0x87/0x160\n driver_probe_device+0x1f/0xc0\n __driver_attach+0xec/0x1f0\n ? __pfx___driver_attach+0x10/0x10\n bus_for_each_dev+0x88/0xd0\n bus_add_driver+0x116/0x220\n driver_register+0x59/0x100\n ? __pfx_nouveau_drm_init+0x10/0x10 [nouveau]\n do_one_initcall+0x5b/0x320\n do_init_module+0x60/0x250\n init_module_from_file+0x86/0xc0\n idempotent_init_module+0x120/0x2b0\n __x64_sys_finit_module+0x5e/0xb0\n do_syscall_64+0x83/0x160\n ? srso_return_thunk+0x5/0x5f\n entry_SYSCALL_64_after_hwframe+0x71/0x79\n RIP: 0033:0x7feeb5cc20cd\n Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89\n f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0\n ff ff 73 01 c3 48 8b 0d 1b cd 0c 00 f7 d8 64 89 01 48\n RSP: 002b:00007ffcf220b2c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139\n RAX: ffffffffffffffda RBX: 000055fdd2916aa0 RCX: 00007feeb5cc20cd\n RDX: 0000000000000000 RSI: 000055fdd29161e0 RDI: 0000000000000035\n RBP: 00007ffcf220b380 R08: 00007feeb5d8fb20 R09: 00007ffcf220b310\n R10: 000055fdd2909dc0 R11: 0000000000000246 R12: 000055\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:28:54.475Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1a88c18da464db0ba8ea25196d0a06490f65322e"
},
{
"url": "https://git.kernel.org/stable/c/e05af009302893f39b072811a68fa4a196284c75"
},
{
"url": "https://git.kernel.org/stable/c/52a6947bf576b97ff8e14bb0a31c5eaf2d0d96e2"
}
],
"title": "drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36885",
"datePublished": "2024-05-30T15:28:54.475Z",
"dateReserved": "2024-05-30T15:25:07.065Z",
"dateUpdated": "2024-08-02T03:43:50.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36900
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
net: hns3: fix kernel crash when devlink reload during initialization
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:33:50.003073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T18:33:58.260Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/72ede790f5a03c3957487400a1b72ebce293a2e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5c623fe0534806b627054da09b6f51b7b2f7b9cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c98bc78ce0909ccc92005e2cb6609ec6c7942f69"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35d92abfbad88cf947c010baf34b075e40566095"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c",
"drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "72ede790f5a0",
"status": "affected",
"version": "cd6242991d2e",
"versionType": "git"
},
{
"lessThan": "5c623fe05348",
"status": "affected",
"version": "cd6242991d2e",
"versionType": "git"
},
{
"lessThan": "c98bc78ce090",
"status": "affected",
"version": "cd6242991d2e",
"versionType": "git"
},
{
"lessThan": "35d92abfbad8",
"status": "affected",
"version": "cd6242991d2e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c",
"drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when devlink reload during initialization\n\nThe devlink reload process will access the hardware resources,\nbut the register operation is done before the hardware is initialized.\nSo, processing the devlink reload during initialization may lead to kernel\ncrash.\n\nThis patch fixes this by registering the devlink after\nhardware initialization."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:03.158Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/72ede790f5a03c3957487400a1b72ebce293a2e7"
},
{
"url": "https://git.kernel.org/stable/c/5c623fe0534806b627054da09b6f51b7b2f7b9cd"
},
{
"url": "https://git.kernel.org/stable/c/c98bc78ce0909ccc92005e2cb6609ec6c7942f69"
},
{
"url": "https://git.kernel.org/stable/c/35d92abfbad88cf947c010baf34b075e40566095"
}
],
"title": "net: hns3: fix kernel crash when devlink reload during initialization",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36900",
"datePublished": "2024-05-30T15:29:03.158Z",
"dateReserved": "2024-05-30T15:25:07.066Z",
"dateUpdated": "2024-08-02T03:43:50.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36959
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06780473cb8a858d1d6cab2673e021b072a852d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47d253c485491caaf70d8cd8c0248ae26e42581f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35ab679e8bb5a81a4f922d3efbd43e32bce69274"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76aa2440deb9a35507590f2c981a69a57ecd305d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/518d5ddafeb084d6d9b1773ed85164300037d0e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/026e24cf31733dbd97f41cc9bc5273ace428eeec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c7e02ccc9fdc496fe51e440e3e66ac36509ca049"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0cedbcc8852d6c77b00634b81e41f17f29d9404"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/devicetree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "06780473cb8a",
"status": "affected",
"version": "a988dcd3dd9e",
"versionType": "git"
},
{
"lessThan": "47d253c48549",
"status": "affected",
"version": "040f726fecd8",
"versionType": "git"
},
{
"lessThan": "35ab679e8bb5",
"status": "affected",
"version": "777430aa4ddc",
"versionType": "git"
},
{
"lessThan": "76aa2440deb9",
"status": "affected",
"version": "97e5b508e961",
"versionType": "git"
},
{
"lessThan": "518d5ddafeb0",
"status": "affected",
"version": "91d5c5060ee2",
"versionType": "git"
},
{
"lessThan": "026e24cf3173",
"status": "affected",
"version": "91d5c5060ee2",
"versionType": "git"
},
{
"lessThan": "c7e02ccc9fdc",
"status": "affected",
"version": "91d5c5060ee2",
"versionType": "git"
},
{
"lessThan": "a0cedbcc8852",
"status": "affected",
"version": "91d5c5060ee2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/devicetree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()\n\nIf we fail to allocate propname buffer, we need to drop the reference\ncount we just took. Because the pinctrl_dt_free_maps() includes the\ndroping operation, here we call it directly."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:51.624Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/06780473cb8a858d1d6cab2673e021b072a852d1"
},
{
"url": "https://git.kernel.org/stable/c/47d253c485491caaf70d8cd8c0248ae26e42581f"
},
{
"url": "https://git.kernel.org/stable/c/35ab679e8bb5a81a4f922d3efbd43e32bce69274"
},
{
"url": "https://git.kernel.org/stable/c/76aa2440deb9a35507590f2c981a69a57ecd305d"
},
{
"url": "https://git.kernel.org/stable/c/518d5ddafeb084d6d9b1773ed85164300037d0e6"
},
{
"url": "https://git.kernel.org/stable/c/026e24cf31733dbd97f41cc9bc5273ace428eeec"
},
{
"url": "https://git.kernel.org/stable/c/c7e02ccc9fdc496fe51e440e3e66ac36509ca049"
},
{
"url": "https://git.kernel.org/stable/c/a0cedbcc8852d6c77b00634b81e41f17f29d9404"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36959",
"datePublished": "2024-05-30T15:35:51.624Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2024-08-02T03:43:50.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36032
Vulnerability from cvelistv5
Published
2024-05-30 15:23
Modified
2024-08-02 03:30
Severity
Summary
Bluetooth: qca: fix info leak when fetching fw build id
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36032",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:33:16.549121Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:45.608Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62d5550ab62042dcceaf18844d0feadbb962cffe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57062aa13e87b1a78a4a8f6cb5fab6ba24f5f488"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6b63e0ef4d3ce0080395e5091fba2023f246c45a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a571044cc0a0c944e7c12237b6768aeedd7480e1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cda0d6a198e2a7ec6f176c36173a57bdd8af7af2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/btqca.c",
"drivers/bluetooth/btqca.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "62d5550ab620",
"status": "affected",
"version": "c0187b0bd3e9",
"versionType": "git"
},
{
"lessThan": "57062aa13e87",
"status": "affected",
"version": "c0187b0bd3e9",
"versionType": "git"
},
{
"lessThan": "6b63e0ef4d3c",
"status": "affected",
"version": "c0187b0bd3e9",
"versionType": "git"
},
{
"lessThan": "a571044cc0a0",
"status": "affected",
"version": "c0187b0bd3e9",
"versionType": "git"
},
{
"lessThan": "cda0d6a198e2",
"status": "affected",
"version": "c0187b0bd3e9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/btqca.c",
"drivers/bluetooth/btqca.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: fix info leak when fetching fw build id\n\nAdd the missing sanity checks and move the 255-byte build-id buffer off\nthe stack to avoid leaking stack data through debugfs in case the\nbuild-info reply is malformed."
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T07:51:27.815Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/62d5550ab62042dcceaf18844d0feadbb962cffe"
},
{
"url": "https://git.kernel.org/stable/c/57062aa13e87b1a78a4a8f6cb5fab6ba24f5f488"
},
{
"url": "https://git.kernel.org/stable/c/6b63e0ef4d3ce0080395e5091fba2023f246c45a"
},
{
"url": "https://git.kernel.org/stable/c/a571044cc0a0c944e7c12237b6768aeedd7480e1"
},
{
"url": "https://git.kernel.org/stable/c/cda0d6a198e2a7ec6f176c36173a57bdd8af7af2"
}
],
"title": "Bluetooth: qca: fix info leak when fetching fw build id",
"x_generator": {
"engine": "bippy-7d53e8ef8be4"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36032",
"datePublished": "2024-05-30T15:23:47.423Z",
"dateReserved": "2024-05-17T13:50:33.160Z",
"dateUpdated": "2024-08-02T03:30:12.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36955
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "bd2d9641a39e",
"status": "affected",
"version": "08c2a4bc9f2a",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "722d33c442e6",
"status": "affected",
"version": "08c2a4bc9f2a",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "7db626d2730d",
"status": "affected",
"version": "08c2a4bc9f2a",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "7ef6ecf98ce3",
"status": "affected",
"version": "08c2a4bc9f2a",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "c158cf914713",
"status": "affected",
"version": "08c2a4bc9f2a",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.16",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.9",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:5.12:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.12"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T14:29:10.671529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:37:57.002Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd2d9641a39e6b5244230c4b41c4aca83b54b377"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/722d33c442e66e4aabd3e778958d696ff3a2777e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7db626d2730d3d80fd31638169054b1e507f07bf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7ef6ecf98ce309b1f4e5a25cddd5965d01feea07"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c158cf914713efc3bcdc25680c7156c48c12ef6a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/hda/intel-sdw-acpi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bd2d9641a39e",
"status": "affected",
"version": "08c2a4bc9f2a",
"versionType": "git"
},
{
"lessThan": "722d33c442e6",
"status": "affected",
"version": "08c2a4bc9f2a",
"versionType": "git"
},
{
"lessThan": "7db626d2730d",
"status": "affected",
"version": "08c2a4bc9f2a",
"versionType": "git"
},
{
"lessThan": "7ef6ecf98ce3",
"status": "affected",
"version": "08c2a4bc9f2a",
"versionType": "git"
},
{
"lessThan": "c158cf914713",
"status": "affected",
"version": "08c2a4bc9f2a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/hda/intel-sdw-acpi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()\n\nThe documentation for device_get_named_child_node() mentions this\nimportant point:\n\n\"\nThe caller is responsible for calling fwnode_handle_put() on the\nreturned fwnode pointer.\n\"\n\nAdd fwnode_handle_put() to avoid a leaked reference."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:49.256Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bd2d9641a39e6b5244230c4b41c4aca83b54b377"
},
{
"url": "https://git.kernel.org/stable/c/722d33c442e66e4aabd3e778958d696ff3a2777e"
},
{
"url": "https://git.kernel.org/stable/c/7db626d2730d3d80fd31638169054b1e507f07bf"
},
{
"url": "https://git.kernel.org/stable/c/7ef6ecf98ce309b1f4e5a25cddd5965d01feea07"
},
{
"url": "https://git.kernel.org/stable/c/c158cf914713efc3bcdc25680c7156c48c12ef6a"
}
],
"title": "ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36955",
"datePublished": "2024-05-30T15:35:49.256Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2024-08-02T03:43:50.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36954
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
tipc: fix a possible memleak in tipc_buf_append
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.499Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "01cd1b7b6857",
"status": "affected",
"version": "4b1761898861",
"versionType": "git"
},
{
"lessThan": "2f87fd9476cf",
"status": "affected",
"version": "64d17ec9f1de",
"versionType": "git"
},
{
"lessThan": "adbce6d20da6",
"status": "affected",
"version": "6da24cfc83ba",
"versionType": "git"
},
{
"lessThan": "42c8471b0566",
"status": "affected",
"version": "b7df21cf1b79",
"versionType": "git"
},
{
"lessThan": "d03a82f4f814",
"status": "affected",
"version": "b7df21cf1b79",
"versionType": "git"
},
{
"lessThan": "614c5a5ae45a",
"status": "affected",
"version": "b7df21cf1b79",
"versionType": "git"
},
{
"lessThan": "3210d34fda4c",
"status": "affected",
"version": "b7df21cf1b79",
"versionType": "git"
},
{
"lessThan": "97bf6f81b29a",
"status": "affected",
"version": "b7df21cf1b79",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix a possible memleak in tipc_buf_append\n\n__skb_linearize() doesn\u0027t free the skb when it fails, so move\n\u0027*buf = NULL\u0027 after __skb_linearize(), so that the skb can be\nfreed on the err path."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:48.665Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6"
},
{
"url": "https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae"
},
{
"url": "https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd"
},
{
"url": "https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c"
},
{
"url": "https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e"
},
{
"url": "https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574"
},
{
"url": "https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565"
},
{
"url": "https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "tipc: fix a possible memleak in tipc_buf_append",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36954",
"datePublished": "2024-05-30T15:35:48.665Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2024-08-02T03:43:50.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36932
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
thermal/debugfs: Prevent use-after-free from occurring after cdev removal
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "c1279dee3336",
"status": "affected",
"version": "755113d76786",
"versionType": "custom"
},
{
"lessThan": "d351eb0ab04c",
"status": "affected",
"version": "755113d76786",
"versionType": "custom"
},
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.8.10"
},
{
"status": "unaffected",
"version": "6.9"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36932",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T14:04:33.823483Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T14:06:48.074Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c1279dee33369e2525f532364bb87207d23b9481"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d351eb0ab04c3e8109895fc33250cebbce9c11da"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/thermal/thermal_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c1279dee3336",
"status": "affected",
"version": "755113d76786",
"versionType": "git"
},
{
"lessThan": "d351eb0ab04c",
"status": "affected",
"version": "755113d76786",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/thermal/thermal_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/debugfs: Prevent use-after-free from occurring after cdev removal\n\nSince thermal_debug_cdev_remove() does not run under cdev-\u003elock, it can\nrun in parallel with thermal_debug_cdev_state_update() and it may free\nthe struct thermal_debugfs object used by the latter after it has been\nchecked against NULL.\n\nIf that happens, thermal_debug_cdev_state_update() will access memory\nthat has been freed already causing the kernel to crash.\n\nAddress this by using cdev-\u003elock in thermal_debug_cdev_remove() around\nthe cdev-\u003edebugfs value check (in case the same cdev is removed at the\nsame time in two different threads) and its reset to NULL.\n\nCc :6.8+ \u003cstable@vger.kernel.org\u003e # 6.8+"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:23.178Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c1279dee33369e2525f532364bb87207d23b9481"
},
{
"url": "https://git.kernel.org/stable/c/d351eb0ab04c3e8109895fc33250cebbce9c11da"
}
],
"title": "thermal/debugfs: Prevent use-after-free from occurring after cdev removal",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36932",
"datePublished": "2024-05-30T15:29:23.178Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2024-08-02T03:43:50.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36935
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
ice: ensure the copied buf is NUL terminated
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:14:54.419076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:15:04.744Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ff4de981983ed84f29b5d92b6550ec054e12a92"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/666854ea9cad844f75a068f32812a2d78004914a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5ff4de981983",
"status": "affected",
"version": "96a9a9341cda",
"versionType": "git"
},
{
"lessThan": "666854ea9cad",
"status": "affected",
"version": "96a9a9341cda",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/ice/ice_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: ensure the copied buf is NUL terminated\n\nCurrently, we allocate a count-sized kernel buffer and copy count bytes\nfrom userspace to that buffer. Later, we use sscanf on this buffer but we\ndon\u0027t ensure that the string is terminated inside the buffer, this can lead\nto OOB read when using sscanf. Fix this issue by using memdup_user_nul\ninstead of memdup_user."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:24.941Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5ff4de981983ed84f29b5d92b6550ec054e12a92"
},
{
"url": "https://git.kernel.org/stable/c/666854ea9cad844f75a068f32812a2d78004914a"
}
],
"title": "ice: ensure the copied buf is NUL terminated",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36935",
"datePublished": "2024-05-30T15:29:24.941Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2024-08-02T03:43:49.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36895
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
usb: gadget: uvc: use correct buffer size when parsing configfs lists
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T17:55:25.494467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T17:55:31.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a54e5052bde582fd0e7677334fe7a5be92e242c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a422089ce42ced73713e5032aad29a9a7cbe9528"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/650ae71c80749fc7cb8858c8049f532eaec64410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/uvc_configfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7a54e5052bde",
"status": "affected",
"version": "0df28607c5cb",
"versionType": "git"
},
{
"lessThan": "a422089ce42c",
"status": "affected",
"version": "0df28607c5cb",
"versionType": "git"
},
{
"lessThan": "650ae71c8074",
"status": "affected",
"version": "0df28607c5cb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/uvc_configfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.3"
},
{
"lessThan": "6.3",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: uvc: use correct buffer size when parsing configfs lists\n\nThis commit fixes uvc gadget support on 32-bit platforms.\n\nCommit 0df28607c5cb (\"usb: gadget: uvc: Generalise helper functions for\nreuse\") introduced a helper function __uvcg_iter_item_entries() to aid\nwith parsing lists of items on configfs attributes stores. This function\nis a generalization of another very similar function, which used a\nstack-allocated temporary buffer of fixed size for each item in the list\nand used the sizeof() operator to check for potential buffer overruns.\nThe new function was changed to allocate the now variably sized temp\nbuffer on heap, but wasn\u0027t properly updated to also check for max buffer\nsize using the computed size instead of sizeof() operator.\n\nAs a result, the maximum item size was 7 (plus null terminator) on\n64-bit platforms, and 3 on 32-bit ones. While 7 is accidentally just\nbarely enough, 3 is definitely too small for some of UVC configfs\nattributes. For example, dwFrameInteval, specified in 100ns units,\nusually has 6-digit item values, e.g. 166666 for 60fps."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:00.265Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7a54e5052bde582fd0e7677334fe7a5be92e242c"
},
{
"url": "https://git.kernel.org/stable/c/a422089ce42ced73713e5032aad29a9a7cbe9528"
},
{
"url": "https://git.kernel.org/stable/c/650ae71c80749fc7cb8858c8049f532eaec64410"
}
],
"title": "usb: gadget: uvc: use correct buffer size when parsing configfs lists",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36895",
"datePublished": "2024-05-30T15:29:00.265Z",
"dateReserved": "2024-05-30T15:25:07.066Z",
"dateUpdated": "2024-08-02T03:43:49.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36908
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
blk-iocost: do not WARN if iocg was already offlined
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36908",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:30:12.396680Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:52.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c172ac7afe4442964f4153b2c78fe4e005d9d67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14b3275f93d4a0d8ddc02195bc4e9869b7a3700e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/01bc4fda9ea0a6b52f12326486f07a4910666cf6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-iocost.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1c172ac7afe4",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "14b3275f93d4",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "01bc4fda9ea0",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-iocost.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: do not WARN if iocg was already offlined\n\nIn iocg_pay_debt(), warn is triggered if \u0027active_list\u0027 is empty, which\nis intended to confirm iocg is active when it has debt. However, warn\ncan be triggered during a blkcg or disk removal, if iocg_waitq_timer_fn()\nis run at that time:\n\n WARNING: CPU: 0 PID: 2344971 at block/blk-iocost.c:1402 iocg_pay_debt+0x14c/0x190\n Call trace:\n iocg_pay_debt+0x14c/0x190\n iocg_kick_waitq+0x438/0x4c0\n iocg_waitq_timer_fn+0xd8/0x130\n __run_hrtimer+0x144/0x45c\n __hrtimer_run_queues+0x16c/0x244\n hrtimer_interrupt+0x2cc/0x7b0\n\nThe warn in this situation is meaningless. Since this iocg is being\nremoved, the state of the \u0027active_list\u0027 is irrelevant, and \u0027waitq_timer\u0027\nis canceled after removing \u0027active_list\u0027 in ioc_pd_free(), which ensures\niocg is freed after iocg_waitq_timer_fn() returns.\n\nTherefore, add the check if iocg was already offlined to avoid warn\nwhen removing a blkcg or disk."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:07.773Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c172ac7afe4442964f4153b2c78fe4e005d9d67"
},
{
"url": "https://git.kernel.org/stable/c/14b3275f93d4a0d8ddc02195bc4e9869b7a3700e"
},
{
"url": "https://git.kernel.org/stable/c/01bc4fda9ea0a6b52f12326486f07a4910666cf6"
}
],
"title": "blk-iocost: do not WARN if iocg was already offlined",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36908",
"datePublished": "2024-05-30T15:29:07.773Z",
"dateReserved": "2024-05-30T15:25:07.067Z",
"dateUpdated": "2024-08-02T03:43:49.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36898
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
gpiolib: cdev: fix uninitialised kfifo
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T18:49:07.029417Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:49:15.269Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1a51e24404d77bb3307c1e39eee0d8e86febb1a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/883e4bbf06eb5fb7482679e4edb201093e9f55a2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd7139a70ee8d8ea872b223e043730cf6f5e2b0e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee0166b637a5e376118e9659e5b4148080f1d27e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpiolib-cdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1a51e24404d7",
"status": "affected",
"version": "65cff7046406",
"versionType": "git"
},
{
"lessThan": "883e4bbf06eb",
"status": "affected",
"version": "65cff7046406",
"versionType": "git"
},
{
"lessThan": "bd7139a70ee8",
"status": "affected",
"version": "65cff7046406",
"versionType": "git"
},
{
"lessThan": "ee0166b637a5",
"status": "affected",
"version": "65cff7046406",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpiolib-cdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: fix uninitialised kfifo\n\nIf a line is requested with debounce, and that results in debouncing\nin software, and the line is subsequently reconfigured to enable edge\ndetection then the allocation of the kfifo to contain edge events is\noverlooked. This results in events being written to and read from an\nuninitialised kfifo. Read events are returned to userspace.\n\nInitialise the kfifo in the case where the software debounce is\nalready active."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:02.011Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1a51e24404d77bb3307c1e39eee0d8e86febb1a5"
},
{
"url": "https://git.kernel.org/stable/c/883e4bbf06eb5fb7482679e4edb201093e9f55a2"
},
{
"url": "https://git.kernel.org/stable/c/bd7139a70ee8d8ea872b223e043730cf6f5e2b0e"
},
{
"url": "https://git.kernel.org/stable/c/ee0166b637a5e376118e9659e5b4148080f1d27e"
}
],
"title": "gpiolib: cdev: fix uninitialised kfifo",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36898",
"datePublished": "2024-05-30T15:29:02.011Z",
"dateReserved": "2024-05-30T15:25:07.066Z",
"dateUpdated": "2024-08-02T03:43:50.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36891
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2024-08-02 03:43
Severity
Summary
maple_tree: fix mas_empty_area_rev() null pointer dereference
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36891",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T18:49:50.432549Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:49:58.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/883e5d542bbdddbddeba60250cb482baf3ae2415"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6c9c7c1e63b198a8b979ad963eb21410f10ccb00"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f3956791cf526540addd3295e4c1e0f0442486cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/955a923d2809803980ff574270f81510112be9cf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"lib/maple_tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "883e5d542bbd",
"status": "affected",
"version": "54a611b60590",
"versionType": "git"
},
{
"lessThan": "6c9c7c1e63b1",
"status": "affected",
"version": "54a611b60590",
"versionType": "git"
},
{
"lessThan": "f3956791cf52",
"status": "affected",
"version": "54a611b60590",
"versionType": "git"
},
{
"lessThan": "955a923d2809",
"status": "affected",
"version": "54a611b60590",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"lib/maple_tree.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmaple_tree: fix mas_empty_area_rev() null pointer dereference\n\nCurrently the code calls mas_start() followed by mas_data_end() if the\nmaple state is MA_START, but mas_start() may return with the maple state\nnode == NULL. This will lead to a null pointer dereference when checking\ninformation in the NULL node, which is done in mas_data_end().\n\nAvoid setting the offset if there is no node by waiting until after the\nmaple state is checked for an empty or single entry state.\n\nA user could trigger the events to cause a kernel oops by unmapping all\nvmas to produce an empty maple tree, then mapping a vma that would cause\nthe scenario described above."
}
],
"providerMetadata": {
"dateUpdated": "2024-06-16T12:20:48.705Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/883e5d542bbdddbddeba60250cb482baf3ae2415"
},
{
"url": "https://git.kernel.org/stable/c/6c9c7c1e63b198a8b979ad963eb21410f10ccb00"
},
{
"url": "https://git.kernel.org/stable/c/f3956791cf526540addd3295e4c1e0f0442486cc"
},
{
"url": "https://git.kernel.org/stable/c/955a923d2809803980ff574270f81510112be9cf"
}
],
"title": "maple_tree: fix mas_empty_area_rev() null pointer dereference",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36891",
"datePublished": "2024-05-30T15:28:57.939Z",
"dateReserved": "2024-05-30T15:25:07.065Z",
"dateUpdated": "2024-08-02T03:43:49.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36958
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
NFSD: Fix nfsd4_encode_fattr4() crasher
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36958",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T17:56:01.903587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:14:12.907Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.556Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6a7b07689af6e4e023404bf69b1230f43b2a15bc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/18180a4550d08be4eb0387fe83f02f703f92d4e7"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfs4xdr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6a7b07689af6",
"status": "affected",
"version": "83ab8678ad0c",
"versionType": "git"
},
{
"lessThan": "18180a4550d0",
"status": "affected",
"version": "83ab8678ad0c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfsd/nfs4xdr.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix nfsd4_encode_fattr4() crasher\n\nEnsure that args.acl is initialized early. It is used in an\nunconditional call to kfree() on the way out of\nnfsd4_encode_fattr4()."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:51.033Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6a7b07689af6e4e023404bf69b1230f43b2a15bc"
},
{
"url": "https://git.kernel.org/stable/c/18180a4550d08be4eb0387fe83f02f703f92d4e7"
}
],
"title": "NFSD: Fix nfsd4_encode_fattr4() crasher",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36958",
"datePublished": "2024-05-30T15:35:51.033Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2024-08-02T03:43:50.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36911
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
hv_netvsc: Don't free decrypted memory
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:46:51.712672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:48.543Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a56fe611326332bf6b7126e5559590c57dcebad4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4aaed9dbe8acd2b6114458f0498a617283d6275b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bbf9ac34677b57506a13682b31a2a718934c0e31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/hyperv/netvsc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a56fe6113263",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "4aaed9dbe8ac",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "bbf9ac34677b",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/hyperv/netvsc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhv_netvsc: Don\u0027t free decrypted memory\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe netvsc driver could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the gpadl\nto decide whether to free the memory."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:09.475Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a56fe611326332bf6b7126e5559590c57dcebad4"
},
{
"url": "https://git.kernel.org/stable/c/4aaed9dbe8acd2b6114458f0498a617283d6275b"
},
{
"url": "https://git.kernel.org/stable/c/bbf9ac34677b57506a13682b31a2a718934c0e31"
}
],
"title": "hv_netvsc: Don\u0027t free decrypted memory",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36911",
"datePublished": "2024-05-30T15:29:09.475Z",
"dateReserved": "2024-05-30T15:25:07.067Z",
"dateUpdated": "2024-08-02T03:43:49.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36916
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-09-05 08:03
Severity
Summary
blk-iocost: avoid out of bounds shift
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36916",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:19:24.548838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:19:34.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-05T08:03:32.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/blk-iocost.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "62accf6c1d7b",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "844fc023e9f1",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "f6add0a6f78d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "ce0e99cae00e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "488dc6808cb8",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "beaa51b36012",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/blk-iocost.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: avoid out of bounds shift\n\nUBSAN catches undefined behavior in blk-iocost, where sometimes\niocg-\u003edelay is shifted right by a number that is too large,\nresulting in undefined behavior on some architectures.\n\n[ 186.556576] ------------[ cut here ]------------\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23\nshift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka \u0027unsigned long long\u0027)\nCPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1\nHardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x8f/0xe0\n __ubsan_handle_shift_out_of_bounds+0x22c/0x280\n iocg_kick_delay+0x30b/0x310\n ioc_timer_fn+0x2fb/0x1f80\n __run_timer_base+0x1b6/0x250\n...\n\nAvoid that undefined behavior by simply taking the\n\"delay = 0\" branch if the shift is too large.\n\nI am not sure what the symptoms of an undefined value\ndelay will be, but I suspect it could be more than a\nlittle annoying to debug."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:12.745Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5"
},
{
"url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1"
},
{
"url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca"
},
{
"url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86"
},
{
"url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b"
},
{
"url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "blk-iocost: avoid out of bounds shift",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36916",
"datePublished": "2024-05-30T15:29:12.745Z",
"dateReserved": "2024-05-30T15:25:07.068Z",
"dateUpdated": "2024-09-05T08:03:32.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36926
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "7fb5793c53f8",
"status": "affected",
"version": "b1fc44eaa9ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "802b13b79ab1",
"status": "affected",
"version": "b1fc44eaa9ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "2bed905a7248",
"status": "affected",
"version": "b1fc44eaa9ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "49a940dbdc31",
"status": "affected",
"version": "b1fc44eaa9ba",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.9",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T14:47:52.591272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:36:52.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7fb5793c53f8c024e3eae9f0d44eb659aed833c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/802b13b79ab1fef66c6852fc745cf197dca0cb15"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2bed905a72485a2b79a001bd7e66c750942d2155"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49a940dbdc3107fecd5e6d3063dc07128177e058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/pseries/iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7fb5793c53f8",
"status": "affected",
"version": "b1fc44eaa9ba",
"versionType": "git"
},
{
"lessThan": "802b13b79ab1",
"status": "affected",
"version": "b1fc44eaa9ba",
"versionType": "git"
},
{
"lessThan": "2bed905a7248",
"status": "affected",
"version": "b1fc44eaa9ba",
"versionType": "git"
},
{
"lessThan": "49a940dbdc31",
"status": "affected",
"version": "b1fc44eaa9ba",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/powerpc/platforms/pseries/iommu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/iommu: LPAR panics during boot up with a frozen PE\n\nAt the time of LPAR boot up, partition firmware provides Open Firmware\nproperty ibm,dma-window for the PE. This property is provided on the PCI\nbus the PE is attached to.\n\nThere are execptions where the partition firmware might not provide this\nproperty for the PE at the time of LPAR boot up. One of the scenario is\nwhere the firmware has frozen the PE due to some error condition. This\nPE is frozen for 24 hours or unless the whole system is reinitialized.\n\nWithin this time frame, if the LPAR is booted, the frozen PE will be\npresented to the LPAR but ibm,dma-window property could be missing.\n\nToday, under these circumstances, the LPAR oopses with NULL pointer\ndereference, when configuring the PCI bus the PE is attached to.\n\n BUG: Kernel NULL pointer dereference on read at 0x000000c8\n Faulting instruction address: 0xc0000000001024c0\n Oops: Kernel access of bad area, sig: 7 [#1]\n LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries\n Modules linked in:\n Supported: Yes\n CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.4.0-150600.9-default #1\n Hardware name: IBM,9043-MRX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NM1060_023) hv:phyp pSeries\n NIP: c0000000001024c0 LR: c0000000001024b0 CTR: c000000000102450\n REGS: c0000000037db5c0 TRAP: 0300 Not tainted (6.4.0-150600.9-default)\n MSR: 8000000002009033 \u003cSF,VEC,EE,ME,IR,DR,RI,LE\u003e CR: 28000822 XER: 00000000\n CFAR: c00000000010254c DAR: 00000000000000c8 DSISR: 00080000 IRQMASK: 0\n ...\n NIP [c0000000001024c0] pci_dma_bus_setup_pSeriesLP+0x70/0x2a0\n LR [c0000000001024b0] pci_dma_bus_setup_pSeriesLP+0x60/0x2a0\n Call Trace:\n pci_dma_bus_setup_pSeriesLP+0x60/0x2a0 (unreliable)\n pcibios_setup_bus_self+0x1c0/0x370\n __of_scan_bus+0x2f8/0x330\n pcibios_scan_phb+0x280/0x3d0\n pcibios_init+0x88/0x12c\n do_one_initcall+0x60/0x320\n kernel_init_freeable+0x344/0x3e4\n kernel_init+0x34/0x1d0\n ret_from_kernel_user_thread+0x14/0x1c"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:19.691Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7fb5793c53f8c024e3eae9f0d44eb659aed833c4"
},
{
"url": "https://git.kernel.org/stable/c/802b13b79ab1fef66c6852fc745cf197dca0cb15"
},
{
"url": "https://git.kernel.org/stable/c/2bed905a72485a2b79a001bd7e66c750942d2155"
},
{
"url": "https://git.kernel.org/stable/c/49a940dbdc3107fecd5e6d3063dc07128177e058"
}
],
"title": "powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36926",
"datePublished": "2024-05-30T15:29:19.691Z",
"dateReserved": "2024-05-30T15:25:07.069Z",
"dateUpdated": "2024-08-02T03:43:50.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36952
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
scsi: lpfc: Move NPIV's transport unregistration to after resource clean up
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T19:01:27.425378Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:58.415Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2c7f029051edc4b394bb48edbe2297575abefe0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0936809d968ecf81e0726fbd02ff2a5732d960c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/76337eb8daee32bcc67742efab3168ed4ca299d0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/718602cd15f4c5710850090ea3066a89eeb46278"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ddf01f2f1504fa08b766e8cfeec558e9f8eef6c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_vport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f2c7f029051e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "0936809d968e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "76337eb8daee",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "718602cd15f4",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "4ddf01f2f150",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/lpfc/lpfc_vport.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: lpfc: Move NPIV\u0027s transport unregistration to after resource clean up\n\nThere are cases after NPIV deletion where the fabric switch still believes\nthe NPIV is logged into the fabric. This occurs when a vport is\nunregistered before the Remove All DA_ID CT and LOGO ELS are sent to the\nfabric.\n\nCurrently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including\nthe fabric D_ID, removes the last ndlp reference and frees the ndlp rport\nobject. This sometimes causes the race condition where the final DA_ID and\nLOGO are skipped from being sent to the fabric switch.\n\nFix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID\nand LOGO are sent."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:47.477Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f2c7f029051edc4b394bb48edbe2297575abefe0"
},
{
"url": "https://git.kernel.org/stable/c/0936809d968ecf81e0726fbd02ff2a5732d960c3"
},
{
"url": "https://git.kernel.org/stable/c/76337eb8daee32bcc67742efab3168ed4ca299d0"
},
{
"url": "https://git.kernel.org/stable/c/718602cd15f4c5710850090ea3066a89eeb46278"
},
{
"url": "https://git.kernel.org/stable/c/4ddf01f2f1504fa08b766e8cfeec558e9f8eef6c"
}
],
"title": "scsi: lpfc: Move NPIV\u0027s transport unregistration to after resource clean up",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36952",
"datePublished": "2024-05-30T15:35:47.477Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2024-08-02T03:43:50.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36950
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
firewire: ohci: mask bus reset interrupts between ISR and bottom half
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:34:28.122404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:47.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firewire/ohci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b3948c69d602",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "31279bbca40d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "fa273f312334",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "4f9cc355c328",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "6fafe3661712",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "5982887de60c",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "8643332aac05",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "752e3c53de0f",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firewire/ohci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: ohci: mask bus reset interrupts between ISR and bottom half\n\nIn the FireWire OHCI interrupt handler, if a bus reset interrupt has\noccurred, mask bus reset interrupts until bus_reset_work has serviced and\ncleared the interrupt.\n\nNormally, we always leave bus reset interrupts masked. We infer the bus\nreset from the self-ID interrupt that happens shortly thereafter. A\nscenario where we unmask bus reset interrupts was introduced in 2008 in\na007bb857e0b26f5d8b73c2ff90782d9c0972620: If\nOHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we\nwill unmask bus reset interrupts so we can log them.\n\nirq_handler logs the bus reset interrupt. However, we can\u0027t clear the bus\nreset event flag in irq_handler, because we won\u0027t service the event until\nlater. irq_handler exits with the event flag still set. If the\ncorresponding interrupt is still unmasked, the first bus reset will\nusually freeze the system due to irq_handler being called again each\ntime it exits. This freeze can be reproduced by loading firewire_ohci\nwith \"modprobe firewire_ohci debug=-1\" (to enable all debugging output).\nApparently there are also some cases where bus_reset_work will get called\nsoon enough to clear the event, and operation will continue normally.\n\nThis freeze was first reported a few months after a007bb85 was committed,\nbut until now it was never fixed. The debug level could safely be set\nto -1 through sysfs after the module was loaded, but this would be\nineffectual in logging bus reset interrupts since they were only\nunmasked during initialization.\n\nirq_handler will now leave the event flag set but mask bus reset\ninterrupts, so irq_handler won\u0027t be called again and there will be no\nfreeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will\nunmask the interrupt after servicing the event, so future interrupts\nwill be caught as desired.\n\nAs a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be\nenabled through sysfs in addition to during initial module loading.\nHowever, when enabled through sysfs, logging of bus reset interrupts will\nbe effective only starting with the second bus reset, after\nbus_reset_work has executed."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:46.262Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130"
},
{
"url": "https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec"
},
{
"url": "https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c"
},
{
"url": "https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420"
},
{
"url": "https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d"
},
{
"url": "https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0"
},
{
"url": "https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61"
},
{
"url": "https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "firewire: ohci: mask bus reset interrupts between ISR and bottom half",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36950",
"datePublished": "2024-05-30T15:35:46.262Z",
"dateReserved": "2024-05-30T15:25:07.079Z",
"dateUpdated": "2024-08-02T03:43:50.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36023
Vulnerability from cvelistv5
Published
2024-05-30 15:04
Modified
2024-08-02 03:30
Severity
Summary
Julia Lawall reported this null pointer dereference, this should fix it.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36023",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T20:24:38.395989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T20:24:47.410Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/orangefs/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2e2177f94c0e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "214a6c4a28c1",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "b972e8ac3f44",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "9bf93dcfc453",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/orangefs/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.86",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.27",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nJulia Lawall reported this null pointer dereference, this should fix it."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:04:00.404Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e"
},
{
"url": "https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a"
},
{
"url": "https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1"
},
{
"url": "https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac"
}
],
"title": "Julia Lawall reported this null pointer dereference, this should fix it.",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36023",
"datePublished": "2024-05-30T15:04:00.404Z",
"dateReserved": "2024-05-17T13:50:33.158Z",
"dateUpdated": "2024-08-02T03:30:12.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36897
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
drm/amd/display: Atom Integrated System Info v2_2 for DCN35
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3c7013a87124",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "02f5300f6827",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "7e3030774431",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "c2797ec16d90",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "9a35d205f466",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36897",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T17:54:16.678666Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T18:08:00.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c7013a87124bab54216d9b99f77e8b6de6fbc1a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02f5300f6827206f6e48a77f51e6264993695e5c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e3030774431eb093165a31baff040d35446fb8b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2797ec16d9072327e7578d09ee05bcab52fffd0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a35d205f466501dcfe5625ca313d944d0ac2d60"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3c7013a87124",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "02f5300f6827",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "7e3030774431",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "c2797ec16d90",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "9a35d205f466",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/bios/bios_parser2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Atom Integrated System Info v2_2 for DCN35\n\nNew request from KMD/VBIOS in order to support new UMA carveout\nmodel. This fixes a null dereference from accessing\nCtx-\u003edc_bios-\u003eintegrated_info while it was NULL.\n\nDAL parses through the BIOS and extracts the necessary\nintegrated_info but was missing a case for the new BIOS\nversion 2.3."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:01.417Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3c7013a87124bab54216d9b99f77e8b6de6fbc1a"
},
{
"url": "https://git.kernel.org/stable/c/02f5300f6827206f6e48a77f51e6264993695e5c"
},
{
"url": "https://git.kernel.org/stable/c/7e3030774431eb093165a31baff040d35446fb8b"
},
{
"url": "https://git.kernel.org/stable/c/c2797ec16d9072327e7578d09ee05bcab52fffd0"
},
{
"url": "https://git.kernel.org/stable/c/9a35d205f466501dcfe5625ca313d944d0ac2d60"
}
],
"title": "drm/amd/display: Atom Integrated System Info v2_2 for DCN35",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36897",
"datePublished": "2024-05-30T15:29:01.417Z",
"dateReserved": "2024-05-30T15:25:07.066Z",
"dateUpdated": "2024-08-02T03:43:49.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36940
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
pinctrl: core: delete incorrect free in pinctrl_enable()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:25:26.979822Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T14:25:33.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.606Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "735f4c6b6771",
"status": "affected",
"version": "6118714275f0",
"versionType": "git"
},
{
"lessThan": "cdaa171473d9",
"status": "affected",
"version": "6118714275f0",
"versionType": "git"
},
{
"lessThan": "288bc4aa75f1",
"status": "affected",
"version": "6118714275f0",
"versionType": "git"
},
{
"lessThan": "41f88ef8ba38",
"status": "affected",
"version": "6118714275f0",
"versionType": "git"
},
{
"lessThan": "ac7d65795827",
"status": "affected",
"version": "6118714275f0",
"versionType": "git"
},
{
"lessThan": "558c8039fdf5",
"status": "affected",
"version": "6118714275f0",
"versionType": "git"
},
{
"lessThan": "f9f1e321d53e",
"status": "affected",
"version": "6118714275f0",
"versionType": "git"
},
{
"lessThan": "5038a66dad01",
"status": "affected",
"version": "6118714275f0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/pinctrl/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: core: delete incorrect free in pinctrl_enable()\n\nThe \"pctldev\" struct is allocated in devm_pinctrl_register_and_init().\nIt\u0027s a devm_ managed pointer that is freed by devm_pinctrl_dev_release(),\nso freeing it in pinctrl_enable() will lead to a double free.\n\nThe devm_pinctrl_dev_release() function frees the pindescs and destroys\nthe mutex as well."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:28.101Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d"
},
{
"url": "https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd"
},
{
"url": "https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068"
},
{
"url": "https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca"
},
{
"url": "https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e"
},
{
"url": "https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c"
},
{
"url": "https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba"
},
{
"url": "https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "pinctrl: core: delete incorrect free in pinctrl_enable()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36940",
"datePublished": "2024-05-30T15:29:28.101Z",
"dateReserved": "2024-05-30T15:25:07.072Z",
"dateUpdated": "2024-08-02T03:43:50.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36892
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2024-08-02 03:43
Severity
Summary
mm/slub: avoid zeroing outside-object freepointer for single free
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36892",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T18:49:22.924151Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T15:12:52.190Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/56900355485f6e82114b18c812edd57fd7970dcb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f828aa48812ced28aa39cb3cfe55ef2444d03dd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/slub.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "56900355485f",
"status": "affected",
"version": "284f17ac13fe",
"versionType": "git"
},
{
"lessThan": "8f828aa48812",
"status": "affected",
"version": "284f17ac13fe",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/slub.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slub: avoid zeroing outside-object freepointer for single free\n\nCommit 284f17ac13fe (\"mm/slub: handle bulk and single object freeing\nseparately\") splits single and bulk object freeing in two functions\nslab_free() and slab_free_bulk() which leads slab_free() to call\nslab_free_hook() directly instead of slab_free_freelist_hook().\n\nIf `init_on_free` is set, slab_free_hook() zeroes the object.\nAfterward, if `slub_debug=F` and `CONFIG_SLAB_FREELIST_HARDENED` are\nset, the do_slab_free() slowpath executes freelist consistency\nchecks and try to decode a zeroed freepointer which leads to a\n\"Freepointer corrupt\" detection in check_object().\n\nDuring bulk free, slab_free_freelist_hook() isn\u0027t affected as it always\nsets it objects freepointer using set_freepointer() to maintain its\nreconstructed freelist after `init_on_free`.\n\nFor single free, object\u0027s freepointer thus needs to be avoided when\nstored outside the object if `init_on_free` is set. The freepointer left\nas is, check_object() may later detect an invalid pointer value due to\nobjects overflow.\n\nTo reproduce, set `slub_debug=FU init_on_free=1 log_level=7` on the\ncommand line of a kernel build with `CONFIG_SLAB_FREELIST_HARDENED=y`.\n\ndmesg sample log:\n[ 10.708715] =============================================================================\n[ 10.710323] BUG kmalloc-rnd-05-32 (Tainted: G B T ): Freepointer corrupt\n[ 10.712695] -----------------------------------------------------------------------------\n[ 10.712695]\n[ 10.712695] Slab 0xffffd8bdc400d580 objects=32 used=4 fp=0xffff9d9a80356f80 flags=0x200000000000a00(workingset|slab|node=0|zone=2)\n[ 10.716698] Object 0xffff9d9a80356600 @offset=1536 fp=0x7ee4f480ce0ecd7c\n[ 10.716698]\n[ 10.716698] Bytes b4 ffff9d9a803565f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n[ 10.720703] Object ffff9d9a80356600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n[ 10.720703] Object ffff9d9a80356610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n[ 10.724696] Padding ffff9d9a8035666c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n[ 10.724696] Padding ffff9d9a8035667c: 00 00 00 00 ....\n[ 10.724696] FIX kmalloc-rnd-05-32: Object at 0xffff9d9a80356600 not freed"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:28:58.528Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/56900355485f6e82114b18c812edd57fd7970dcb"
},
{
"url": "https://git.kernel.org/stable/c/8f828aa48812ced28aa39cb3cfe55ef2444d03dd"
}
],
"title": "mm/slub: avoid zeroing outside-object freepointer for single free",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36892",
"datePublished": "2024-05-30T15:28:58.528Z",
"dateReserved": "2024-05-30T15:25:07.065Z",
"dateUpdated": "2024-08-02T03:43:49.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36018
Vulnerability from cvelistv5
Published
2024-05-30 14:59
Modified
2024-08-02 03:30
Severity
Summary
nouveau/uvmm: fix addr/range calcs for remap operations
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36018",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:34:51.763969Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T18:35:02.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/692a51bebf4552bdf0a79ccd68d291182a26a569"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c16020d2b69a602c8ae6a1dd2aac9a3023249d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be141849ec00ef39935bf169c0f194ac70bf85ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/nouveau_uvmm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "692a51bebf45",
"status": "affected",
"version": "b88baab82871",
"versionType": "git"
},
{
"lessThan": "0c16020d2b69",
"status": "affected",
"version": "b88baab82871",
"versionType": "git"
},
{
"lessThan": "be141849ec00",
"status": "affected",
"version": "b88baab82871",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/nouveau/nouveau_uvmm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/uvmm: fix addr/range calcs for remap operations\n\ndEQP-VK.sparse_resources.image_rebind.2d_array.r64i.128_128_8\nwas causing a remap operation like the below.\n\nop_remap: prev: 0000003fffed0000 00000000000f0000 00000000a5abd18a 0000000000000000\nop_remap: next:\nop_remap: unmap: 0000003fffed0000 0000000000100000 0\nop_map: map: 0000003ffffc0000 0000000000010000 000000005b1ba33c 00000000000e0000\n\nThis was resulting in an unmap operation from 0x3fffed0000+0xf0000, 0x100000\nwhich was corrupting the pagetables and oopsing the kernel.\n\nFixes the prev + unmap range calcs to use start/end and map back to addr/range."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T14:59:42.091Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/692a51bebf4552bdf0a79ccd68d291182a26a569"
},
{
"url": "https://git.kernel.org/stable/c/0c16020d2b69a602c8ae6a1dd2aac9a3023249d6"
},
{
"url": "https://git.kernel.org/stable/c/be141849ec00ef39935bf169c0f194ac70bf85ce"
}
],
"title": "nouveau/uvmm: fix addr/range calcs for remap operations",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36018",
"datePublished": "2024-05-30T14:59:42.091Z",
"dateReserved": "2024-05-17T13:50:33.155Z",
"dateUpdated": "2024-08-02T03:30:12.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36927
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
ipv4: Fix uninit-value access in __ip_make_skb()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36927",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:44:15.154993Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:46.460Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5db08343ddb1b239320612036c398e4e1bb52818"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5c603ad4e6fcf42f84053e882ebe20184bb309e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc1092f51567277509563800a3c56732070b6aa4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_output.c",
"net/ipv4/raw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5db08343ddb1",
"status": "affected",
"version": "99e5acae193e",
"versionType": "git"
},
{
"lessThan": "f5c603ad4e6f",
"status": "affected",
"version": "99e5acae193e",
"versionType": "git"
},
{
"lessThan": "fc1092f51567",
"status": "affected",
"version": "99e5acae193e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/ip_output.c",
"net/ipv4/raw.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: Fix uninit-value access in __ip_make_skb()\n\nKMSAN reported uninit-value access in __ip_make_skb() [1]. __ip_make_skb()\ntests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a\nrace condition. If calling setsockopt(2) with IP_HDRINCL changes HDRINCL\nwhile __ip_make_skb() is running, the function will access icmphdr in the\nskb even if it is not included. This causes the issue reported by KMSAN.\n\nCheck FLOWI_FLAG_KNOWN_NH on fl4-\u003eflowi4_flags instead of testing HDRINCL\non the socket.\n\nAlso, fl4-\u003efl4_icmp_type and fl4-\u003efl4_icmp_code are not initialized. These\nare union in struct flowi4 and are implicitly initialized by\nflowi4_init_output(), but we should not rely on specific union layout.\n\nInitialize these explicitly in raw_sendmsg().\n\n[1]\nBUG: KMSAN: uninit-value in __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n __ip_make_skb+0x2b74/0x2d20 net/ipv4/ip_output.c:1481\n ip_finish_skb include/net/ip.h:243 [inline]\n ip_push_pending_frames+0x4c/0x5c0 net/ipv4/ip_output.c:1508\n raw_sendmsg+0x2381/0x2690 net/ipv4/raw.c:654\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n slab_post_alloc_hook mm/slub.c:3804 [inline]\n slab_alloc_node mm/slub.c:3845 [inline]\n kmem_cache_alloc_node+0x5f6/0xc50 mm/slub.c:3888\n kmalloc_reserve+0x13c/0x4a0 net/core/skbuff.c:577\n __alloc_skb+0x35a/0x7c0 net/core/skbuff.c:668\n alloc_skb include/linux/skbuff.h:1318 [inline]\n __ip_append_data+0x49ab/0x68c0 net/ipv4/ip_output.c:1128\n ip_append_data+0x1e7/0x260 net/ipv4/ip_output.c:1365\n raw_sendmsg+0x22b1/0x2690 net/ipv4/raw.c:648\n inet_sendmsg+0x27b/0x2a0 net/ipv4/af_inet.c:851\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x274/0x3c0 net/socket.c:745\n __sys_sendto+0x62c/0x7b0 net/socket.c:2191\n __do_sys_sendto net/socket.c:2203 [inline]\n __se_sys_sendto net/socket.c:2199 [inline]\n __x64_sys_sendto+0x130/0x200 net/socket.c:2199\n do_syscall_64+0xd8/0x1f0 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nCPU: 1 PID: 15709 Comm: syz-executor.7 Not tainted 6.8.0-11567-gb3603fcb79b1 #25\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:20.275Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5db08343ddb1b239320612036c398e4e1bb52818"
},
{
"url": "https://git.kernel.org/stable/c/f5c603ad4e6fcf42f84053e882ebe20184bb309e"
},
{
"url": "https://git.kernel.org/stable/c/fc1092f51567277509563800a3c56732070b6aa4"
}
],
"title": "ipv4: Fix uninit-value access in __ip_make_skb()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36927",
"datePublished": "2024-05-30T15:29:20.275Z",
"dateReserved": "2024-05-30T15:25:07.069Z",
"dateUpdated": "2024-08-02T03:43:50.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36905
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-09-05 08:03
Severity
Summary
tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "34e41a031fd7",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ed5e279b69e0",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "413c33b9f3bc",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "2552c9d9440f",
"status": "affected",
"version": "1da177e4c3f",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3fe4ef0568a4",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "f47d0d32fa94",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "cbf232ba11bc",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "94062790aedb",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "4.20",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.11",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.16",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5.5",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.9",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T17:00:25.406239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-369",
"description": "CWE-369 Divide By Zero",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:35:41.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-05T08:03:31.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0005/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp.c",
"net/ipv4/tcp_input.c",
"net/ipv4/tcp_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "34e41a031fd7",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "ed5e279b69e0",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "413c33b9f3bc",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "2552c9d9440f",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "3fe4ef0568a4",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "f47d0d32fa94",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "cbf232ba11bc",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "94062790aedb",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv4/tcp.c",
"net/ipv4/tcp_input.c",
"net/ipv4/tcp_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets\n\nTCP_SYN_RECV state is really special, it is only used by\ncross-syn connections, mostly used by fuzzers.\n\nIn the following crash [1], syzbot managed to trigger a divide\nby zero in tcp_rcv_space_adjust()\n\nA socket makes the following state transitions,\nwithout ever calling tcp_init_transfer(),\nmeaning tcp_init_buffer_space() is also not called.\n\n TCP_CLOSE\nconnect()\n TCP_SYN_SENT\n TCP_SYN_RECV\nshutdown() -\u003e tcp_shutdown(sk, SEND_SHUTDOWN)\n TCP_FIN_WAIT1\n\nTo fix this issue, change tcp_shutdown() to not\nperform a TCP_SYN_RECV -\u003e TCP_FIN_WAIT1 transition,\nwhich makes no sense anyway.\n\nWhen tcp_rcv_state_process() later changes socket state\nfrom TCP_SYN_RECV to TCP_ESTABLISH, then look at\nsk-\u003esk_shutdown to finally enter TCP_FIN_WAIT1 state,\nand send a FIN packet from a sane socket state.\n\nThis means tcp_send_fin() can now be called from BH\ncontext, and must use GFP_ATOMIC allocations.\n\n[1]\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 1 PID: 5084 Comm: syz-executor358 Not tainted 6.9.0-rc6-syzkaller-00022-g98369dccd2f8 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:tcp_rcv_space_adjust+0x2df/0x890 net/ipv4/tcp_input.c:767\nCode: e3 04 4c 01 eb 48 8b 44 24 38 0f b6 04 10 84 c0 49 89 d5 0f 85 a5 03 00 00 41 8b 8e c8 09 00 00 89 e8 29 c8 48 0f af c3 31 d2 \u003c48\u003e f7 f1 48 8d 1c 43 49 8d 96 76 08 00 00 48 89 d0 48 c1 e8 03 48\nRSP: 0018:ffffc900031ef3f0 EFLAGS: 00010246\nRAX: 0c677a10441f8f42 RBX: 000000004fb95e7e RCX: 0000000000000000\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 0000000027d4b11f R08: ffffffff89e535a4 R09: 1ffffffff25e6ab7\nR10: dffffc0000000000 R11: ffffffff8135e920 R12: ffff88802a9f8d30\nR13: dffffc0000000000 R14: ffff88802a9f8d00 R15: 1ffff1100553f2da\nFS: 00005555775c0380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f1155bf2304 CR3: 000000002b9f2000 CR4: 0000000000350ef0\nCall Trace:\n \u003cTASK\u003e\n tcp_recvmsg_locked+0x106d/0x25a0 net/ipv4/tcp.c:2513\n tcp_recvmsg+0x25d/0x920 net/ipv4/tcp.c:2578\n inet6_recvmsg+0x16a/0x730 net/ipv6/af_inet6.c:680\n sock_recvmsg_nosec net/socket.c:1046 [inline]\n sock_recvmsg+0x109/0x280 net/socket.c:1068\n ____sys_recvmsg+0x1db/0x470 net/socket.c:2803\n ___sys_recvmsg net/socket.c:2845 [inline]\n do_recvmmsg+0x474/0xae0 net/socket.c:2939\n __sys_recvmmsg net/socket.c:3018 [inline]\n __do_sys_recvmmsg net/socket.c:3041 [inline]\n __se_sys_recvmmsg net/socket.c:3034 [inline]\n __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3034\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7faeb6363db9\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007ffcc1997168 EFLAGS: 00000246 ORIG_RAX: 000000000000012b\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007faeb6363db9\nRDX: 0000000000000001 RSI: 0000000020000bc0 RDI: 0000000000000005\nRBP: 0000000000000000 R08: 0000000000000000 R09: 000000000000001c\nR10: 0000000000000122 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000001"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:06.046Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/34e41a031fd7523bf1cd00a2adca2370aebea270"
},
{
"url": "https://git.kernel.org/stable/c/ed5e279b69e007ce6c0fe82a5a534c1b19783214"
},
{
"url": "https://git.kernel.org/stable/c/413c33b9f3bc36fdf719690a78824db9f88a9485"
},
{
"url": "https://git.kernel.org/stable/c/2552c9d9440f8e7a2ed0660911ff00f25b90a0a4"
},
{
"url": "https://git.kernel.org/stable/c/3fe4ef0568a48369b1891395d13ac593b1ba41b1"
},
{
"url": "https://git.kernel.org/stable/c/f47d0d32fa94e815fdd78b8b88684873e67939f4"
},
{
"url": "https://git.kernel.org/stable/c/cbf232ba11bc86a5281b4f00e1151349ef4d45cf"
},
{
"url": "https://git.kernel.org/stable/c/94062790aedb505bdda209b10bea47b294d6394f"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36905",
"datePublished": "2024-05-30T15:29:06.046Z",
"dateReserved": "2024-05-30T15:25:07.067Z",
"dateUpdated": "2024-09-05T08:03:31.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36922
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
wifi: iwlwifi: read txq->read_ptr under lock
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b83db8e756dec68a950ed2f056248b1704b3deaa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43d07103df670484cdd26f9588eabef80f69db89"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c2ace6300600c634553657785dfe5ea0ed688ac2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/queue/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b83db8e756de",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "43d07103df67",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "c2ace6300600",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/queue/tx.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: read txq-\u003eread_ptr under lock\n\nIf we read txq-\u003eread_ptr without lock, we can read the same\nvalue twice, then obtain the lock, and reclaim from there\nto two different places, but crucially reclaim the same\nentry twice, resulting in the WARN_ONCE() a little later.\nFix that by reading txq-\u003eread_ptr under lock."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:16.852Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b83db8e756dec68a950ed2f056248b1704b3deaa"
},
{
"url": "https://git.kernel.org/stable/c/43d07103df670484cdd26f9588eabef80f69db89"
},
{
"url": "https://git.kernel.org/stable/c/c2ace6300600c634553657785dfe5ea0ed688ac2"
}
],
"title": "wifi: iwlwifi: read txq-\u003eread_ptr under lock",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36922",
"datePublished": "2024-05-30T15:29:16.852Z",
"dateReserved": "2024-05-30T15:25:07.068Z",
"dateUpdated": "2024-08-02T03:43:49.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36944
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
Reapply "drm/qxl: simplify qxl_fence_wait"
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:28:13.498062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:56.251Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.389Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a89ac4b0921c4ea21eb1b4cf3a469a91bacfcea"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b548c53bc3ab83dc6fc86c8e840f013b2032267a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/148ed8b4d64f94ab079c8f0d88c3f444db97ba97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3dfe35d8683daf9ba69278643efbabe40000bbf6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3628e0383dd349f02f882e612ab6184e4bb3dc10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/qxl/qxl_release.c",
"include/linux/dma-fence.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4a89ac4b0921",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "b548c53bc3ab",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "148ed8b4d64f",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "3dfe35d8683d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "3628e0383dd3",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/qxl/qxl_release.c",
"include/linux/dma-fence.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nReapply \"drm/qxl: simplify qxl_fence_wait\"\n\nThis reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea.\n\nStephen Rostedt reports:\n \"I went to run my tests on my VMs and the tests hung on boot up.\n Unfortunately, the most I ever got out was:\n\n [ 93.607888] Testing event system initcall: OK\n [ 93.667730] Running tests on all trace events:\n [ 93.669757] Testing all events: OK\n [ 95.631064] ------------[ cut here ]------------\n Timed out after 60 seconds\"\n\nand further debugging points to a possible circular locking dependency\nbetween the console_owner locking and the worker pool locking.\n\nReverting the commit allows Steve\u0027s VM to boot to completion again.\n\n[ This may obviously result in the \"[TTM] Buffer eviction failed\"\n messages again, which was the reason for that original revert. But at\n this point this seems preferable to a non-booting system... ]"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:42.708Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4a89ac4b0921c4ea21eb1b4cf3a469a91bacfcea"
},
{
"url": "https://git.kernel.org/stable/c/b548c53bc3ab83dc6fc86c8e840f013b2032267a"
},
{
"url": "https://git.kernel.org/stable/c/148ed8b4d64f94ab079c8f0d88c3f444db97ba97"
},
{
"url": "https://git.kernel.org/stable/c/3dfe35d8683daf9ba69278643efbabe40000bbf6"
},
{
"url": "https://git.kernel.org/stable/c/3628e0383dd349f02f882e612ab6184e4bb3dc10"
}
],
"title": "Reapply \"drm/qxl: simplify qxl_fence_wait\"",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36944",
"datePublished": "2024-05-30T15:35:42.708Z",
"dateReserved": "2024-05-30T15:25:07.073Z",
"dateUpdated": "2024-08-02T03:43:50.389Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36957
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
octeontx2-af: avoid off-by-one read from userspace
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T18:14:35.481589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:14:45.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bcdac70adceb",
"status": "affected",
"version": "dae49384d0d7",
"versionType": "git"
},
{
"lessThan": "ec697fbd38cb",
"status": "affected",
"version": "3a2eb515d136",
"versionType": "git"
},
{
"lessThan": "8f11fe3ea3fc",
"status": "affected",
"version": "3a2eb515d136",
"versionType": "git"
},
{
"lessThan": "0a0285cee11c",
"status": "affected",
"version": "3a2eb515d136",
"versionType": "git"
},
{
"lessThan": "fc3e0076c1f8",
"status": "affected",
"version": "3a2eb515d136",
"versionType": "git"
},
{
"lessThan": "f299ee709fb4",
"status": "affected",
"version": "3a2eb515d136",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.12"
},
{
"lessThan": "5.12",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: avoid off-by-one read from userspace\n\nWe try to access count + 1 byte from userspace with memdup_user(buffer,\ncount + 1). However, the userspace only provides buffer of count bytes and\nonly these count bytes are verified to be okay to access. To ensure the\ncopied buffer is NUL terminated, we use memdup_user_nul instead."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:50.445Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bcdac70adceb44373da204c3c297f2a98e13216e"
},
{
"url": "https://git.kernel.org/stable/c/ec697fbd38cbe2eef0948b58673b146caa95402f"
},
{
"url": "https://git.kernel.org/stable/c/8f11fe3ea3fc261640cfc8a5addd838000407c67"
},
{
"url": "https://git.kernel.org/stable/c/0a0285cee11c7dcc2657bcd456e469958a5009e7"
},
{
"url": "https://git.kernel.org/stable/c/fc3e0076c1f82fe981d321e3a7bad4cbee542c19"
},
{
"url": "https://git.kernel.org/stable/c/f299ee709fb45036454ca11e90cb2810fe771878"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "octeontx2-af: avoid off-by-one read from userspace",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36957",
"datePublished": "2024-05-30T15:35:50.445Z",
"dateReserved": "2024-05-30T15:25:07.080Z",
"dateUpdated": "2024-08-02T03:43:50.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36896
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
USB: core: Fix access violation during port device removal
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5f1d68ef5dda",
"status": "affected",
"version": "f061f43d7418",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "63533549ff53",
"status": "affected",
"version": "f061f43d7418",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6119ef6517ce",
"status": "affected",
"version": "f061f43d7418",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "a4b46d450c49",
"status": "affected",
"version": "f061f43d7418",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.7",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.9",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:6.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "6.0"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6.2",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36896",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T15:40:53.946750Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T19:33:40.551Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f1d68ef5ddac27c6b997adccd1c339cef1e6848"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/63533549ff53d24daf47c443dbd43c308afc3434"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6119ef6517ce501fc548154691abdaf1f954a277"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a4b46d450c49f32e9d4247b421e58083fde304ce"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/port.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5f1d68ef5dda",
"status": "affected",
"version": "f061f43d7418",
"versionType": "git"
},
{
"lessThan": "63533549ff53",
"status": "affected",
"version": "f061f43d7418",
"versionType": "git"
},
{
"lessThan": "6119ef6517ce",
"status": "affected",
"version": "f061f43d7418",
"versionType": "git"
},
{
"lessThan": "a4b46d450c49",
"status": "affected",
"version": "f061f43d7418",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/core/port.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: core: Fix access violation during port device removal\n\nTesting with KASAN and syzkaller revealed a bug in port.c:disable_store():\nusb_hub_to_struct_hub() can return NULL if the hub that the port belongs to\nis concurrently removed, but the function does not check for this\npossibility before dereferencing the returned value.\n\nIt turns out that the first dereference is unnecessary, since hub-\u003eintfdev\nis the parent of the port device, so it can be changed easily. Adding a\ncheck for hub == NULL prevents further problems.\n\nThe same bug exists in the disable_show() routine, and it can be fixed the\nsame way."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:00.850Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5f1d68ef5ddac27c6b997adccd1c339cef1e6848"
},
{
"url": "https://git.kernel.org/stable/c/63533549ff53d24daf47c443dbd43c308afc3434"
},
{
"url": "https://git.kernel.org/stable/c/6119ef6517ce501fc548154691abdaf1f954a277"
},
{
"url": "https://git.kernel.org/stable/c/a4b46d450c49f32e9d4247b421e58083fde304ce"
}
],
"title": "USB: core: Fix access violation during port device removal",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36896",
"datePublished": "2024-05-30T15:29:00.850Z",
"dateReserved": "2024-05-30T15:25:07.066Z",
"dateUpdated": "2024-08-02T03:43:50.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36033
Vulnerability from cvelistv5
Published
2024-05-30 15:23
Modified
2024-08-02 03:30
Severity
Summary
Bluetooth: qca: fix info leak when fetching board id
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36033",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T19:15:50.890550Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:44.337Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a3dff121a7f5104c4c2d47edaa2351837ef645dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bcccdc947d2ca5972b1e92d0dea10803ddc08ceb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ba307abed5e09759845c735ba036f8c12f55b209"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f30c37cb4549baf8377434892d520fe7769bdba7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0adcf6be1445ed50bfd4a451a7a782568f270197"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/btqca.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "a3dff121a7f5",
"status": "affected",
"version": "c3c1bd421db6",
"versionType": "git"
},
{
"lessThan": "bcccdc947d2c",
"status": "affected",
"version": "ad643241d455",
"versionType": "git"
},
{
"lessThan": "ba307abed5e0",
"status": "affected",
"version": "a381ee26d7c7",
"versionType": "git"
},
{
"lessThan": "f30c37cb4549",
"status": "affected",
"version": "a7f8dedb4be2",
"versionType": "git"
},
{
"lessThan": "0adcf6be1445",
"status": "affected",
"version": "a7f8dedb4be2",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/btqca.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: fix info leak when fetching board id\n\nAdd the missing sanity check when fetching the board id to avoid leaking\nslab data when later requesting the firmware."
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T07:51:28.965Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/a3dff121a7f5104c4c2d47edaa2351837ef645dd"
},
{
"url": "https://git.kernel.org/stable/c/bcccdc947d2ca5972b1e92d0dea10803ddc08ceb"
},
{
"url": "https://git.kernel.org/stable/c/ba307abed5e09759845c735ba036f8c12f55b209"
},
{
"url": "https://git.kernel.org/stable/c/f30c37cb4549baf8377434892d520fe7769bdba7"
},
{
"url": "https://git.kernel.org/stable/c/0adcf6be1445ed50bfd4a451a7a782568f270197"
}
],
"title": "Bluetooth: qca: fix info leak when fetching board id",
"x_generator": {
"engine": "bippy-7d53e8ef8be4"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36033",
"datePublished": "2024-05-30T15:23:48.022Z",
"dateReserved": "2024-05-17T13:50:33.161Z",
"dateUpdated": "2024-08-02T03:30:12.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36899
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
gpiolib: cdev: Fix use after free in lineinfo_changed_notify
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36899",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-10T18:48:31.477532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-10T18:48:41.419Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/95ca7c90eaf5ea8a8460536535101e3e81160e2a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ca710b5f40b8b16fdcad50bebd47f50e4c62d239"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/02f6b0e1ec7e0e7d059dddc893645816552039da"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpiolib-cdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "95ca7c90eaf5",
"status": "affected",
"version": "51c1064e82e7",
"versionType": "git"
},
{
"lessThan": "ca710b5f40b8",
"status": "affected",
"version": "51c1064e82e7",
"versionType": "git"
},
{
"lessThan": "02f6b0e1ec7e",
"status": "affected",
"version": "51c1064e82e7",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpio/gpiolib-cdev.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.7"
},
{
"lessThan": "5.7",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpiolib: cdev: Fix use after free in lineinfo_changed_notify\n\nThe use-after-free issue occurs as follows: when the GPIO chip device file\nis being closed by invoking gpio_chrdev_release(), watched_lines is freed\nby bitmap_free(), but the unregistration of lineinfo_changed_nb notifier\nchain failed due to waiting write rwsem. Additionally, one of the GPIO\nchip\u0027s lines is also in the release process and holds the notifier chain\u0027s\nread rwsem. Consequently, a race condition leads to the use-after-free of\nwatched_lines.\n\nHere is the typical stack when issue happened:\n\n[free]\ngpio_chrdev_release()\n --\u003e bitmap_free(cdev-\u003ewatched_lines) \u003c-- freed\n --\u003e blocking_notifier_chain_unregister()\n --\u003e down_write(\u0026nh-\u003erwsem) \u003c-- waiting rwsem\n --\u003e __down_write_common()\n --\u003e rwsem_down_write_slowpath()\n --\u003e schedule_preempt_disabled()\n --\u003e schedule()\n\n[use]\nst54spi_gpio_dev_release()\n --\u003e gpio_free()\n --\u003e gpiod_free()\n --\u003e gpiod_free_commit()\n --\u003e gpiod_line_state_notify()\n --\u003e blocking_notifier_call_chain()\n --\u003e down_read(\u0026nh-\u003erwsem); \u003c-- held rwsem\n --\u003e notifier_call_chain()\n --\u003e lineinfo_changed_notify()\n --\u003e test_bit(xxxx, cdev-\u003ewatched_lines) \u003c-- use after free\n\nThe side effect of the use-after-free issue is that a GPIO line event is\nbeing generated for userspace where it shouldn\u0027t. However, since the chrdev\nis being closed, userspace won\u0027t have the chance to read that event anyway.\n\nTo fix the issue, call the bitmap_free() function after the unregistration\nof lineinfo_changed_nb notifier chain."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:02.591Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/95ca7c90eaf5ea8a8460536535101e3e81160e2a"
},
{
"url": "https://git.kernel.org/stable/c/ca710b5f40b8b16fdcad50bebd47f50e4c62d239"
},
{
"url": "https://git.kernel.org/stable/c/02f6b0e1ec7e0e7d059dddc893645816552039da"
}
],
"title": "gpiolib: cdev: Fix use after free in lineinfo_changed_notify",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36899",
"datePublished": "2024-05-30T15:29:02.591Z",
"dateReserved": "2024-05-30T15:25:07.066Z",
"dateUpdated": "2024-08-02T03:43:50.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36881
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2024-08-02 03:43
Severity
Summary
mm/userfaultfd: reset ptes when close() for wr-protected ones
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36881",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:32:07.483199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:48.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.857Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/377f3a9a3d032a52325a5b110379a25dd1ab1931"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8d8b68a5b0c9fb23d37df06bb273ead38fd5a29d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c88033efe9a391e72ba6b5df4b01d6e628f4e734"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/userfaultfd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "377f3a9a3d03",
"status": "affected",
"version": "f369b07c8614",
"versionType": "git"
},
{
"lessThan": "8d8b68a5b0c9",
"status": "affected",
"version": "f369b07c8614",
"versionType": "git"
},
{
"lessThan": "c88033efe9a3",
"status": "affected",
"version": "f369b07c8614",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/userfaultfd.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.0"
},
{
"lessThan": "6.0",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/userfaultfd: reset ptes when close() for wr-protected ones\n\nUserfaultfd unregister includes a step to remove wr-protect bits from all\nthe relevant pgtable entries, but that only covered an explicit\nUFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover\nthat too. This fixes a WARN trace.\n\nThe only user visible side effect is the user can observe leftover\nwr-protect bits even if the user close()ed on an userfaultfd when\nreleasing the last reference of it. However hopefully that should be\nharmless, and nothing bad should happen even if so.\n\nThis change is now more important after the recent page-table-check\npatch we merged in mm-unstable (446dd9ad37d0 (\"mm/page_table_check:\nsupport userfault wr-protect entries\")), as we\u0027ll do sanity check on\nuffd-wp bits without vma context. So it\u0027s better if we can 100%\nguarantee no uffd-wp bit leftovers, to make sure each report will be\nvalid."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:28:52.119Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/377f3a9a3d032a52325a5b110379a25dd1ab1931"
},
{
"url": "https://git.kernel.org/stable/c/8d8b68a5b0c9fb23d37df06bb273ead38fd5a29d"
},
{
"url": "https://git.kernel.org/stable/c/c88033efe9a391e72ba6b5df4b01d6e628f4e734"
}
],
"title": "mm/userfaultfd: reset ptes when close() for wr-protected ones",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36881",
"datePublished": "2024-05-30T15:28:52.119Z",
"dateReserved": "2024-05-30T15:25:07.064Z",
"dateUpdated": "2024-08-02T03:43:49.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36915
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-19 04:29
Severity
Summary
nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/29dc0ea979d433dd3c26abc8fa971550bdc05107"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a87441c9651ba37842f4809224aca13a554a26f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/nfc/llcp_sock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "0f1061332030",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "29dc0ea979d4",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "7a87441c9651",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/nfc/llcp_sock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.47",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: llcp: fix nfc_llcp_setsockopt() unsafe copies\n\nsyzbot reported unsafe calls to copy_from_sockptr() [1]\n\nUse copy_safe_from_sockptr() instead.\n\n[1]\n\nBUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline]\n BUG: KASAN: slab-out-of-bounds in nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255\nRead of size 4 at addr ffff88801caa1ec3 by task syz-executor459/5078\n\nCPU: 0 PID: 5078 Comm: syz-executor459 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n copy_from_sockptr_offset include/linux/sockptr.h:49 [inline]\n copy_from_sockptr include/linux/sockptr.h:55 [inline]\n nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255\n do_sock_setsockopt+0x3b1/0x720 net/socket.c:2311\n __sys_setsockopt+0x1ae/0x250 net/socket.c:2334\n __do_sys_setsockopt net/socket.c:2343 [inline]\n __se_sys_setsockopt net/socket.c:2340 [inline]\n __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340\n do_syscall_64+0xfd/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\nRIP: 0033:0x7f7fac07fd89\nCode: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\nRSP: 002b:00007fff660eb788 EFLAGS: 00000246 ORIG_RAX: 0000000000000036\nRAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fac07fd89\nRDX: 0000000000000000 RSI: 0000000000000118 RDI: 0000000000000004\nRBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000\nR10: 0000000020000a80 R11: 0000000000000246 R12: 0000000000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000"
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T04:29:09.734Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f106133203021533cb753e80d75896f4ad222f8"
},
{
"url": "https://git.kernel.org/stable/c/29dc0ea979d433dd3c26abc8fa971550bdc05107"
},
{
"url": "https://git.kernel.org/stable/c/7a87441c9651ba37842f4809224aca13a554a26f"
}
],
"title": "nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies",
"x_generator": {
"engine": "bippy-c9c4e1df01b2"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36915",
"datePublished": "2024-05-30T15:29:12.158Z",
"dateReserved": "2024-05-30T15:25:07.068Z",
"dateUpdated": "2024-08-19T04:29:09.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36943
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T18:15:10.001170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:17:48.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/74b3d66f91d9f539f99faad74d796fa9a389a015"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c70dce4982ce1718bf978a35f8e26160b82081f4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/proc/task_mmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "74b3d66f91d9",
"status": "affected",
"version": "52526ca7fdb9",
"versionType": "git"
},
{
"lessThan": "c70dce4982ce",
"status": "affected",
"version": "52526ca7fdb9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/proc/task_mmu.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.7"
},
{
"lessThan": "6.7",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan\n\nmake_uffd_wp_pte() was previously doing:\n\n pte = ptep_get(ptep);\n ptep_modify_prot_start(ptep);\n pte = pte_mkuffd_wp(pte);\n ptep_modify_prot_commit(ptep, pte);\n\nBut if another thread accessed or dirtied the pte between the first 2\ncalls, this could lead to loss of that information. Since\nptep_modify_prot_start() gets and clears atomically, the following is the\ncorrect pattern and prevents any possible race. Any access after the\nfirst call would see an invalid pte and cause a fault:\n\n pte = ptep_modify_prot_start(ptep);\n pte = pte_mkuffd_wp(pte);\n ptep_modify_prot_commit(ptep, pte);"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:42.119Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/74b3d66f91d9f539f99faad74d796fa9a389a015"
},
{
"url": "https://git.kernel.org/stable/c/c70dce4982ce1718bf978a35f8e26160b82081f4"
}
],
"title": "fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36943",
"datePublished": "2024-05-30T15:35:42.119Z",
"dateReserved": "2024-05-30T15:25:07.073Z",
"dateUpdated": "2024-08-02T03:43:50.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36030
Vulnerability from cvelistv5
Published
2024-05-30 15:19
Modified
2024-08-02 03:30
Severity
Summary
octeontx2-af: fix the double free in rvu_npc_freemem()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36030",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:33:50.345355Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:54.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5aa87a2c0a72132ffc793fb0a5375b2a65d520a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6e965eba43e9724f3e603d7b7cc83e53b23d155e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f5aa87a2c0a7",
"status": "affected",
"version": "dd7842878633",
"versionType": "git"
},
{
"lessThan": "6e965eba43e9",
"status": "affected",
"version": "dd7842878633",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.9",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocteontx2-af: fix the double free in rvu_npc_freemem()\n\nClang static checker(scan-build) warning\uff1a\ndrivers/net/ethernet/marvell/octeontx2/af/rvu_npc.c:line 2184, column 2\nAttempt to free released memory.\n\nnpc_mcam_rsrcs_deinit() has released \u0027mcam-\u003ecounters.bmap\u0027. Deleted this\nredundant kfree() to fix this double free problem."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:19:43.693Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f5aa87a2c0a72132ffc793fb0a5375b2a65d520a"
},
{
"url": "https://git.kernel.org/stable/c/6e965eba43e9724f3e603d7b7cc83e53b23d155e"
}
],
"title": "octeontx2-af: fix the double free in rvu_npc_freemem()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36030",
"datePublished": "2024-05-30T15:19:43.693Z",
"dateReserved": "2024-05-17T13:50:33.160Z",
"dateUpdated": "2024-08-02T03:30:12.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36906
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
ARM: 9381/1: kasan: clear stale stack poison
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/20ac71bee028ffbae4fc14ed679b23b4d3e95726"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad702338fe423cb1e79745787090317256a98dab"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee0ce7573e5083031960faf602c9db693ab5b477"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b26f353786d365e658cebc9a9ace88e04fc2325e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4238686f9093b98bd6245a348bcf059cdce23af"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/arm/kernel/sleep.S"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "20ac71bee028",
"status": "affected",
"version": "5615f69bc209",
"versionType": "git"
},
{
"lessThan": "ad702338fe42",
"status": "affected",
"version": "5615f69bc209",
"versionType": "git"
},
{
"lessThan": "ee0ce7573e50",
"status": "affected",
"version": "5615f69bc209",
"versionType": "git"
},
{
"lessThan": "b26f353786d3",
"status": "affected",
"version": "5615f69bc209",
"versionType": "git"
},
{
"lessThan": "c4238686f909",
"status": "affected",
"version": "5615f69bc209",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/arm/kernel/sleep.S"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.11"
},
{
"lessThan": "5.11",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nARM: 9381/1: kasan: clear stale stack poison\n\nWe found below OOB crash:\n\n[ 33.452494] ==================================================================\n[ 33.453513] BUG: KASAN: stack-out-of-bounds in refresh_cpu_vm_stats.constprop.0+0xcc/0x2ec\n[ 33.454660] Write of size 164 at addr c1d03d30 by task swapper/0/0\n[ 33.455515]\n[ 33.455767] CPU: 0 PID: 0 Comm: swapper/0 Tainted: G O 6.1.25-mainline #1\n[ 33.456880] Hardware name: Generic DT based system\n[ 33.457555] unwind_backtrace from show_stack+0x18/0x1c\n[ 33.458326] show_stack from dump_stack_lvl+0x40/0x4c\n[ 33.459072] dump_stack_lvl from print_report+0x158/0x4a4\n[ 33.459863] print_report from kasan_report+0x9c/0x148\n[ 33.460616] kasan_report from kasan_check_range+0x94/0x1a0\n[ 33.461424] kasan_check_range from memset+0x20/0x3c\n[ 33.462157] memset from refresh_cpu_vm_stats.constprop.0+0xcc/0x2ec\n[ 33.463064] refresh_cpu_vm_stats.constprop.0 from tick_nohz_idle_stop_tick+0x180/0x53c\n[ 33.464181] tick_nohz_idle_stop_tick from do_idle+0x264/0x354\n[ 33.465029] do_idle from cpu_startup_entry+0x20/0x24\n[ 33.465769] cpu_startup_entry from rest_init+0xf0/0xf4\n[ 33.466528] rest_init from arch_post_acpi_subsys_init+0x0/0x18\n[ 33.467397]\n[ 33.467644] The buggy address belongs to stack of task swapper/0/0\n[ 33.468493] and is located at offset 112 in frame:\n[ 33.469172] refresh_cpu_vm_stats.constprop.0+0x0/0x2ec\n[ 33.469917]\n[ 33.470165] This frame has 2 objects:\n[ 33.470696] [32, 76) \u0027global_zone_diff\u0027\n[ 33.470729] [112, 276) \u0027global_node_diff\u0027\n[ 33.471294]\n[ 33.472095] The buggy address belongs to the physical page:\n[ 33.472862] page:3cd72da8 refcount:1 mapcount:0 mapping:00000000 index:0x0 pfn:0x41d03\n[ 33.473944] flags: 0x1000(reserved|zone=0)\n[ 33.474565] raw: 00001000 ed741470 ed741470 00000000 00000000 00000000 ffffffff 00000001\n[ 33.475656] raw: 00000000\n[ 33.476050] page dumped because: kasan: bad access detected\n[ 33.476816]\n[ 33.477061] Memory state around the buggy address:\n[ 33.477732] c1d03c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n[ 33.478630] c1d03c80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 00\n[ 33.479526] \u003ec1d03d00: 00 04 f2 f2 f2 f2 00 00 00 00 00 00 f1 f1 f1 f1\n[ 33.480415] ^\n[ 33.481195] c1d03d80: 00 00 00 00 00 00 00 00 00 00 04 f3 f3 f3 f3 f3\n[ 33.482088] c1d03e00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00\n[ 33.482978] ==================================================================\n\nWe find the root cause of this OOB is that arm does not clear stale stack\npoison in the case of cpuidle.\n\nThis patch refer to arch/arm64/kernel/sleep.S to resolve this issue.\n\nFrom cited commit [1] that explain the problem\n\nFunctions which the compiler has instrumented for KASAN place poison on\nthe stack shadow upon entry and remove this poison prior to returning.\n\nIn the case of cpuidle, CPUs exit the kernel a number of levels deep in\nC code. Any instrumented functions on this critical path will leave\nportions of the stack shadow poisoned.\n\nIf CPUs lose context and return to the kernel via a cold path, we\nrestore a prior context saved in __cpu_suspend_enter are forgotten, and\nwe never remove the poison they placed in the stack shadow area by\nfunctions calls between this and the actual exit of the kernel.\n\nThus, (depending on stackframe layout) subsequent calls to instrumented\nfunctions may hit this stale poison, resulting in (spurious) KASAN\nsplats to the console.\n\nTo avoid this, clear any stale poison from the idle thread for a CPU\nprior to bringing a CPU online.\n\nFrom cited commit [2]\n\nExtend to check for CONFIG_KASAN_STACK\n\n[1] commit 0d97e6d8024c (\"arm64: kasan: clear stale stack poison\")\n[2] commit d56a9ef84bd0 (\"kasan, arm64: unpoison stack only with CONFIG_KASAN_STACK\")"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:06.620Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/20ac71bee028ffbae4fc14ed679b23b4d3e95726"
},
{
"url": "https://git.kernel.org/stable/c/ad702338fe423cb1e79745787090317256a98dab"
},
{
"url": "https://git.kernel.org/stable/c/ee0ce7573e5083031960faf602c9db693ab5b477"
},
{
"url": "https://git.kernel.org/stable/c/b26f353786d365e658cebc9a9ace88e04fc2325e"
},
{
"url": "https://git.kernel.org/stable/c/c4238686f9093b98bd6245a348bcf059cdce23af"
}
],
"title": "ARM: 9381/1: kasan: clear stale stack poison",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36906",
"datePublished": "2024-05-30T15:29:06.620Z",
"dateReserved": "2024-05-30T15:25:07.067Z",
"dateUpdated": "2024-08-02T03:43:49.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36946
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
phonet: fix rtm_phonet_notify() skb allocation
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.072Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/phonet/pn_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ec1f71c05cae",
"status": "affected",
"version": "f062f41d0657",
"versionType": "git"
},
{
"lessThan": "dc6beac059f0",
"status": "affected",
"version": "f062f41d0657",
"versionType": "git"
},
{
"lessThan": "f085e02f0a32",
"status": "affected",
"version": "f062f41d0657",
"versionType": "git"
},
{
"lessThan": "4ff334cade9d",
"status": "affected",
"version": "f062f41d0657",
"versionType": "git"
},
{
"lessThan": "728a83160f98",
"status": "affected",
"version": "f062f41d0657",
"versionType": "git"
},
{
"lessThan": "ee9e39a6cb3c",
"status": "affected",
"version": "f062f41d0657",
"versionType": "git"
},
{
"lessThan": "9a7722644000",
"status": "affected",
"version": "f062f41d0657",
"versionType": "git"
},
{
"lessThan": "d8cac8568618",
"status": "affected",
"version": "f062f41d0657",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/phonet/pn_netlink.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.33"
},
{
"lessThan": "2.6.33",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphonet: fix rtm_phonet_notify() skb allocation\n\nfill_route() stores three components in the skb:\n\n- struct rtmsg\n- RTA_DST (u8)\n- RTA_OIF (u32)\n\nTherefore, rtm_phonet_notify() should use\n\nNLMSG_ALIGN(sizeof(struct rtmsg)) +\nnla_total_size(1) +\nnla_total_size(4)"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:43.884Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a"
},
{
"url": "https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7"
},
{
"url": "https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b"
},
{
"url": "https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4"
},
{
"url": "https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe"
},
{
"url": "https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00"
},
{
"url": "https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f4998137"
},
{
"url": "https://git.kernel.org/stable/c/d8cac8568618dcb8a51af3db1103e8d4cc4aeea7"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "phonet: fix rtm_phonet_notify() skb allocation",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36946",
"datePublished": "2024-05-30T15:35:43.884Z",
"dateReserved": "2024-05-30T15:25:07.079Z",
"dateUpdated": "2024-08-02T03:43:50.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36021
Vulnerability from cvelistv5
Published
2024-05-30 14:59
Modified
2024-08-02 03:30
Severity
Summary
net: hns3: fix kernel crash when devlink reload during pf initialization
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36021",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-13T20:30:24.920798Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-13T20:30:52.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:13.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/50b69054f455dcdb34bd6b22764c7579b270eef3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b550dae55901c2cc9075d6a7155a71b4f516e86"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7ca0f73e5e2da3c129935b97f3a0877cce8ebdf5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93305b77ffcb042f1538ecc383505e87d95aa05a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "50b69054f455",
"status": "affected",
"version": "b741269b2759",
"versionType": "git"
},
{
"lessThan": "1b550dae5590",
"status": "affected",
"version": "b741269b2759",
"versionType": "git"
},
{
"lessThan": "7ca0f73e5e2d",
"status": "affected",
"version": "b741269b2759",
"versionType": "git"
},
{
"lessThan": "93305b77ffcb",
"status": "affected",
"version": "b741269b2759",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.15"
},
{
"lessThan": "5.15",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when devlink reload during pf initialization\n\nThe devlink reload process will access the hardware resources,\nbut the register operation is done before the hardware is initialized.\nSo, processing the devlink reload during initialization may lead to kernel\ncrash. This patch fixes this by taking devl_lock during initialization."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T14:59:45.757Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/50b69054f455dcdb34bd6b22764c7579b270eef3"
},
{
"url": "https://git.kernel.org/stable/c/1b550dae55901c2cc9075d6a7155a71b4f516e86"
},
{
"url": "https://git.kernel.org/stable/c/7ca0f73e5e2da3c129935b97f3a0877cce8ebdf5"
},
{
"url": "https://git.kernel.org/stable/c/93305b77ffcb042f1538ecc383505e87d95aa05a"
}
],
"title": "net: hns3: fix kernel crash when devlink reload during pf initialization",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36021",
"datePublished": "2024-05-30T14:59:45.757Z",
"dateReserved": "2024-05-17T13:50:33.157Z",
"dateUpdated": "2024-08-02T03:30:13.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36918
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
bpf: Check bloom filter map value size
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/bpf/bloom_filter.c",
"tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fa6995eeb62e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "608e13706c8b",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "c418afb9bf23",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "a8d89feba7e5",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/bpf/bloom_filter.c",
"tools/testing/selftests/bpf/prog_tests/bloom_filter_map.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check bloom filter map value size\n\nThis patch adds a missing check to bloom filter creating, rejecting\nvalues above KMALLOC_MAX_SIZE. This brings the bloom map in line with\nmany other map types.\n\nThe lack of this protection can cause kernel crashes for value sizes\nthat overflow int\u0027s. Such a crash was caught by syzkaller. The next\npatch adds more guard-rails at a lower level."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:13.904Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3"
},
{
"url": "https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c"
},
{
"url": "https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d"
},
{
"url": "https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687"
}
],
"title": "bpf: Check bloom filter map value size",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36918",
"datePublished": "2024-05-30T15:29:13.904Z",
"dateReserved": "2024-05-30T15:25:07.068Z",
"dateUpdated": "2024-08-02T03:43:50.111Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36893
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2024-08-02 03:43
Severity
Summary
usb: typec: tcpm: Check for port partner validity before consuming it
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36893",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:53:53.633071Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:05.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d56d2ca03cc22123fd7626967d096d8661324e57"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/789326cafbd1f67f424436b6bc8bdb887a364637"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fc2b655cb6dd2b381f1f284989721002e39b6b77"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ae11f04b452b5205536e1c02d31f8045eba249dd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/typec/tcpm/tcpm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "d56d2ca03cc2",
"status": "affected",
"version": "9b7cd3fe01f0",
"versionType": "git"
},
{
"lessThan": "789326cafbd1",
"status": "affected",
"version": "c97cd0b4b54e",
"versionType": "git"
},
{
"lessThan": "fc2b655cb6dd",
"status": "affected",
"version": "c97cd0b4b54e",
"versionType": "git"
},
{
"lessThan": "ae11f04b452b",
"status": "affected",
"version": "c97cd0b4b54e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/typec/tcpm/tcpm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: tcpm: Check for port partner validity before consuming it\n\ntypec_register_partner() does not guarantee partner registration\nto always succeed. In the event of failure, port-\u003epartner is set\nto the error value or NULL. Given that port-\u003epartner validity is\nnot checked, this results in the following crash:\n\nUnable to handle kernel NULL pointer dereference at virtual address xx\n pc : run_state_machine+0x1bc8/0x1c08\n lr : run_state_machine+0x1b90/0x1c08\n..\n Call trace:\n run_state_machine+0x1bc8/0x1c08\n tcpm_state_machine_work+0x94/0xe4\n kthread_worker_fn+0x118/0x328\n kthread+0x1d0/0x23c\n ret_from_fork+0x10/0x20\n\nTo prevent the crash, check for port-\u003epartner validity before\nderefencing it in all the call sites."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:28:59.113Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/d56d2ca03cc22123fd7626967d096d8661324e57"
},
{
"url": "https://git.kernel.org/stable/c/789326cafbd1f67f424436b6bc8bdb887a364637"
},
{
"url": "https://git.kernel.org/stable/c/fc2b655cb6dd2b381f1f284989721002e39b6b77"
},
{
"url": "https://git.kernel.org/stable/c/ae11f04b452b5205536e1c02d31f8045eba249dd"
}
],
"title": "usb: typec: tcpm: Check for port partner validity before consuming it",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36893",
"datePublished": "2024-05-30T15:28:59.113Z",
"dateReserved": "2024-05-30T15:25:07.065Z",
"dateUpdated": "2024-08-02T03:43:50.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36928
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
s390/qeth: Fix kernel panic after setting hsuid
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36928",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:29:03.569739Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:51.939Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8792b557eb50b986f2496156d486d0c7c85a1524"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10cb803aff3b11fe0bd5f274fc1c231a43e88df6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e28dd1e1bf3ebb52cdb877fb359e8978a51576e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eae0aec245712c52a3ce9c05575b541a9eef5282"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a2e4d37afb8500b276e5ee903dee06f50ab0494"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/net/qeth_core_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8792b557eb50",
"status": "affected",
"version": "64e3affee288",
"versionType": "git"
},
{
"lessThan": "10cb803aff3b",
"status": "affected",
"version": "86818409f989",
"versionType": "git"
},
{
"lessThan": "e28dd1e1bf3e",
"status": "affected",
"version": "1cfef80d4c2b",
"versionType": "git"
},
{
"lessThan": "eae0aec24571",
"status": "affected",
"version": "1cfef80d4c2b",
"versionType": "git"
},
{
"lessThan": "8a2e4d37afb8",
"status": "affected",
"version": "1cfef80d4c2b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/net/qeth_core_main.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/qeth: Fix kernel panic after setting hsuid\n\nSymptom:\nWhen the hsuid attribute is set for the first time on an IQD Layer3\ndevice while the corresponding network interface is already UP,\nthe kernel will try to execute a napi function pointer that is NULL.\n\nExample:\n---------------------------------------------------------------------------\n[ 2057.572696] illegal operation: 0001 ilc:1 [#1] SMP\n[ 2057.572702] Modules linked in: af_iucv qeth_l3 zfcp scsi_transport_fc sunrpc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6\nnft_reject nft_ct nf_tables_set nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink ghash_s390 prng xts aes_s390 des_s390 de\ns_generic sha3_512_s390 sha3_256_s390 sha512_s390 vfio_ccw vfio_mdev mdev vfio_iommu_type1 eadm_sch vfio ext4 mbcache jbd2 qeth_l2 bridge stp llc dasd_eckd_mod qeth dasd_mod\n qdio ccwgroup pkey zcrypt\n[ 2057.572739] CPU: 6 PID: 60182 Comm: stress_client Kdump: loaded Not tainted 4.18.0-541.el8.s390x #1\n[ 2057.572742] Hardware name: IBM 3931 A01 704 (LPAR)\n[ 2057.572744] Krnl PSW : 0704f00180000000 0000000000000002 (0x2)\n[ 2057.572748] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:3 PM:0 RI:0 EA:3\n[ 2057.572751] Krnl GPRS: 0000000000000004 0000000000000000 00000000a3b008d8 0000000000000000\n[ 2057.572754] 00000000a3b008d8 cb923a29c779abc5 0000000000000000 00000000814cfd80\n[ 2057.572756] 000000000000012c 0000000000000000 00000000a3b008d8 00000000a3b008d8\n[ 2057.572758] 00000000bab6d500 00000000814cfd80 0000000091317e46 00000000814cfc68\n[ 2057.572762] Krnl Code:#0000000000000000: 0000 illegal\n \u003e0000000000000002: 0000 illegal\n 0000000000000004: 0000 illegal\n 0000000000000006: 0000 illegal\n 0000000000000008: 0000 illegal\n 000000000000000a: 0000 illegal\n 000000000000000c: 0000 illegal\n 000000000000000e: 0000 illegal\n[ 2057.572800] Call Trace:\n[ 2057.572801] ([\u003c00000000ec639700\u003e] 0xec639700)\n[ 2057.572803] [\u003c00000000913183e2\u003e] net_rx_action+0x2ba/0x398\n[ 2057.572809] [\u003c0000000091515f76\u003e] __do_softirq+0x11e/0x3a0\n[ 2057.572813] [\u003c0000000090ce160c\u003e] do_softirq_own_stack+0x3c/0x58\n[ 2057.572817] ([\u003c0000000090d2cbd6\u003e] do_softirq.part.1+0x56/0x60)\n[ 2057.572822] [\u003c0000000090d2cc60\u003e] __local_bh_enable_ip+0x80/0x98\n[ 2057.572825] [\u003c0000000091314706\u003e] __dev_queue_xmit+0x2be/0xd70\n[ 2057.572827] [\u003c000003ff803dd6d6\u003e] afiucv_hs_send+0x24e/0x300 [af_iucv]\n[ 2057.572830] [\u003c000003ff803dd88a\u003e] iucv_send_ctrl+0x102/0x138 [af_iucv]\n[ 2057.572833] [\u003c000003ff803de72a\u003e] iucv_sock_connect+0x37a/0x468 [af_iucv]\n[ 2057.572835] [\u003c00000000912e7e90\u003e] __sys_connect+0xa0/0xd8\n[ 2057.572839] [\u003c00000000912e9580\u003e] sys_socketcall+0x228/0x348\n[ 2057.572841] [\u003c0000000091514e1a\u003e] system_call+0x2a6/0x2c8\n[ 2057.572843] Last Breaking-Event-Address:\n[ 2057.572844] [\u003c0000000091317e44\u003e] __napi_poll+0x4c/0x1d8\n[ 2057.572846]\n[ 2057.572847] Kernel panic - not syncing: Fatal exception in interrupt\n-------------------------------------------------------------------------------------------\n\nAnalysis:\nThere is one napi structure per out_q: card-\u003eqdio.out_qs[i].napi\nThe napi.poll functions are set during qeth_open().\n\nSince\ncommit 1cfef80d4c2b (\"s390/qeth: Don\u0027t call dev_close/dev_open (DOWN/UP)\")\nqeth_set_offline()/qeth_set_online() no longer call dev_close()/\ndev_open(). So if qeth_free_qdio_queues() cleared\ncard-\u003eqdio.out_qs[i].napi.poll while the network interface was UP and the\ncard was offline, they are not set again.\n\nReproduction:\nchzdev -e $devno layer2=0\nip link set dev $network_interface up\necho 0 \u003e /sys/bus/ccw\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:20.854Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8792b557eb50b986f2496156d486d0c7c85a1524"
},
{
"url": "https://git.kernel.org/stable/c/10cb803aff3b11fe0bd5f274fc1c231a43e88df6"
},
{
"url": "https://git.kernel.org/stable/c/e28dd1e1bf3ebb52cdb877fb359e8978a51576e3"
},
{
"url": "https://git.kernel.org/stable/c/eae0aec245712c52a3ce9c05575b541a9eef5282"
},
{
"url": "https://git.kernel.org/stable/c/8a2e4d37afb8500b276e5ee903dee06f50ab0494"
}
],
"title": "s390/qeth: Fix kernel panic after setting hsuid",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36928",
"datePublished": "2024-05-30T15:29:20.854Z",
"dateReserved": "2024-05-30T15:25:07.069Z",
"dateUpdated": "2024-08-02T03:43:50.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36894
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2024-08-21 16:17
Severity
Summary
usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "73c05ad46bb4",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "d74618308232",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "24729b307eef",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "custom"
},
{
"lessThan": "f71a53148ce3",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "custom"
},
{
"lessThan": "9e72ef59cbe6",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "custom"
},
{
"lessThan": "e500b1c4e29a",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "custom"
},
{
"lessThan": "3613e5023f09",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "custom"
},
{
"lessThan": "a0fdccb1c9e0",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "custom"
},
{
"status": "affected",
"version": "3.15"
},
{
"lessThan": "3.15",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.317",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.279",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.221",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.162",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.95",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36894",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T15:53:00.949597Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T16:17:27.715Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f71a53148ce34898fef099b75386a3a9f4449311"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9e72ef59cbe61cd1243857a6418ca92104275867"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e500b1c4e29ad0bd1c1332a1eaea2913627a92dd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3613e5023f09b3308545e9d1acda86017ebd418a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0fdccb1c9e027e3195f947f61aa87d6d0d2ea14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/73c05ad46bb4fbbdb346004651576d1c8dbcffbb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d7461830823242702f5d84084bcccb25159003f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24729b307eefcd7c476065cd7351c1a018082c19"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/f_fs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f71a53148ce3",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "git"
},
{
"lessThan": "9e72ef59cbe6",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "git"
},
{
"lessThan": "e500b1c4e29a",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "git"
},
{
"lessThan": "3613e5023f09",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "git"
},
{
"lessThan": "a0fdccb1c9e0",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "git"
},
{
"lessThan": "73c05ad46bb4",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "git"
},
{
"lessThan": "d74618308232",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "git"
},
{
"lessThan": "24729b307eef",
"status": "affected",
"version": "2e4c7553cd6f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/usb/gadget/function/f_fs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.15"
},
{
"lessThan": "3.15",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.317",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.279",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete\n\nFFS based applications can utilize the aio_cancel() callback to dequeue\npending USB requests submitted to the UDC. There is a scenario where the\nFFS application issues an AIO cancel call, while the UDC is handling a\nsoft disconnect. For a DWC3 based implementation, the callstack looks\nlike the following:\n\n DWC3 Gadget FFS Application\ndwc3_gadget_soft_disconnect() ...\n --\u003e dwc3_stop_active_transfers()\n --\u003e dwc3_gadget_giveback(-ESHUTDOWN)\n --\u003e ffs_epfile_async_io_complete() ffs_aio_cancel()\n --\u003e usb_ep_free_request() --\u003e usb_ep_dequeue()\n\nThere is currently no locking implemented between the AIO completion\nhandler and AIO cancel, so the issue occurs if the completion routine is\nrunning in parallel to an AIO cancel call coming from the FFS application.\nAs the completion call frees the USB request (io_data-\u003ereq) the FFS\napplication is also referencing it for the usb_ep_dequeue() call. This can\nlead to accessing a stale/hanging pointer.\n\ncommit b566d38857fc (\"usb: gadget: f_fs: use io_data-\u003estatus consistently\")\nrelocated the usb_ep_free_request() into ffs_epfile_async_io_complete().\nHowever, in order to properly implement locking to mitigate this issue, the\nspinlock can\u0027t be added to ffs_epfile_async_io_complete(), as\nusb_ep_dequeue() (if successfully dequeuing a USB request) will call the\nfunction driver\u0027s completion handler in the same context. Hence, leading\ninto a deadlock.\n\nFix this issue by moving the usb_ep_free_request() back to\nffs_user_copy_worker(), and ensuring that it explicitly sets io_data-\u003ereq\nto NULL after freeing it within the ffs-\u003eeps_lock. This resolves the race\ncondition above, as the ffs_aio_cancel() routine will not continue\nattempting to dequeue a request that has already been freed, or the\nffs_user_copy_work() not freeing the USB request until the AIO cancel is\ndone referencing it.\n\nThis fix depends on\n commit b566d38857fc (\"usb: gadget: f_fs: use io_data-\u003estatus\n consistently\")"
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T07:51:30.133Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f71a53148ce34898fef099b75386a3a9f4449311"
},
{
"url": "https://git.kernel.org/stable/c/9e72ef59cbe61cd1243857a6418ca92104275867"
},
{
"url": "https://git.kernel.org/stable/c/e500b1c4e29ad0bd1c1332a1eaea2913627a92dd"
},
{
"url": "https://git.kernel.org/stable/c/3613e5023f09b3308545e9d1acda86017ebd418a"
},
{
"url": "https://git.kernel.org/stable/c/a0fdccb1c9e027e3195f947f61aa87d6d0d2ea14"
},
{
"url": "https://git.kernel.org/stable/c/73c05ad46bb4fbbdb346004651576d1c8dbcffbb"
},
{
"url": "https://git.kernel.org/stable/c/d7461830823242702f5d84084bcccb25159003f4"
},
{
"url": "https://git.kernel.org/stable/c/24729b307eefcd7c476065cd7351c1a018082c19"
}
],
"title": "usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete",
"x_generator": {
"engine": "bippy-7d53e8ef8be4"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36894",
"datePublished": "2024-05-30T15:28:59.689Z",
"dateReserved": "2024-05-30T15:25:07.066Z",
"dateUpdated": "2024-08-21T16:17:27.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36923
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
fs/9p: fix uninitialized values during inode evict
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:33:14.154322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T18:33:22.128Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/9p/vfs_inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1b4cb6e91f19",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "6630036b7c22",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/9p/vfs_inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: fix uninitialized values during inode evict\n\nIf an iget fails due to not being able to retrieve information\nfrom the server then the inode structure is only partially\ninitialized. When the inode gets evicted, references to\nuninitialized structures (like fscache cookies) were being\nmade.\n\nThis patch checks for a bad_inode before doing anything other\nthan clearing the inode from the cache. Since the inode is\nbad, it shouldn\u0027t have any state associated with it that needs\nto be written back (and there really isn\u0027t a way to complete\nthose anyways)."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:17.528Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd"
},
{
"url": "https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d"
}
],
"title": "fs/9p: fix uninitialized values during inode evict",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36923",
"datePublished": "2024-05-30T15:29:17.528Z",
"dateReserved": "2024-05-30T15:25:07.069Z",
"dateUpdated": "2024-08-02T03:43:50.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36020
Vulnerability from cvelistv5
Published
2024-05-30 14:59
Modified
2024-08-02 03:30
Severity
Summary
i40e: fix vf may be used uninitialized in this function warning
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36020",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T16:54:29.774868Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:10.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cc9cd02dd9e8",
"status": "affected",
"version": "76ed715836c6",
"versionType": "git"
},
{
"lessThan": "9dcf0fcb80f6",
"status": "affected",
"version": "e88c2a1e28c5",
"versionType": "git"
},
{
"lessThan": "b8e82128b44f",
"status": "affected",
"version": "9abae363af5c",
"versionType": "git"
},
{
"lessThan": "951d2748a2a8",
"status": "affected",
"version": "c39de3ae5075",
"versionType": "git"
},
{
"lessThan": "3e89846283f3",
"status": "affected",
"version": "52424f974bc5",
"versionType": "git"
},
{
"lessThan": "0dcf573f9977",
"status": "affected",
"version": "52424f974bc5",
"versionType": "git"
},
{
"lessThan": "06df7618f591",
"status": "affected",
"version": "52424f974bc5",
"versionType": "git"
},
{
"lessThan": "f37c4eac99c2",
"status": "affected",
"version": "52424f974bc5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.85",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix vf may be used uninitialized in this function warning\n\nTo fix the regression introduced by commit 52424f974bc5, which causes\nservers hang in very hard to reproduce conditions with resets races.\nUsing two sources for the information is the root cause.\nIn this function before the fix bumping v didn\u0027t mean bumping vf\npointer. But the code used this variables interchangeably, so stale vf\ncould point to different/not intended vf.\n\nRemove redundant \"v\" variable and iterate via single VF pointer across\nwhole function instead to guarantee VF pointer validity."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T14:59:44.447Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"
},
{
"url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"
},
{
"url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"
},
{
"url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"
},
{
"url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"
},
{
"url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"
},
{
"url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"
},
{
"url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "i40e: fix vf may be used uninitialized in this function warning",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36020",
"datePublished": "2024-05-30T14:59:44.447Z",
"dateReserved": "2024-05-17T13:50:33.157Z",
"dateUpdated": "2024-08-02T03:30:12.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36913
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "6123a4e8e25b",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "e813a0fc2e59",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "03f5a999adba",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:31:38.077186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1258",
"description": "CWE-1258 Exposure of Sensitive System Information Due to Uncleared Debug Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T14:41:56.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6123a4e8e25bd40cf44db14694abac00e6b664e6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e813a0fc2e597146e9cebea61ced9c796d4e308f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/03f5a999adba062456c8c818a683beb1b498983a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hv/connection.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6123a4e8e25b",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "e813a0fc2e59",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "03f5a999adba",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hv/connection.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Leak pages if set_memory_encrypted() fails\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nVMBus code could free decrypted pages if set_memory_encrypted()/decrypted()\nfails. Leak the pages if this happens."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:11.016Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6123a4e8e25bd40cf44db14694abac00e6b664e6"
},
{
"url": "https://git.kernel.org/stable/c/e813a0fc2e597146e9cebea61ced9c796d4e308f"
},
{
"url": "https://git.kernel.org/stable/c/03f5a999adba062456c8c818a683beb1b498983a"
}
],
"title": "Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36913",
"datePublished": "2024-05-30T15:29:11.016Z",
"dateReserved": "2024-05-30T15:25:07.067Z",
"dateUpdated": "2024-08-02T03:43:50.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36942
Vulnerability from cvelistv5
Published
2024-05-30 15:35
Modified
2024-08-02 03:43
Severity
Summary
Bluetooth: qca: fix firmware check error path
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:37:08.424952Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:07.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/btqca.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "580bcd6bf24f",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "064688d70c33",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "7bcba557d5c3",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "d1f768214320",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "40d442f969fb",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/bluetooth/btqca.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: fix firmware check error path\n\nA recent commit fixed the code that parses the firmware files before\ndownloading them to the controller but introduced a memory leak in case\nthe sanity checks ever fail.\n\nMake sure to free the firmware buffer before returning on errors."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:35:41.532Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9"
},
{
"url": "https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a"
},
{
"url": "https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f"
},
{
"url": "https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3"
},
{
"url": "https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558"
}
],
"title": "Bluetooth: qca: fix firmware check error path",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36942",
"datePublished": "2024-05-30T15:35:41.532Z",
"dateReserved": "2024-05-30T15:25:07.072Z",
"dateUpdated": "2024-08-02T03:43:50.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36931
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
s390/cio: Ensure the copied buf is NUL terminated
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36931",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T18:21:22.761012Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T18:21:39.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.798Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c9d48ce163305595ae20aee27774192476d5e6a5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/10452edd175fcc4fd0f5ac782ed2a002e3e5d65c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/84b38f48836662c4bfae646c014f4e981e16a2b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06759ebaf75c19c87b2453a5e130e9e61e9b5d65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/da7c622cddd4fe36be69ca61e8c42e43cde94784"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/s390/cio/cio_inject.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c9d48ce16330",
"status": "affected",
"version": "a4f17cc72671",
"versionType": "git"
},
{
"lessThan": "10452edd175f",
"status": "affected",
"version": "a4f17cc72671",
"versionType": "git"
},
{
"lessThan": "84b38f488366",
"status": "affected",
"version": "a4f17cc72671",
"versionType": "git"
},
{
"lessThan": "06759ebaf75c",
"status": "affected",
"version": "a4f17cc72671",
"versionType": "git"
},
{
"lessThan": "da7c622cddd4",
"status": "affected",
"version": "a4f17cc72671",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/s390/cio/cio_inject.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/cio: Ensure the copied buf is NUL terminated\n\nCurrently, we allocate a lbuf-sized kernel buffer and copy lbuf from\nuserspace to that buffer. Later, we use scanf on this buffer but we don\u0027t\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using scanf. Fix this issue by using memdup_user_nul instead."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:22.601Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c9d48ce163305595ae20aee27774192476d5e6a5"
},
{
"url": "https://git.kernel.org/stable/c/10452edd175fcc4fd0f5ac782ed2a002e3e5d65c"
},
{
"url": "https://git.kernel.org/stable/c/84b38f48836662c4bfae646c014f4e981e16a2b2"
},
{
"url": "https://git.kernel.org/stable/c/06759ebaf75c19c87b2453a5e130e9e61e9b5d65"
},
{
"url": "https://git.kernel.org/stable/c/da7c622cddd4fe36be69ca61e8c42e43cde94784"
}
],
"title": "s390/cio: Ensure the copied buf is NUL terminated",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36931",
"datePublished": "2024-05-30T15:29:22.601Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2024-08-02T03:43:49.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36917
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
block: fix overflow in blk_ioctl_discard()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:26:26.159225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T14:26:29.069Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a26198186e97ee5fc4b42fde82629cff8c75cd6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e1d38cde2b7b0fbd1c48082e7a98c37d750af59b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/507d526a98c355e6f3fb2c47aacad44a69784bee"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"block/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "8a26198186e9",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "e1d38cde2b7b",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "507d526a98c3",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "22d24a544b0d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"block/ioctl.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix overflow in blk_ioctl_discard()\n\nThere is no check for overflow of \u0027start + len\u0027 in blk_ioctl_discard().\nHung task occurs if submit an discard ioctl with the following param:\n start = 0x80000000000ff000, len = 0x8000000000fff000;\nAdd the overflow validation now."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:13.327Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/8a26198186e97ee5fc4b42fde82629cff8c75cd6"
},
{
"url": "https://git.kernel.org/stable/c/e1d38cde2b7b0fbd1c48082e7a98c37d750af59b"
},
{
"url": "https://git.kernel.org/stable/c/507d526a98c355e6f3fb2c47aacad44a69784bee"
},
{
"url": "https://git.kernel.org/stable/c/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155"
}
],
"title": "block: fix overflow in blk_ioctl_discard()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36917",
"datePublished": "2024-05-30T15:29:13.327Z",
"dateReserved": "2024-05-30T15:25:07.068Z",
"dateUpdated": "2024-08-02T03:43:49.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36884
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2024-08-02 03:43
Severity
Summary
iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36884",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T17:32:53.413212Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T17:33:10.028Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e83de8f05b998e227b48cdeea54cba4c9d66d3aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/65ade5653f5ab5a21635e51d0c65e95f490f5b6f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/iommu/arm/arm-smmu/arm-smmu-nvidia.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e83de8f05b99",
"status": "affected",
"version": "e0976331ad11",
"versionType": "git"
},
{
"lessThan": "65ade5653f5a",
"status": "affected",
"version": "e0976331ad11",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/iommu/arm/arm-smmu/arm-smmu-nvidia.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault()\n\nThis was missed because of the function pointer indirection.\n\nnvidia_smmu_context_fault() is also installed as a irq function, and the\n\u0027void *\u0027 was changed to a struct arm_smmu_domain. Since the iommu_domain\nis embedded at a non-zero offset this causes nvidia_smmu_context_fault()\nto miscompute the offset. Fixup the types.\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000120\n Mem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=0000000107c9f000\n [0000000000000120] pgd=0000000000000000, p4d=0000000000000000\n Internal error: Oops: 0000000096000004 [#1] SMP\n Modules linked in:\n CPU: 1 PID: 47 Comm: kworker/u25:0 Not tainted 6.9.0-0.rc7.58.eln136.aarch64 #1\n Hardware name: Unknown NVIDIA Jetson Orin NX/NVIDIA Jetson Orin NX, BIOS 3.1-32827747 03/19/2023\n Workqueue: events_unbound deferred_probe_work_func\n pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : nvidia_smmu_context_fault+0x1c/0x158\n lr : __free_irq+0x1d4/0x2e8\n sp : ffff80008044b6f0\n x29: ffff80008044b6f0 x28: ffff000080a60b18 x27: ffffd32b5172e970\n x26: 0000000000000000 x25: ffff0000802f5aac x24: ffff0000802f5a30\n x23: ffff0000802f5b60 x22: 0000000000000057 x21: 0000000000000000\n x20: ffff0000802f5a00 x19: ffff000087d4cd80 x18: ffffffffffffffff\n x17: 6234362066666666 x16: 6630303078302d30 x15: ffff00008156d888\n x14: 0000000000000000 x13: ffff0000801db910 x12: ffff00008156d6d0\n x11: 0000000000000003 x10: ffff0000801db918 x9 : ffffd32b50f94d9c\n x8 : 1fffe0001032fda1 x7 : ffff00008197ed00 x6 : 000000000000000f\n x5 : 000000000000010e x4 : 000000000000010e x3 : 0000000000000000\n x2 : ffffd32b51720cd8 x1 : ffff000087e6f700 x0 : 0000000000000057\n Call trace:\n nvidia_smmu_context_fault+0x1c/0x158\n __free_irq+0x1d4/0x2e8\n free_irq+0x3c/0x80\n devm_free_irq+0x64/0xa8\n arm_smmu_domain_free+0xc4/0x158\n iommu_domain_free+0x44/0xa0\n iommu_deinit_device+0xd0/0xf8\n __iommu_group_remove_device+0xcc/0xe0\n iommu_bus_notifier+0x64/0xa8\n notifier_call_chain+0x78/0x148\n blocking_notifier_call_chain+0x4c/0x90\n bus_notify+0x44/0x70\n device_del+0x264/0x3e8\n pci_remove_bus_device+0x84/0x120\n pci_remove_root_bus+0x5c/0xc0\n dw_pcie_host_deinit+0x38/0xe0\n tegra_pcie_config_rp+0xc0/0x1f0\n tegra_pcie_dw_probe+0x34c/0x700\n platform_probe+0x70/0xe8\n really_probe+0xc8/0x3a0\n __driver_probe_device+0x84/0x160\n driver_probe_device+0x44/0x130\n __device_attach_driver+0xc4/0x170\n bus_for_each_drv+0x90/0x100\n __device_attach+0xa8/0x1c8\n device_initial_probe+0x1c/0x30\n bus_probe_device+0xb0/0xc0\n deferred_probe_work_func+0xbc/0x120\n process_one_work+0x194/0x490\n worker_thread+0x284/0x3b0\n kthread+0xf4/0x108\n ret_from_fork+0x10/0x20\n Code: a9b97bfd 910003fd a9025bf5 f85a0035 (b94122a1)"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:28:53.894Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e83de8f05b998e227b48cdeea54cba4c9d66d3aa"
},
{
"url": "https://git.kernel.org/stable/c/65ade5653f5ab5a21635e51d0c65e95f490f5b6f"
}
],
"title": "iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36884",
"datePublished": "2024-05-30T15:28:53.894Z",
"dateReserved": "2024-05-30T15:25:07.065Z",
"dateUpdated": "2024-08-02T03:43:49.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36912
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T14:45:02.277532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1258",
"description": "CWE-1258 Exposure of Sensitive System Information Due to Uncleared Debug Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T14:45:05.691Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.056Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1999644d95194d4a58d3e80ad04ce19220a01a81"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e62341f5c45b27519b7d193bcc32ada416ad9d8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bfae56be077ba14311509e70706a13458f87ea99"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/211f514ebf1ef5de37b1cf6df9d28a56cfd242ca"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hv/channel.c",
"include/linux/hyperv.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1999644d9519",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "8e62341f5c45",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "bfae56be077b",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "211f514ebf1e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hv/channel.c",
"include/linux/hyperv.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Track decrypted status in vmbus_gpadl\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nIn order to make sure callers of vmbus_establish_gpadl() and\nvmbus_teardown_gpadl() don\u0027t return decrypted/shared pages to\nallocators, add a field in struct vmbus_gpadl to keep track of the\ndecryption status of the buffers. This will allow the callers to\nknow if they should free or leak the pages."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:10.454Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1999644d95194d4a58d3e80ad04ce19220a01a81"
},
{
"url": "https://git.kernel.org/stable/c/8e62341f5c45b27519b7d193bcc32ada416ad9d8"
},
{
"url": "https://git.kernel.org/stable/c/bfae56be077ba14311509e70706a13458f87ea99"
},
{
"url": "https://git.kernel.org/stable/c/211f514ebf1ef5de37b1cf6df9d28a56cfd242ca"
}
],
"title": "Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36912",
"datePublished": "2024-05-30T15:29:10.454Z",
"dateReserved": "2024-05-30T15:25:07.067Z",
"dateUpdated": "2024-08-02T03:43:50.056Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36902
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36902",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:53:30.406857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:02.730Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a5a573387da6a6b23a4cc62147453ff1bc32afa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ddec23f206a944c73bcc2724358b85388837daff"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/674c951ab8a23f7aff9b4c3f2f865901bc76a290"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/35297fc68de36826087e976f86a5b1f94fd0bf95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7e3242c139c38e60844638e394c2877b16b396b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8745a8d74ba17dafe72b6ab461fa6c007d879747"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1876881c9a49613b5249fb400cbf53412d90cb09"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d101291b2681e5ab938554e3e323f7a7ee33e3aa"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/fib6_rules.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4a5a573387da",
"status": "affected",
"version": "5e5f3f0f8013",
"versionType": "git"
},
{
"lessThan": "ddec23f206a9",
"status": "affected",
"version": "5e5f3f0f8013",
"versionType": "git"
},
{
"lessThan": "674c951ab8a2",
"status": "affected",
"version": "5e5f3f0f8013",
"versionType": "git"
},
{
"lessThan": "35297fc68de3",
"status": "affected",
"version": "5e5f3f0f8013",
"versionType": "git"
},
{
"lessThan": "7e3242c139c3",
"status": "affected",
"version": "5e5f3f0f8013",
"versionType": "git"
},
{
"lessThan": "8745a8d74ba1",
"status": "affected",
"version": "5e5f3f0f8013",
"versionType": "git"
},
{
"lessThan": "1876881c9a49",
"status": "affected",
"version": "5e5f3f0f8013",
"versionType": "git"
},
{
"lessThan": "d101291b2681",
"status": "affected",
"version": "5e5f3f0f8013",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/fib6_rules.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.26"
},
{
"lessThan": "2.6.26",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()\n\nsyzbot is able to trigger the following crash [1],\ncaused by unsafe ip6_dst_idev() use.\n\nIndeed ip6_dst_idev() can return NULL, and must always be checked.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 0 PID: 31648 Comm: syz-executor.0 Not tainted 6.9.0-rc4-next-20240417-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:__fib6_rule_action net/ipv6/fib6_rules.c:237 [inline]\n RIP: 0010:fib6_rule_action+0x241/0x7b0 net/ipv6/fib6_rules.c:267\nCode: 02 00 00 49 8d 9f d8 00 00 00 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 f9 32 bf f7 48 8b 1b 48 89 d8 48 c1 e8 03 \u003c42\u003e 80 3c 20 00 74 08 48 89 df e8 e0 32 bf f7 4c 8b 03 48 89 ef 4c\nRSP: 0018:ffffc9000fc1f2f0 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: 0000000000000000 RCX: 1a772f98c8186700\nRDX: 0000000000000003 RSI: ffffffff8bcac4e0 RDI: ffffffff8c1f9760\nRBP: ffff8880673fb980 R08: ffffffff8fac15ef R09: 1ffffffff1f582bd\nR10: dffffc0000000000 R11: fffffbfff1f582be R12: dffffc0000000000\nR13: 0000000000000080 R14: ffff888076509000 R15: ffff88807a029a00\nFS: 00007f55e82ca6c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b31d23000 CR3: 0000000022b66000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n fib_rules_lookup+0x62c/0xdb0 net/core/fib_rules.c:317\n fib6_rule_lookup+0x1fd/0x790 net/ipv6/fib6_rules.c:108\n ip6_route_output_flags_noref net/ipv6/route.c:2637 [inline]\n ip6_route_output_flags+0x38e/0x610 net/ipv6/route.c:2649\n ip6_route_output include/net/ip6_route.h:93 [inline]\n ip6_dst_lookup_tail+0x189/0x11a0 net/ipv6/ip6_output.c:1120\n ip6_dst_lookup_flow+0xb9/0x180 net/ipv6/ip6_output.c:1250\n sctp_v6_get_dst+0x792/0x1e20 net/sctp/ipv6.c:326\n sctp_transport_route+0x12c/0x2e0 net/sctp/transport.c:455\n sctp_assoc_add_peer+0x614/0x15c0 net/sctp/associola.c:662\n sctp_connect_new_asoc+0x31d/0x6c0 net/sctp/socket.c:1099\n __sctp_connect+0x66d/0xe30 net/sctp/socket.c:1197\n sctp_connect net/sctp/socket.c:4819 [inline]\n sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834\n __sys_connect_file net/socket.c:2048 [inline]\n __sys_connect+0x2df/0x310 net/socket.c:2065\n __do_sys_connect net/socket.c:2075 [inline]\n __se_sys_connect net/socket.c:2072 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2072\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:04.298Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4a5a573387da6a6b23a4cc62147453ff1bc32afa"
},
{
"url": "https://git.kernel.org/stable/c/ddec23f206a944c73bcc2724358b85388837daff"
},
{
"url": "https://git.kernel.org/stable/c/674c951ab8a23f7aff9b4c3f2f865901bc76a290"
},
{
"url": "https://git.kernel.org/stable/c/35297fc68de36826087e976f86a5b1f94fd0bf95"
},
{
"url": "https://git.kernel.org/stable/c/7e3242c139c38e60844638e394c2877b16b396b0"
},
{
"url": "https://git.kernel.org/stable/c/8745a8d74ba17dafe72b6ab461fa6c007d879747"
},
{
"url": "https://git.kernel.org/stable/c/1876881c9a49613b5249fb400cbf53412d90cb09"
},
{
"url": "https://git.kernel.org/stable/c/d101291b2681e5ab938554e3e323f7a7ee33e3aa"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36902",
"datePublished": "2024-05-30T15:29:04.298Z",
"dateReserved": "2024-05-30T15:25:07.066Z",
"dateUpdated": "2024-08-02T03:43:49.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36936
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
efi/unaccepted: touch soft lockup during memory accept
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-12T19:14:06.800588Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-12T19:14:21.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/781e34b736014188ba9e46a71535237313dcda81"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1c5a1627f48105cbab81d25ec2f72232bfaa8185"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/unaccepted_memory.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "781e34b73601",
"status": "affected",
"version": "50e782a86c98",
"versionType": "git"
},
{
"lessThan": "1c5a1627f481",
"status": "affected",
"version": "50e782a86c98",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/firmware/efi/unaccepted_memory.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi/unaccepted: touch soft lockup during memory accept\n\nCommit 50e782a86c98 (\"efi/unaccepted: Fix soft lockups caused by\nparallel memory acceptance\") has released the spinlock so other CPUs can\ndo memory acceptance in parallel and not triggers softlockup on other\nCPUs.\n\nHowever the softlock up was intermittent shown up if the memory of the\nTD guest is large, and the timeout of softlockup is set to 1 second:\n\n RIP: 0010:_raw_spin_unlock_irqrestore\n Call Trace:\n ? __hrtimer_run_queues\n \u003cIRQ\u003e\n ? hrtimer_interrupt\n ? watchdog_timer_fn\n ? __sysvec_apic_timer_interrupt\n ? __pfx_watchdog_timer_fn\n ? sysvec_apic_timer_interrupt\n \u003c/IRQ\u003e\n ? __hrtimer_run_queues\n \u003cTASK\u003e\n ? hrtimer_interrupt\n ? asm_sysvec_apic_timer_interrupt\n ? _raw_spin_unlock_irqrestore\n ? __sysvec_apic_timer_interrupt\n ? sysvec_apic_timer_interrupt\n accept_memory\n try_to_accept_memory\n do_huge_pmd_anonymous_page\n get_page_from_freelist\n __handle_mm_fault\n __alloc_pages\n __folio_alloc\n ? __tdx_hypercall\n handle_mm_fault\n vma_alloc_folio\n do_user_addr_fault\n do_huge_pmd_anonymous_page\n exc_page_fault\n ? __do_huge_pmd_anonymous_page\n asm_exc_page_fault\n __handle_mm_fault\n\nWhen the local irq is enabled at the end of accept_memory(), the\nsoftlockup detects that the watchdog on single CPU has not been fed for\na while. That is to say, even other CPUs will not be blocked by\nspinlock, the current CPU might be stunk with local irq disabled for a\nwhile, which hurts not only nmi watchdog but also softlockup.\n\nChao Gao pointed out that the memory accept could be time costly and\nthere was similar report before. Thus to avoid any softlocup detection\nduring this stage, give the softlockup a flag to skip the timeout check\nat the end of accept_memory(), by invoking touch_softlockup_watchdog()."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:25.767Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/781e34b736014188ba9e46a71535237313dcda81"
},
{
"url": "https://git.kernel.org/stable/c/1c5a1627f48105cbab81d25ec2f72232bfaa8185"
}
],
"title": "efi/unaccepted: touch soft lockup during memory accept",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36936",
"datePublished": "2024-05-30T15:29:25.767Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2024-08-02T03:43:50.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36887
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2024-08-02 03:43
Severity
Summary
e1000e: change usleep_range to udelay in PHY mdic access
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T17:21:16.500731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:39.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f8a139656c95db893a543159873c57a470d7376d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/950d5226cd6bb83ba720961a8d4d5cf79e6afd57"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/387f295cb2150ed164905b648d76dfcbd3621778"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/e1000e/phy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f8a139656c95",
"status": "affected",
"version": "1d16cd91cd31",
"versionType": "git"
},
{
"lessThan": "950d5226cd6b",
"status": "affected",
"version": "0a4e3c2d976a",
"versionType": "git"
},
{
"lessThan": "387f295cb215",
"status": "affected",
"version": "6dbdd4de0362",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/intel/e1000e/phy.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6.6.31",
"status": "affected",
"version": "6.6.26",
"versionType": "custom"
},
{
"lessThan": "6.8.10",
"status": "affected",
"version": "6.8.5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ne1000e: change usleep_range to udelay in PHY mdic access\n\nThis is a partial revert of commit 6dbdd4de0362 (\"e1000e: Workaround\nfor sporadic MDI error on Meteor Lake systems\"). The referenced commit\nused usleep_range inside the PHY access routines, which are sometimes\ncalled from an atomic context. This can lead to a kernel panic in some\nscenarios, such as cable disconnection and reconnection on vPro systems.\n\nSolve this by changing the usleep_range calls back to udelay."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:28:55.630Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f8a139656c95db893a543159873c57a470d7376d"
},
{
"url": "https://git.kernel.org/stable/c/950d5226cd6bb83ba720961a8d4d5cf79e6afd57"
},
{
"url": "https://git.kernel.org/stable/c/387f295cb2150ed164905b648d76dfcbd3621778"
}
],
"title": "e1000e: change usleep_range to udelay in PHY mdic access",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36887",
"datePublished": "2024-05-30T15:28:55.630Z",
"dateReserved": "2024-05-30T15:25:07.065Z",
"dateUpdated": "2024-08-02T03:43:50.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36919
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-09-05 08:03
Severity
Summary
scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36919",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-07T14:28:01.393911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-07T14:28:19.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-05T08:03:33.761Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/468f3e3c15076338367b0945b041105b67cf31e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/acd370c1fb86b7302c1cbb354a7c1cd9953768eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad498539dda0816aadef384ec117bfea304c75c3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93aa5ccc44781bdfef1bf0bc4c2c292d45251312"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1150606d47d711d5bfdf329a1a96ed7027085936"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c885ab23206b1f1ba0731ffe7c9455c6a91db256"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea50941cd8c9f0b12f38b73d3b1bfeca660dd342"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c214ed2a4dda35b308b0b28eed804d7ae66401f9"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240905-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/scsi/bnx2fc/bnx2fc_tgt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "468f3e3c1507",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "acd370c1fb86",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "ad498539dda0",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "93aa5ccc4478",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "1150606d47d7",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "c885ab23206b",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "ea50941cd8c9",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "c214ed2a4dda",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/scsi/bnx2fc/bnx2fc_tgt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload\n\nThe session resources are used by FW and driver when session is offloaded,\nonce session is uploaded these resources are not used. The lock is not\nrequired as these fields won\u0027t be used any longer. The offload and upload\ncalls are sequential, hence lock is not required.\n\nThis will suppress following BUG_ON():\n\n[ 449.843143] ------------[ cut here ]------------\n[ 449.848302] kernel BUG at mm/vmalloc.c:2727!\n[ 449.853072] invalid opcode: 0000 [#1] PREEMPT SMP PTI\n[ 449.858712] CPU: 5 PID: 1996 Comm: kworker/u24:2 Not tainted 5.14.0-118.el9.x86_64 #1\nRebooting.\n[ 449.867454] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.3.4 11/08/2016\n[ 449.876966] Workqueue: fc_rport_eq fc_rport_work [libfc]\n[ 449.882910] RIP: 0010:vunmap+0x2e/0x30\n[ 449.887098] Code: 00 65 8b 05 14 a2 f0 4a a9 00 ff ff 00 75 1b 55 48 89 fd e8 34 36 79 00 48 85 ed 74 0b 48 89 ef 31 f6 5d e9 14 fc ff ff 5d c3 \u003c0f\u003e 0b 0f 1f 44 00 00 41 57 41 56 49 89 ce 41 55 49 89 fd 41 54 41\n[ 449.908054] RSP: 0018:ffffb83d878b3d68 EFLAGS: 00010206\n[ 449.913887] RAX: 0000000080000201 RBX: ffff8f4355133550 RCX: 000000000d400005\n[ 449.921843] RDX: 0000000000000001 RSI: 0000000000001000 RDI: ffffb83da53f5000\n[ 449.929808] RBP: ffff8f4ac6675800 R08: ffffb83d878b3d30 R09: 00000000000efbdf\n[ 449.937774] R10: 0000000000000003 R11: ffff8f434573e000 R12: 0000000000001000\n[ 449.945736] R13: 0000000000001000 R14: ffffb83da53f5000 R15: ffff8f43d4ea3ae0\n[ 449.953701] FS: 0000000000000000(0000) GS:ffff8f529fc80000(0000) knlGS:0000000000000000\n[ 449.962732] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 449.969138] CR2: 00007f8cf993e150 CR3: 0000000efbe10003 CR4: 00000000003706e0\n[ 449.977102] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 449.985065] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 449.993028] Call Trace:\n[ 449.995756] __iommu_dma_free+0x96/0x100\n[ 450.000139] bnx2fc_free_session_resc+0x67/0x240 [bnx2fc]\n[ 450.006171] bnx2fc_upload_session+0xce/0x100 [bnx2fc]\n[ 450.011910] bnx2fc_rport_event_handler+0x9f/0x240 [bnx2fc]\n[ 450.018136] fc_rport_work+0x103/0x5b0 [libfc]\n[ 450.023103] process_one_work+0x1e8/0x3c0\n[ 450.027581] worker_thread+0x50/0x3b0\n[ 450.031669] ? rescuer_thread+0x370/0x370\n[ 450.036143] kthread+0x149/0x170\n[ 450.039744] ? set_kthread_struct+0x40/0x40\n[ 450.044411] ret_from_fork+0x22/0x30\n[ 450.048404] Modules linked in: vfat msdos fat xfs nfs_layout_nfsv41_files rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver dm_service_time qedf qed crc8 bnx2fc libfcoe libfc scsi_transport_fc intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp dcdbas rapl intel_cstate intel_uncore mei_me pcspkr mei ipmi_ssif lpc_ich ipmi_si fuse zram ext4 mbcache jbd2 loop nfsv3 nfs_acl nfs lockd grace fscache netfs irdma ice sd_mod t10_pi sg ib_uverbs ib_core 8021q garp mrp stp llc mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt mxm_wmi fb_sys_fops cec crct10dif_pclmul ahci crc32_pclmul bnx2x drm ghash_clmulni_intel libahci rfkill i40e libata megaraid_sas mdio wmi sunrpc lrw dm_crypt dm_round_robin dm_multipath dm_snapshot dm_bufio dm_mirror dm_region_hash dm_log dm_zero dm_mod linear raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid6_pq libcrc32c crc32c_intel raid1 raid0 iscsi_ibft squashfs be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls\n[ 450.048497] libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi edd ipmi_devintf ipmi_msghandler\n[ 450.159753] ---[ end trace 712de2c57c64abc8 ]---"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:14.486Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/468f3e3c15076338367b0945b041105b67cf31e3"
},
{
"url": "https://git.kernel.org/stable/c/acd370c1fb86b7302c1cbb354a7c1cd9953768eb"
},
{
"url": "https://git.kernel.org/stable/c/ad498539dda0816aadef384ec117bfea304c75c3"
},
{
"url": "https://git.kernel.org/stable/c/93aa5ccc44781bdfef1bf0bc4c2c292d45251312"
},
{
"url": "https://git.kernel.org/stable/c/1150606d47d711d5bfdf329a1a96ed7027085936"
},
{
"url": "https://git.kernel.org/stable/c/c885ab23206b1f1ba0731ffe7c9455c6a91db256"
},
{
"url": "https://git.kernel.org/stable/c/ea50941cd8c9f0b12f38b73d3b1bfeca660dd342"
},
{
"url": "https://git.kernel.org/stable/c/c214ed2a4dda35b308b0b28eed804d7ae66401f9"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36919",
"datePublished": "2024-05-30T15:29:14.486Z",
"dateReserved": "2024-05-30T15:25:07.068Z",
"dateUpdated": "2024-09-05T08:03:33.761Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36890
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2024-08-02 03:43
Severity
Summary
mm/slab: make __free(kfree) accept error pointers
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:34:10.099765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T18:34:28.352Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.148Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9f6eb0ab4f95240589ee85fd9886a944cd3645b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ac6cf3ce9b7d12acb7b528248df5f87caa25fcdc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/79cbe0be6c0317b215ddd8bd3e32f0afdac48543"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd7eb8f83fcf258f71e293f7fc52a70be8ed0128"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/slab.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9f6eb0ab4f95",
"status": "affected",
"version": "3c6cc62ce126",
"versionType": "git"
},
{
"lessThan": "ac6cf3ce9b7d",
"status": "affected",
"version": "54da6a092431",
"versionType": "git"
},
{
"lessThan": "79cbe0be6c03",
"status": "affected",
"version": "54da6a092431",
"versionType": "git"
},
{
"lessThan": "cd7eb8f83fcf",
"status": "affected",
"version": "54da6a092431",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/slab.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/slab: make __free(kfree) accept error pointers\n\nCurrently, if an automatically freed allocation is an error pointer that\nwill lead to a crash. An example of this is in wm831x_gpio_dbg_show().\n\n 171\tchar *label __free(kfree) = gpiochip_dup_line_label(chip, i);\n 172\tif (IS_ERR(label)) {\n 173\t\tdev_err(wm831x-\u003edev, \"Failed to duplicate label\\n\");\n 174\t\tcontinue;\n 175 }\n\nThe auto clean up function should check for error pointers as well,\notherwise we\u0027re going to keep hitting issues like this."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:28:57.373Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9f6eb0ab4f95240589ee85fd9886a944cd3645b2"
},
{
"url": "https://git.kernel.org/stable/c/ac6cf3ce9b7d12acb7b528248df5f87caa25fcdc"
},
{
"url": "https://git.kernel.org/stable/c/79cbe0be6c0317b215ddd8bd3e32f0afdac48543"
},
{
"url": "https://git.kernel.org/stable/c/cd7eb8f83fcf258f71e293f7fc52a70be8ed0128"
}
],
"title": "mm/slab: make __free(kfree) accept error pointers",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36890",
"datePublished": "2024-05-30T15:28:57.373Z",
"dateReserved": "2024-05-30T15:25:07.065Z",
"dateUpdated": "2024-08-02T03:43:49.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36934
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
bna: ensure the copied buf is NUL terminated
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/brocade/bna/bnad_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bd502ba81cd1",
"status": "affected",
"version": "7afc5dbde091",
"versionType": "git"
},
{
"lessThan": "80578ec10335",
"status": "affected",
"version": "7afc5dbde091",
"versionType": "git"
},
{
"lessThan": "6f0f19b79c08",
"status": "affected",
"version": "7afc5dbde091",
"versionType": "git"
},
{
"lessThan": "0f560240b4cc",
"status": "affected",
"version": "7afc5dbde091",
"versionType": "git"
},
{
"lessThan": "06cb37e2ba64",
"status": "affected",
"version": "7afc5dbde091",
"versionType": "git"
},
{
"lessThan": "e19478763154",
"status": "affected",
"version": "7afc5dbde091",
"versionType": "git"
},
{
"lessThan": "1518b2b498a0",
"status": "affected",
"version": "7afc5dbde091",
"versionType": "git"
},
{
"lessThan": "8c34096c7fdf",
"status": "affected",
"version": "7afc5dbde091",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/ethernet/brocade/bna/bnad_debugfs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.3"
},
{
"lessThan": "3.3",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbna: ensure the copied buf is NUL terminated\n\nCurrently, we allocate a nbytes-sized kernel buffer and copy nbytes from\nuserspace to that buffer. Later, we use sscanf on this buffer but we don\u0027t\nensure that the string is terminated inside the buffer, this can lead to\nOOB read when using sscanf. Fix this issue by using memdup_user_nul\ninstead of memdup_user."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:24.357Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bd502ba81cd1d515deddad7dbc6b812b14b97147"
},
{
"url": "https://git.kernel.org/stable/c/80578ec10335bc15ac35fd1703c22aab34e39fdd"
},
{
"url": "https://git.kernel.org/stable/c/6f0f19b79c085cc891c418b768f26f7004bd51a4"
},
{
"url": "https://git.kernel.org/stable/c/0f560240b4cc25d3de527deb257cdf072c0102a9"
},
{
"url": "https://git.kernel.org/stable/c/06cb37e2ba6441888f24566a997481d4197b4e32"
},
{
"url": "https://git.kernel.org/stable/c/e19478763154674c084defc62ae0d64d79657f91"
},
{
"url": "https://git.kernel.org/stable/c/1518b2b498a0109eb6b15755169d3b6607356b35"
},
{
"url": "https://git.kernel.org/stable/c/8c34096c7fdf272fd4c0c37fe411cd2e3ed0ee9f"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "bna: ensure the copied buf is NUL terminated",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36934",
"datePublished": "2024-05-30T15:29:24.357Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2024-08-02T03:43:50.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36019
Vulnerability from cvelistv5
Published
2024-05-30 14:59
Modified
2024-08-02 03:30
Severity
Summary
regmap: maple: Fix cache corruption in regcache_maple_drop()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T16:11:04.952877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:34.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3af6c5ac72dc5b721058132a0a1d7779e443175e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/51c4440b9d3fd7c8234e6de9170a487c03506e53"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/00bb549d7d63a21532e76e4a334d7807a54d9f31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/base/regmap/regcache-maple.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3af6c5ac72dc",
"status": "affected",
"version": "f033c26de5a5",
"versionType": "git"
},
{
"lessThan": "51c4440b9d3f",
"status": "affected",
"version": "f033c26de5a5",
"versionType": "git"
},
{
"lessThan": "00bb549d7d63",
"status": "affected",
"version": "f033c26de5a5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/base/regmap/regcache-maple.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.26",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.5",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: maple: Fix cache corruption in regcache_maple_drop()\n\nWhen keeping the upper end of a cache block entry, the entry[] array\nmust be indexed by the offset from the base register of the block,\ni.e. max - mas.index.\n\nThe code was indexing entry[] by only the register address, leading\nto an out-of-bounds access that copied some part of the kernel\nmemory over the cache contents.\n\nThis bug was not detected by the regmap KUnit test because it only\ntests with a block of registers starting at 0, so mas.index == 0."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T14:59:42.840Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3af6c5ac72dc5b721058132a0a1d7779e443175e"
},
{
"url": "https://git.kernel.org/stable/c/51c4440b9d3fd7c8234e6de9170a487c03506e53"
},
{
"url": "https://git.kernel.org/stable/c/00bb549d7d63a21532e76e4a334d7807a54d9f31"
}
],
"title": "regmap: maple: Fix cache corruption in regcache_maple_drop()",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36019",
"datePublished": "2024-05-30T14:59:42.840Z",
"dateReserved": "2024-05-17T13:50:33.157Z",
"dateUpdated": "2024-08-02T03:30:12.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36925
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f2a6b3ed20f2dea4cb645abc6a73c4595662adca"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f62e0fefcdfe2c05ccb1aa80521a69524eea9c84"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/75961ffb5cb3e5196f19cae7683f35cc88b50800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/dma/swiotlb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f2a6b3ed20f2",
"status": "affected",
"version": "1aaa736815eb",
"versionType": "git"
},
{
"lessThan": "f62e0fefcdfe",
"status": "affected",
"version": "1aaa736815eb",
"versionType": "git"
},
{
"lessThan": "75961ffb5cb3",
"status": "affected",
"version": "1aaa736815eb",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/dma/swiotlb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nswiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y\n\nUsing restricted DMA pools (CONFIG_DMA_RESTRICTED_POOL=y) in conjunction\nwith dynamic SWIOTLB (CONFIG_SWIOTLB_DYNAMIC=y) leads to the following\ncrash when initialising the restricted pools at boot-time:\n\n | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008\n | Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP\n | pc : rmem_swiotlb_device_init+0xfc/0x1ec\n | lr : rmem_swiotlb_device_init+0xf0/0x1ec\n | Call trace:\n | rmem_swiotlb_device_init+0xfc/0x1ec\n | of_reserved_mem_device_init_by_idx+0x18c/0x238\n | of_dma_configure_id+0x31c/0x33c\n | platform_dma_configure+0x34/0x80\n\nfaddr2line reveals that the crash is in the list validation code:\n\n include/linux/list.h:83\n include/linux/rculist.h:79\n include/linux/rculist.h:106\n kernel/dma/swiotlb.c:306\n kernel/dma/swiotlb.c:1695\n\nbecause add_mem_pool() is trying to list_add_rcu() to a NULL\n\u0027mem-\u003epools\u0027.\n\nFix the crash by initialising the \u0027mem-\u003epools\u0027 list_head in\nrmem_swiotlb_device_init() before calling add_mem_pool()."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:19.111Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f2a6b3ed20f2dea4cb645abc6a73c4595662adca"
},
{
"url": "https://git.kernel.org/stable/c/f62e0fefcdfe2c05ccb1aa80521a69524eea9c84"
},
{
"url": "https://git.kernel.org/stable/c/75961ffb5cb3e5196f19cae7683f35cc88b50800"
}
],
"title": "swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36925",
"datePublished": "2024-05-30T15:29:19.111Z",
"dateReserved": "2024-05-30T15:25:07.069Z",
"dateUpdated": "2024-08-02T03:43:49.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36886
Vulnerability from cvelistv5
Published
2024-05-30 15:28
Modified
2024-08-02 03:43
Severity
Summary
tipc: fix UAF in error path
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:4.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "e19ec8ab0e25",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
},
{
"lessThan": "93bc2d6d16f2",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
},
{
"lessThan": "367766ff9e40",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
},
{
"lessThan": "66116556076f",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
},
{
"lessThan": "21ea04aad8a0",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
},
{
"lessThan": "ffd4917c1edb",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
},
{
"lessThan": "a0fbb26f8247",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
},
{
"lessThan": "080cbb890286",
"status": "affected",
"version": "1149557d64c9",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-22T03:55:33.064938Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T12:40:50.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/tipc/msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e19ec8ab0e25",
"status": "affected",
"version": "1149557d64c9",
"versionType": "git"
},
{
"lessThan": "93bc2d6d16f2",
"status": "affected",
"version": "1149557d64c9",
"versionType": "git"
},
{
"lessThan": "367766ff9e40",
"status": "affected",
"version": "1149557d64c9",
"versionType": "git"
},
{
"lessThan": "66116556076f",
"status": "affected",
"version": "1149557d64c9",
"versionType": "git"
},
{
"lessThan": "21ea04aad8a0",
"status": "affected",
"version": "1149557d64c9",
"versionType": "git"
},
{
"lessThan": "ffd4917c1edb",
"status": "affected",
"version": "1149557d64c9",
"versionType": "git"
},
{
"lessThan": "a0fbb26f8247",
"status": "affected",
"version": "1149557d64c9",
"versionType": "git"
},
{
"lessThan": "080cbb890286",
"status": "affected",
"version": "1149557d64c9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/tipc/msg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.1"
},
{
"lessThan": "4.1",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix UAF in error path\n\nSam Page (sam4k) working with Trend Micro Zero Day Initiative reported\na UAF in the tipc_buf_append() error path:\n\nBUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0\nlinux/net/core/skbuff.c:1183\nRead of size 8 at addr ffff88804d2a7c80 by task poc/8034\n\nCPU: 1 PID: 8034 Comm: poc Not tainted 6.8.2 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.16.0-debian-1.16.0-5 04/01/2014\nCall Trace:\n \u003cIRQ\u003e\n __dump_stack linux/lib/dump_stack.c:88\n dump_stack_lvl+0xd9/0x1b0 linux/lib/dump_stack.c:106\n print_address_description linux/mm/kasan/report.c:377\n print_report+0xc4/0x620 linux/mm/kasan/report.c:488\n kasan_report+0xda/0x110 linux/mm/kasan/report.c:601\n kfree_skb_list_reason+0x47e/0x4c0 linux/net/core/skbuff.c:1183\n skb_release_data+0x5af/0x880 linux/net/core/skbuff.c:1026\n skb_release_all linux/net/core/skbuff.c:1094\n __kfree_skb linux/net/core/skbuff.c:1108\n kfree_skb_reason+0x12d/0x210 linux/net/core/skbuff.c:1144\n kfree_skb linux/./include/linux/skbuff.h:1244\n tipc_buf_append+0x425/0xb50 linux/net/tipc/msg.c:186\n tipc_link_input+0x224/0x7c0 linux/net/tipc/link.c:1324\n tipc_link_rcv+0x76e/0x2d70 linux/net/tipc/link.c:1824\n tipc_rcv+0x45f/0x10f0 linux/net/tipc/node.c:2159\n tipc_udp_recv+0x73b/0x8f0 linux/net/tipc/udp_media.c:390\n udp_queue_rcv_one_skb+0xad2/0x1850 linux/net/ipv4/udp.c:2108\n udp_queue_rcv_skb+0x131/0xb00 linux/net/ipv4/udp.c:2186\n udp_unicast_rcv_skb+0x165/0x3b0 linux/net/ipv4/udp.c:2346\n __udp4_lib_rcv+0x2594/0x3400 linux/net/ipv4/udp.c:2422\n ip_protocol_deliver_rcu+0x30c/0x4e0 linux/net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x2e4/0x520 linux/net/ipv4/ip_input.c:233\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_local_deliver+0x18e/0x1f0 linux/net/ipv4/ip_input.c:254\n dst_input linux/./include/net/dst.h:461\n ip_rcv_finish linux/net/ipv4/ip_input.c:449\n NF_HOOK linux/./include/linux/netfilter.h:314\n NF_HOOK linux/./include/linux/netfilter.h:308\n ip_rcv+0x2c5/0x5d0 linux/net/ipv4/ip_input.c:569\n __netif_receive_skb_one_core+0x199/0x1e0 linux/net/core/dev.c:5534\n __netif_receive_skb+0x1f/0x1c0 linux/net/core/dev.c:5648\n process_backlog+0x101/0x6b0 linux/net/core/dev.c:5976\n __napi_poll.constprop.0+0xba/0x550 linux/net/core/dev.c:6576\n napi_poll linux/net/core/dev.c:6645\n net_rx_action+0x95a/0xe90 linux/net/core/dev.c:6781\n __do_softirq+0x21f/0x8e7 linux/kernel/softirq.c:553\n do_softirq linux/kernel/softirq.c:454\n do_softirq+0xb2/0xf0 linux/kernel/softirq.c:441\n \u003c/IRQ\u003e\n \u003cTASK\u003e\n __local_bh_enable_ip+0x100/0x120 linux/kernel/softirq.c:381\n local_bh_enable linux/./include/linux/bottom_half.h:33\n rcu_read_unlock_bh linux/./include/linux/rcupdate.h:851\n __dev_queue_xmit+0x871/0x3ee0 linux/net/core/dev.c:4378\n dev_queue_xmit linux/./include/linux/netdevice.h:3169\n neigh_hh_output linux/./include/net/neighbour.h:526\n neigh_output linux/./include/net/neighbour.h:540\n ip_finish_output2+0x169f/0x2550 linux/net/ipv4/ip_output.c:235\n __ip_finish_output linux/net/ipv4/ip_output.c:313\n __ip_finish_output+0x49e/0x950 linux/net/ipv4/ip_output.c:295\n ip_finish_output+0x31/0x310 linux/net/ipv4/ip_output.c:323\n NF_HOOK_COND linux/./include/linux/netfilter.h:303\n ip_output+0x13b/0x2a0 linux/net/ipv4/ip_output.c:433\n dst_output linux/./include/net/dst.h:451\n ip_local_out linux/net/ipv4/ip_output.c:129\n ip_send_skb+0x3e5/0x560 linux/net/ipv4/ip_output.c:1492\n udp_send_skb+0x73f/0x1530 linux/net/ipv4/udp.c:963\n udp_sendmsg+0x1a36/0x2b40 linux/net/ipv4/udp.c:1250\n inet_sendmsg+0x105/0x140 linux/net/ipv4/af_inet.c:850\n sock_sendmsg_nosec linux/net/socket.c:730\n __sock_sendmsg linux/net/socket.c:745\n __sys_sendto+0x42c/0x4e0 linux/net/socket.c:2191\n __do_sys_sendto linux/net/socket.c:2203\n __se_sys_sendto linux/net/socket.c:2199\n __x64_sys_sendto+0xe0/0x1c0 linux/net/socket.c:2199\n do_syscall_x64 linux/arch/x86/entry/common.c:52\n do_syscall_\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:28:55.059Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e19ec8ab0e25bc4803d7cc91c84e84532e2781bd"
},
{
"url": "https://git.kernel.org/stable/c/93bc2d6d16f2c3178736ba6b845b30475856dc40"
},
{
"url": "https://git.kernel.org/stable/c/367766ff9e407f8a68409b7ce4dc4d5a72afeab1"
},
{
"url": "https://git.kernel.org/stable/c/66116556076f0b96bc1aa9844008c743c8c67684"
},
{
"url": "https://git.kernel.org/stable/c/21ea04aad8a0839b4ec27ef1691ca480620e8e14"
},
{
"url": "https://git.kernel.org/stable/c/ffd4917c1edb3c3ff334fce3704fbe9c39f35682"
},
{
"url": "https://git.kernel.org/stable/c/a0fbb26f8247e326a320e2cb4395bfb234332c90"
},
{
"url": "https://git.kernel.org/stable/c/080cbb890286cd794f1ee788bbc5463e2deb7c2b"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "tipc: fix UAF in error path",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36886",
"datePublished": "2024-05-30T15:28:55.059Z",
"dateReserved": "2024-05-30T15:25:07.065Z",
"dateUpdated": "2024-08-02T03:43:50.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36939
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
nfs: Handle error of rpc_proc_register() in nfs_net_init().
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T18:55:43.324430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:06.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b33ca18c3a1190208dfd569c4fa8a2f93084709f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d4891d817350c67392d4731536945f3809a2a0ba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8ae63bd858691bee0e2a92571f2fbb36a4d86d65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a1f89c98dcc542dd6d287e573523714702e0f9c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9909dde2e53a19585212c32fe3eda482b5faaaa3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/24457f1be29f1e7042e50a7749f5c2dde8c433c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/nfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b33ca18c3a11",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "d4891d817350",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "ea6ce93327bd",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "8ae63bd85869",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "8a1f89c98dcc",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "9909dde2e53a",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "24457f1be29f",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/nfs/inode.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.12"
},
{
"lessThan": "2.6.12",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: Handle error of rpc_proc_register() in nfs_net_init().\n\nsyzkaller reported a warning [0] triggered while destroying immature\nnetns.\n\nrpc_proc_register() was called in init_nfs_fs(), but its error\nhas been ignored since at least the initial commit 1da177e4c3f4\n(\"Linux-2.6.12-rc2\").\n\nRecently, commit d47151b79e32 (\"nfs: expose /proc/net/sunrpc/nfs\nin net namespaces\") converted the procfs to per-netns and made\nthe problem more visible.\n\nEven when rpc_proc_register() fails, nfs_net_init() could succeed,\nand thus nfs_net_exit() will be called while destroying the netns.\n\nThen, remove_proc_entry() will be called for non-existing proc\ndirectory and trigger the warning below.\n\nLet\u0027s handle the error of rpc_proc_register() properly in nfs_net_init().\n\n[0]:\nname \u0027nfs\u0027\nWARNING: CPU: 1 PID: 1710 at fs/proc/generic.c:711 remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nModules linked in:\nCPU: 1 PID: 1710 Comm: syz-executor.2 Not tainted 6.8.0-12822-gcd51db110a7e #12\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nRIP: 0010:remove_proc_entry+0x1bb/0x2d0 fs/proc/generic.c:711\nCode: 41 5d 41 5e c3 e8 85 09 b5 ff 48 c7 c7 88 58 64 86 e8 09 0e 71 02 e8 74 09 b5 ff 4c 89 e6 48 c7 c7 de 1b 80 84 e8 c5 ad 97 ff \u003c0f\u003e 0b eb b1 e8 5c 09 b5 ff 48 c7 c7 88 58 64 86 e8 e0 0d 71 02 eb\nRSP: 0018:ffffc9000c6d7ce0 EFLAGS: 00010286\nRAX: 0000000000000000 RBX: ffff8880422b8b00 RCX: ffffffff8110503c\nRDX: ffff888030652f00 RSI: ffffffff81105045 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: ffffffff81bb62cb R12: ffffffff84807ffc\nR13: ffff88804ad6fcc0 R14: ffffffff84807ffc R15: ffffffff85741ff8\nFS: 00007f30cfba8640(0000) GS:ffff88807dd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007ff51afe8000 CR3: 000000005a60a005 CR4: 0000000000770ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n rpc_proc_unregister+0x64/0x70 net/sunrpc/stats.c:310\n nfs_net_exit+0x1c/0x30 fs/nfs/inode.c:2438\n ops_exit_list+0x62/0xb0 net/core/net_namespace.c:170\n setup_net+0x46c/0x660 net/core/net_namespace.c:372\n copy_net_ns+0x244/0x590 net/core/net_namespace.c:505\n create_new_namespaces+0x2ed/0x770 kernel/nsproxy.c:110\n unshare_nsproxy_namespaces+0xae/0x160 kernel/nsproxy.c:228\n ksys_unshare+0x342/0x760 kernel/fork.c:3322\n __do_sys_unshare kernel/fork.c:3393 [inline]\n __se_sys_unshare kernel/fork.c:3391 [inline]\n __x64_sys_unshare+0x1f/0x30 kernel/fork.c:3391\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x4f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x7f30d0febe5d\nCode: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48\nRSP: 002b:00007f30cfba7cc8 EFLAGS: 00000246 ORIG_RAX: 0000000000000110\nRAX: ffffffffffffffda RBX: 00000000004bbf80 RCX: 00007f30d0febe5d\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c020600\nRBP: 00000000004bbf80 R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002\nR13: 000000000000000b R14: 00007f30d104c530 R15: 0000000000000000\n \u003c/TASK\u003e"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:27.517Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b33ca18c3a1190208dfd569c4fa8a2f93084709f"
},
{
"url": "https://git.kernel.org/stable/c/d4891d817350c67392d4731536945f3809a2a0ba"
},
{
"url": "https://git.kernel.org/stable/c/ea6ce93327bd2c8a0c6cf6f2f0e800f3b778f021"
},
{
"url": "https://git.kernel.org/stable/c/8ae63bd858691bee0e2a92571f2fbb36a4d86d65"
},
{
"url": "https://git.kernel.org/stable/c/8a1f89c98dcc542dd6d287e573523714702e0f9c"
},
{
"url": "https://git.kernel.org/stable/c/9909dde2e53a19585212c32fe3eda482b5faaaa3"
},
{
"url": "https://git.kernel.org/stable/c/24457f1be29f1e7042e50a7749f5c2dde8c433c8"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "nfs: Handle error of rpc_proc_register() in nfs_net_init().",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36939",
"datePublished": "2024-05-30T15:29:27.517Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2024-08-02T03:43:50.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36941
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
wifi: nl80211: don't free NULL coalescing rule
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T18:57:12.725668Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:36.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/327382dc0f16b268950b96e0052595efd80f7b0a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/97792d0611ae2e6fe3ccefb0a94a1d802317c457"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a730a161ac2290d46d49be76b2b1aee8d2eb307"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ad12c74e953b68ad85c78adc6408ed8435c64af4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b0db4caa10f2e4e811cf88744fbf0d074b67ec1f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/244822c09b4f9aedfb5977f03c0deeb39da8ec7d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f92772a642485394db5c9a17bd0ee73fc6902383"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/801ea33ae82d6a9d954074fbcf8ea9d18f1543a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "327382dc0f16",
"status": "affected",
"version": "be29b99a9b51",
"versionType": "git"
},
{
"lessThan": "97792d0611ae",
"status": "affected",
"version": "be29b99a9b51",
"versionType": "git"
},
{
"lessThan": "5a730a161ac2",
"status": "affected",
"version": "be29b99a9b51",
"versionType": "git"
},
{
"lessThan": "ad12c74e953b",
"status": "affected",
"version": "be29b99a9b51",
"versionType": "git"
},
{
"lessThan": "b0db4caa10f2",
"status": "affected",
"version": "be29b99a9b51",
"versionType": "git"
},
{
"lessThan": "244822c09b4f",
"status": "affected",
"version": "be29b99a9b51",
"versionType": "git"
},
{
"lessThan": "f92772a64248",
"status": "affected",
"version": "be29b99a9b51",
"versionType": "git"
},
{
"lessThan": "801ea33ae82d",
"status": "affected",
"version": "be29b99a9b51",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/wireless/nl80211.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.12"
},
{
"lessThan": "3.12",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.314",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.276",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.217",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: don\u0027t free NULL coalescing rule\n\nIf the parsing fails, we can dereference a NULL pointer here."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:28.687Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/327382dc0f16b268950b96e0052595efd80f7b0a"
},
{
"url": "https://git.kernel.org/stable/c/97792d0611ae2e6fe3ccefb0a94a1d802317c457"
},
{
"url": "https://git.kernel.org/stable/c/5a730a161ac2290d46d49be76b2b1aee8d2eb307"
},
{
"url": "https://git.kernel.org/stable/c/ad12c74e953b68ad85c78adc6408ed8435c64af4"
},
{
"url": "https://git.kernel.org/stable/c/b0db4caa10f2e4e811cf88744fbf0d074b67ec1f"
},
{
"url": "https://git.kernel.org/stable/c/244822c09b4f9aedfb5977f03c0deeb39da8ec7d"
},
{
"url": "https://git.kernel.org/stable/c/f92772a642485394db5c9a17bd0ee73fc6902383"
},
{
"url": "https://git.kernel.org/stable/c/801ea33ae82d6a9d954074fbcf8ea9d18f1543a7"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
}
],
"title": "wifi: nl80211: don\u0027t free NULL coalescing rule",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36941",
"datePublished": "2024-05-30T15:29:28.687Z",
"dateReserved": "2024-05-30T15:25:07.072Z",
"dateUpdated": "2024-08-02T03:43:50.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36901
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
ipv6: prevent NULL dereference in ip6_output()
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:31:29.092728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:38.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:49.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9df3b2474a627994433a87cbf325a562555b17de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2272e2db38f2e85929278146d7c770f22f528579"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea0cb87402f774b0e1214ffba0f57028b27cf155"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e31b25cc2066d3f2b6c38579253882008d4469b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55f7eb4001ef2a3b48cf039cf263f9ed0ec5a488"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4db783d68b9b39a411a96096c10828ff5dfada7a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9df3b2474a62",
"status": "affected",
"version": "778d80be5269",
"versionType": "git"
},
{
"lessThan": "2272e2db38f2",
"status": "affected",
"version": "778d80be5269",
"versionType": "git"
},
{
"lessThan": "ea0cb87402f7",
"status": "affected",
"version": "778d80be5269",
"versionType": "git"
},
{
"lessThan": "e31b25cc2066",
"status": "affected",
"version": "778d80be5269",
"versionType": "git"
},
{
"lessThan": "55f7eb4001ef",
"status": "affected",
"version": "778d80be5269",
"versionType": "git"
},
{
"lessThan": "4db783d68b9b",
"status": "affected",
"version": "778d80be5269",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/ipv6/ip6_output.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.27"
},
{
"lessThan": "2.6.27",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.222",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.163",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent NULL dereference in ip6_output()\n\nAccording to syzbot, there is a chance that ip6_dst_idev()\nreturns NULL in ip6_output(). Most places in IPv6 stack\ndeal with a NULL idev just fine, but not here.\n\nsyzbot reported:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7]\nCPU: 0 PID: 9775 Comm: syz-executor.4 Not tainted 6.9.0-rc5-syzkaller-00157-g6a30653b604a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:ip6_output+0x231/0x3f0 net/ipv6/ip6_output.c:237\nCode: 3c 1e 00 49 89 df 74 08 4c 89 ef e8 19 58 db f7 48 8b 44 24 20 49 89 45 00 49 89 c5 48 8d 9d e0 05 00 00 48 89 d8 48 c1 e8 03 \u003c42\u003e 0f b6 04 38 84 c0 4c 8b 74 24 28 0f 85 61 01 00 00 8b 1b 31 ff\nRSP: 0018:ffffc9000927f0d8 EFLAGS: 00010202\nRAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000040000\nRDX: ffffc900131f9000 RSI: 0000000000004f47 RDI: 0000000000004f48\nRBP: 0000000000000000 R08: ffffffff8a1f0b9a R09: 1ffffffff1f51fad\nR10: dffffc0000000000 R11: fffffbfff1f51fae R12: ffff8880293ec8c0\nR13: ffff88805d7fc000 R14: 1ffff1100527d91a R15: dffffc0000000000\nFS: 00007f135c6856c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000080 CR3: 0000000064096000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n NF_HOOK include/linux/netfilter.h:314 [inline]\n ip6_xmit+0xefe/0x17f0 net/ipv6/ip6_output.c:358\n sctp_v6_xmit+0x9f2/0x13f0 net/sctp/ipv6.c:248\n sctp_packet_transmit+0x26ad/0x2ca0 net/sctp/output.c:653\n sctp_packet_singleton+0x22c/0x320 net/sctp/outqueue.c:783\n sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline]\n sctp_outq_flush+0x6d5/0x3e20 net/sctp/outqueue.c:1212\n sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]\n sctp_do_sm+0x59cc/0x60c0 net/sctp/sm_sideeffect.c:1169\n sctp_primitive_ASSOCIATE+0x95/0xc0 net/sctp/primitive.c:73\n __sctp_connect+0x9cd/0xe30 net/sctp/socket.c:1234\n sctp_connect net/sctp/socket.c:4819 [inline]\n sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834\n __sys_connect_file net/socket.c:2048 [inline]\n __sys_connect+0x2df/0x310 net/socket.c:2065\n __do_sys_connect net/socket.c:2075 [inline]\n __se_sys_connect net/socket.c:2072 [inline]\n __x64_sys_connect+0x7a/0x90 net/socket.c:2072\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T11:41:36.378Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9df3b2474a627994433a87cbf325a562555b17de"
},
{
"url": "https://git.kernel.org/stable/c/2272e2db38f2e85929278146d7c770f22f528579"
},
{
"url": "https://git.kernel.org/stable/c/ea0cb87402f774b0e1214ffba0f57028b27cf155"
},
{
"url": "https://git.kernel.org/stable/c/e31b25cc2066d3f2b6c38579253882008d4469b0"
},
{
"url": "https://git.kernel.org/stable/c/55f7eb4001ef2a3b48cf039cf263f9ed0ec5a488"
},
{
"url": "https://git.kernel.org/stable/c/4db783d68b9b39a411a96096c10828ff5dfada7a"
}
],
"title": "ipv6: prevent NULL dereference in ip6_output()",
"x_generator": {
"engine": "bippy-c9c4e1df01b2"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36901",
"datePublished": "2024-05-30T15:29:03.727Z",
"dateReserved": "2024-05-30T15:25:07.066Z",
"dateUpdated": "2024-08-02T03:43:49.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36026
Vulnerability from cvelistv5
Published
2024-05-30 15:07
Modified
2024-08-02 03:30
Severity
Summary
drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:13.047Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bd9b94055c3deb2398ee4490c1dfdf03f53efb8f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1e3b8874d55c0c28378beb9007494a7a9269a5f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7521329e54931ede9e042bbf5f4f812b5bc4a01d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31729e8c21ecfd671458e02b6511eb68c2225113"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "bd9b94055c3d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "1e3b8874d55c",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "7521329e5493",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "31729e8c21ec",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.87",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.28",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.7",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11\n\nWhile doing multiple S4 stress tests, GC/RLC/PMFW get into\nan invalid state resulting into hard hangs.\n\nAdding a GFX reset as workaround just before sending the\nMP1_UNLOAD message avoids this failure."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:07:31.295Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/bd9b94055c3deb2398ee4490c1dfdf03f53efb8f"
},
{
"url": "https://git.kernel.org/stable/c/1e3b8874d55c0c28378beb9007494a7a9269a5f5"
},
{
"url": "https://git.kernel.org/stable/c/7521329e54931ede9e042bbf5f4f812b5bc4a01d"
},
{
"url": "https://git.kernel.org/stable/c/31729e8c21ecfd671458e02b6511eb68c2225113"
}
],
"title": "drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36026",
"datePublished": "2024-05-30T15:07:31.295Z",
"dateReserved": "2024-05-17T13:50:33.159Z",
"dateUpdated": "2024-08-02T03:30:13.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36909
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-06T18:33:37.652556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-24T15:25:16.529Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2f622008bf784a9f5dd17baa19223cc2ac30a039"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/82f9e213b124a7d2bb5b16ea35d570260ef467e0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a9212a4e2963a7fbe3864ba33dc551d4ad8d0abb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/30d18df6567be09c1433e81993e35e3da573ac48"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hv/channel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2f622008bf78",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "82f9e213b124",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "a9212a4e2963",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "30d18df6567b",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hv/channel.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nDrivers: hv: vmbus: Don\u0027t free ring buffers that couldn\u0027t be re-encrypted\n\nIn CoCo VMs it is possible for the untrusted host to cause\nset_memory_encrypted() or set_memory_decrypted() to fail such that an\nerror is returned and the resulting memory is shared. Callers need to\ntake care to handle these errors to avoid returning decrypted (shared)\nmemory to the page allocator, which could lead to functional or security\nissues.\n\nThe VMBus ring buffer code could free decrypted/shared pages if\nset_memory_decrypted() fails. Check the decrypted field in the struct\nvmbus_gpadl for the ring buffers to decide whether to free the memory."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:08.339Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f622008bf784a9f5dd17baa19223cc2ac30a039"
},
{
"url": "https://git.kernel.org/stable/c/82f9e213b124a7d2bb5b16ea35d570260ef467e0"
},
{
"url": "https://git.kernel.org/stable/c/a9212a4e2963a7fbe3864ba33dc551d4ad8d0abb"
},
{
"url": "https://git.kernel.org/stable/c/30d18df6567be09c1433e81993e35e3da573ac48"
}
],
"title": "Drivers: hv: vmbus: Don\u0027t free ring buffers that couldn\u0027t be re-encrypted",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36909",
"datePublished": "2024-05-30T15:29:08.339Z",
"dateReserved": "2024-05-30T15:25:07.067Z",
"dateUpdated": "2024-08-02T03:43:50.141Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36022
Vulnerability from cvelistv5
Published
2024-05-30 15:03
Modified
2024-08-02 03:30
Severity
Summary
drm/amdgpu: Init zone device and drm client after mode-1 reset on reload
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-17T15:47:25.866297Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T15:47:28.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4f8154f775197d0021b690c2945d6a4d8094c8f6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f679fd6057fbf5ab34aaee28d58b7f81af0cbf48"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c",
"drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4f8154f77519",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "f679fd6057fb",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c",
"drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: Init zone device and drm client after mode-1 reset on reload\n\nIn passthrough environment, when amdgpu is reloaded after unload, mode-1\nis triggered after initializing the necessary IPs, That init does not\ninclude KFD, and KFD init waits until the reset is completed. KFD init\nis called in the reset handler, but in this case, the zone device and\ndrm client is not initialized, causing app to create kernel panic.\n\nv2: Removing the init KFD condition from amdgpu_amdkfd_drm_client_create.\nAs the previous version has the potential of creating DRM client twice.\n\nv3: v2 patch results in SDMA engine hung as DRM open causes VM clear to SDMA\nbefore SDMA init. Adding the condition to in drm client creation, on top of v1,\nto guard against drm client creation call multiple times."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:03:59.678Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4f8154f775197d0021b690c2945d6a4d8094c8f6"
},
{
"url": "https://git.kernel.org/stable/c/f679fd6057fbf5ab34aaee28d58b7f81af0cbf48"
}
],
"title": "drm/amdgpu: Init zone device and drm client after mode-1 reset on reload",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36022",
"datePublished": "2024-05-30T15:03:59.678Z",
"dateReserved": "2024-05-17T13:50:33.157Z",
"dateUpdated": "2024-08-02T03:30:12.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36024
Vulnerability from cvelistv5
Published
2024-05-30 15:04
Modified
2024-08-02 03:30
Severity
Summary
drm/amd/display: Disable idle reallow as part of command/gpint execution
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:30:12.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2aac387445610d6dfd681f5214388e86f5677ef7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6226a5aa77370329e01ee8abe50a95e60618ce97"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dc.h",
"drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c",
"drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2aac38744561",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "6226a5aa7737",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/amd/display/dc/dc.h",
"drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c",
"drivers/gpu/drm/amd/display/dc/resource/dcn35/dcn35_resource.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.6",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable idle reallow as part of command/gpint execution\n\n[Why]\nWorkaroud for a race condition where DMCUB is in the process of\ncommitting to IPS1 during the handshake causing us to miss the\ntransition into IPS2 and touch the INBOX1 RPTR causing a HW hang.\n\n[How]\nDisable the reallow to ensure that we have enough of a gap between entry\nand exit and we\u0027re not seeing back-to-back wake_and_executes."
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:04:01.114Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2aac387445610d6dfd681f5214388e86f5677ef7"
},
{
"url": "https://git.kernel.org/stable/c/6226a5aa77370329e01ee8abe50a95e60618ce97"
}
],
"title": "drm/amd/display: Disable idle reallow as part of command/gpint execution",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36024",
"datePublished": "2024-05-30T15:04:01.114Z",
"dateReserved": "2024-05-17T13:50:33.158Z",
"dateUpdated": "2024-08-02T03:30:12.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36938
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T15:38:33.489892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:48:04.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c0809c128dad4c3413818384eb06a341633db973"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5965bc7535fb87510b724e5465ccc1a1cf00916d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/39dc9e1442385d6e9be0b6491ee488dddd55ae27"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b397a0ab8582c533ec0c6b732392f141fc364f87"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/772d5729b5ff0df0d37b32db600ce635b2172f80"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6648e613226e18897231ab5e42ffc29e63fa3365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"include/linux/skmsg.h",
"net/core/skmsg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "c0809c128dad",
"status": "affected",
"version": "604326b41a6f",
"versionType": "git"
},
{
"lessThan": "5965bc7535fb",
"status": "affected",
"version": "604326b41a6f",
"versionType": "git"
},
{
"lessThan": "39dc9e144238",
"status": "affected",
"version": "604326b41a6f",
"versionType": "git"
},
{
"lessThan": "b397a0ab8582",
"status": "affected",
"version": "604326b41a6f",
"versionType": "git"
},
{
"lessThan": "772d5729b5ff",
"status": "affected",
"version": "604326b41a6f",
"versionType": "git"
},
{
"lessThan": "6648e613226e",
"status": "affected",
"version": "604326b41a6f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"include/linux/skmsg.h",
"net/core/skmsg.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.20"
},
{
"lessThan": "4.20",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.223",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.159",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.91",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.31",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue\n\nFix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which\nsyzbot reported [1].\n\n[1]\nBUG: KCSAN: data-race in sk_psock_drop / sk_psock_skb_ingress_enqueue\n\nwrite to 0xffff88814b3278b8 of 8 bytes by task 10724 on cpu 1:\n sk_psock_stop_verdict net/core/skmsg.c:1257 [inline]\n sk_psock_drop+0x13e/0x1f0 net/core/skmsg.c:843\n sk_psock_put include/linux/skmsg.h:459 [inline]\n sock_map_close+0x1a7/0x260 net/core/sock_map.c:1648\n unix_release+0x4b/0x80 net/unix/af_unix.c:1048\n __sock_release net/socket.c:659 [inline]\n sock_close+0x68/0x150 net/socket.c:1421\n __fput+0x2c1/0x660 fs/file_table.c:422\n __fput_sync+0x44/0x60 fs/file_table.c:507\n __do_sys_close fs/open.c:1556 [inline]\n __se_sys_close+0x101/0x1b0 fs/open.c:1541\n __x64_sys_close+0x1f/0x30 fs/open.c:1541\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nread to 0xffff88814b3278b8 of 8 bytes by task 10713 on cpu 0:\n sk_psock_data_ready include/linux/skmsg.h:464 [inline]\n sk_psock_skb_ingress_enqueue+0x32d/0x390 net/core/skmsg.c:555\n sk_psock_skb_ingress_self+0x185/0x1e0 net/core/skmsg.c:606\n sk_psock_verdict_apply net/core/skmsg.c:1008 [inline]\n sk_psock_verdict_recv+0x3e4/0x4a0 net/core/skmsg.c:1202\n unix_read_skb net/unix/af_unix.c:2546 [inline]\n unix_stream_read_skb+0x9e/0xf0 net/unix/af_unix.c:2682\n sk_psock_verdict_data_ready+0x77/0x220 net/core/skmsg.c:1223\n unix_stream_sendmsg+0x527/0x860 net/unix/af_unix.c:2339\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x140/0x180 net/socket.c:745\n ____sys_sendmsg+0x312/0x410 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x1e9/0x280 net/socket.c:2667\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x46/0x50 net/socket.c:2674\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nvalue changed: 0xffffffff83d7feb0 -\u003e 0x0000000000000000\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 10713 Comm: syz-executor.4 Tainted: G W 6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\n\nPrior to this, commit 4cd12c6065df (\"bpf, sockmap: Fix NULL pointer\ndereference in sk_psock_verdict_data_ready()\") fixed one NULL pointer\nsimilarly due to no protection of saved_data_ready. Here is another\ndifferent caller causing the same issue because of the same reason. So\nwe should protect it with sk_callback_lock read lock because the writer\nside in the sk_psock_drop() uses \"write_lock_bh(\u0026sk-\u003esk_callback_lock);\".\n\nTo avoid errors that could happen in future, I move those two pairs of\nlock into the sk_psock_data_ready(), which is suggested by John Fastabend."
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T06:28:29.164Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/c0809c128dad4c3413818384eb06a341633db973"
},
{
"url": "https://git.kernel.org/stable/c/5965bc7535fb87510b724e5465ccc1a1cf00916d"
},
{
"url": "https://git.kernel.org/stable/c/39dc9e1442385d6e9be0b6491ee488dddd55ae27"
},
{
"url": "https://git.kernel.org/stable/c/b397a0ab8582c533ec0c6b732392f141fc364f87"
},
{
"url": "https://git.kernel.org/stable/c/772d5729b5ff0df0d37b32db600ce635b2172f80"
},
{
"url": "https://git.kernel.org/stable/c/6648e613226e18897231ab5e42ffc29e63fa3365"
}
],
"title": "bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue",
"x_generator": {
"engine": "bippy-c9c4e1df01b2"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36938",
"datePublished": "2024-05-30T15:29:26.929Z",
"dateReserved": "2024-05-30T15:25:07.071Z",
"dateUpdated": "2024-08-02T03:43:50.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36907
Vulnerability from cvelistv5
Published
2024-05-30 15:29
Modified
2024-08-02 03:43
Severity
Summary
SUNRPC: add a missing rpc_stat for TCP TLS
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-31T18:30:57.531892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:47:47.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9b332c72299f2ac284ab3d7c0301969b933e4ca1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/024f7744bd09cb2a47a0a96b9c8ad08109de99cc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e088a20dbe33919695a8082c0b32deb62d23b4a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtsock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9b332c72299f",
"status": "affected",
"version": "260333221cf0",
"versionType": "git"
},
{
"lessThan": "024f7744bd09",
"status": "affected",
"version": "e9f9ceb3cca1",
"versionType": "git"
},
{
"lessThan": "8e088a20dbe3",
"status": "affected",
"version": "1548036ef120",
"versionType": "git"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sunrpc/xprtsock.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux"
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nSUNRPC: add a missing rpc_stat for TCP TLS\n\nCommit 1548036ef120 (\"nfs: make the rpc_stat per net namespace\") added\nfunctionality to specify rpc_stats function but missed adding it to the\nTCP TLS functionality. As the result, mounting with xprtsec=tls lead to\nthe following kernel oops.\n\n[ 128.984192] Unable to handle kernel NULL pointer dereference at\nvirtual address 000000000000001c\n[ 128.985058] Mem abort info:\n[ 128.985372] ESR = 0x0000000096000004\n[ 128.985709] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 128.986176] SET = 0, FnV = 0\n[ 128.986521] EA = 0, S1PTW = 0\n[ 128.986804] FSC = 0x04: level 0 translation fault\n[ 128.987229] Data abort info:\n[ 128.987597] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 128.988169] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 128.988811] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 128.989302] user pgtable: 4k pages, 48-bit VAs, pgdp=0000000106c84000\n[ 128.990048] [000000000000001c] pgd=0000000000000000, p4d=0000000000000000\n[ 128.990736] Internal error: Oops: 0000000096000004 [#1] SMP\n[ 128.991168] Modules linked in: nfs_layout_nfsv41_files\nrpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace netfs\nuinput dm_mod nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib\nnft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct\nnft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 rfkill\nip_set nf_tables nfnetlink qrtr vsock_loopback\nvmw_vsock_virtio_transport_common vmw_vsock_vmci_transport vsock\nsunrpc vfat fat uvcvideo videobuf2_vmalloc videobuf2_memops uvc\nvideobuf2_v4l2 videodev videobuf2_common mc vmw_vmci xfs libcrc32c\ne1000e crct10dif_ce ghash_ce sha2_ce vmwgfx nvme sha256_arm64\nnvme_core sr_mod cdrom sha1_ce drm_ttm_helper ttm drm_kms_helper drm\nsg fuse\n[ 128.996466] CPU: 0 PID: 179 Comm: kworker/u4:26 Kdump: loaded Not\ntainted 6.8.0-rc6+ #12\n[ 128.997226] Hardware name: VMware, Inc. VMware20,1/VBSA, BIOS\nVMW201.00V.21805430.BA64.2305221830 05/22/2023\n[ 128.998084] Workqueue: xprtiod xs_tcp_tls_setup_socket [sunrpc]\n[ 128.998701] pstate: 81400005 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 128.999384] pc : call_start+0x74/0x138 [sunrpc]\n[ 128.999809] lr : __rpc_execute+0xb8/0x3e0 [sunrpc]\n[ 129.000244] sp : ffff8000832b3a00\n[ 129.000508] x29: ffff8000832b3a00 x28: ffff800081ac79c0 x27: ffff800081ac7000\n[ 129.001111] x26: 0000000004248060 x25: 0000000000000000 x24: ffff800081596008\n[ 129.001757] x23: ffff80007b087240 x22: ffff00009a509d30 x21: 0000000000000000\n[ 129.002345] x20: ffff000090075600 x19: ffff00009a509d00 x18: ffffffffffffffff\n[ 129.002912] x17: 733d4d4554535953 x16: 42555300312d746e x15: ffff8000832b3a88\n[ 129.003464] x14: ffffffffffffffff x13: ffff8000832b3a7d x12: 0000000000000008\n[ 129.004021] x11: 0101010101010101 x10: ffff8000150cb560 x9 : ffff80007b087c00\n[ 129.004577] x8 : ffff00009a509de0 x7 : 0000000000000000 x6 : 00000000be8c4ee3\n[ 129.005026] x5 : 0000000000000000 x4 : 0000000000000000 x3 : ffff000094d56680\n[ 129.005425] x2 : ffff80007b0637f8 x1 : ffff000090075600 x0 : ffff00009a509d00\n[ 129.005824] Call trace:\n[ 129.005967] call_start+0x74/0x138 [sunrpc]\n[ 129.006233] __rpc_execute+0xb8/0x3e0 [sunrpc]\n[ 129.006506] rpc_execute+0x160/0x1d8 [sunrpc]\n[ 129.006778] rpc_run_task+0x148/0x1f8 [sunrpc]\n[ 129.007204] tls_probe+0x80/0xd0 [sunrpc]\n[ 129.007460] rpc_ping+0x28/0x80 [sunrpc]\n[ 129.007715] rpc_create_xprt+0x134/0x1a0 [sunrpc]\n[ 129.007999] rpc_create+0x128/0x2a0 [sunrpc]\n[ 129.008264] xs_tcp_tls_setup_socket+0xdc/0x508 [sunrpc]\n[ 129.008583] process_one_work+0x174/0x3c8\n[ 129.008813] worker_thread+0x2c8/0x3e0\n[ 129.009033] kthread+0x100/0x110\n[ 129.009225] ret_from_fork+0x10/0x20\n[ 129.009432] Code: f0ffffc2 911fe042 aa1403e1 aa1303e0 (b9401c83)"
}
],
"providerMetadata": {
"dateUpdated": "2024-05-30T15:29:07.193Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9b332c72299f2ac284ab3d7c0301969b933e4ca1"
},
{
"url": "https://git.kernel.org/stable/c/024f7744bd09cb2a47a0a96b9c8ad08109de99cc"
},
{
"url": "https://git.kernel.org/stable/c/8e088a20dbe33919695a8082c0b32deb62d23b4a"
}
],
"title": "SUNRPC: add a missing rpc_stat for TCP TLS",
"x_generator": {
"engine": "bippy-a5840b7849dd"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36907",
"datePublished": "2024-05-30T15:29:07.193Z",
"dateReserved": "2024-05-30T15:25:07.067Z",
"dateUpdated": "2024-08-02T03:43:50.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading...