csaf_certbund - wid-sec-w-2024-1322

wid-sec-w-2024-1322

Vulnerability from csaf_certbund

Published

2024-06-09 22:00

Modified

2024-07-22 22:00

Summary

Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1322 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1322.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1322 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1322"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-09",
        "url": "http://lore.kernel.org/linux-cve-announce/2024060801-CVE-2024-36965-dfe6@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-09",
        "url": "http://lore.kernel.org/linux-cve-announce/2024060804-CVE-2024-36966-8bbb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-09",
        "url": "http://lore.kernel.org/linux-cve-announce/2024060804-CVE-2024-36967-b73d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-09",
        "url": "http://lore.kernel.org/linux-cve-announce/2024060804-CVE-2024-36968-6d78@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-09",
        "url": "http://lore.kernel.org/linux-cve-announce/2024060804-CVE-2024-36969-6945@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-09",
        "url": "http://lore.kernel.org/linux-cve-announce/2024060855-CVE-2024-36970-2eb9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-09",
        "url": "http://lore.kernel.org/linux-cve-announce/20240610090330.1347021-2-lee@kernel.org/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3840 vom 2024-06-27",
        "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2372-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018901.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2385-1 vom 2024-07-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018920.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2394-1 vom 2024-07-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018922.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.10-2024-063 vom 2024-07-10",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2024-063.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5730 vom 2024-07-16",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00141.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2495-1 vom 2024-07-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018982.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.15-2024-045 vom 2024-07-23",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2024-045.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2571-1 vom 2024-07-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019019.html"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASKERNEL-5.4-2024-075 vom 2024-07-23",
        "url": "https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2024-075.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service und unspezifische Angriffe",
    "tracking": {
      "current_release_date": "2024-07-22T22:00:00.000+00:00",
      "generator": {
        "date": "2024-07-23T08:03:33.912+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-1322",
      "initial_release_date": "2024-06-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-06-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-06-10T22:00:00.000+00:00",
          "number": "2",
          "summary": "CVE erg\u00e4nzt"
        },
        {
          "date": "2024-06-27T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-07-09T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-10T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE und Amazon aufgenommen"
        },
        {
          "date": "2024-07-15T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-07-22T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Amazon und SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T035270",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-36965",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in den Komponenten remoteproc, erofs, scratch, Bluetooth, drm/amd/display und wifi aufgrund verschiedener sicherheitsrelevanter Probleme wie einem Speicherleck oder einer Aufteilung durch Null und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035270",
          "398363"
        ]
      },
      "release_date": "2024-06-09T22:00:00Z",
      "title": "CVE-2024-36965"
    },
    {
      "cve": "CVE-2024-36966",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in den Komponenten remoteproc, erofs, scratch, Bluetooth, drm/amd/display und wifi aufgrund verschiedener sicherheitsrelevanter Probleme wie einem Speicherleck oder einer Aufteilung durch Null und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035270",
          "398363"
        ]
      },
      "release_date": "2024-06-09T22:00:00Z",
      "title": "CVE-2024-36966"
    },
    {
      "cve": "CVE-2024-36967",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in den Komponenten remoteproc, erofs, scratch, Bluetooth, drm/amd/display und wifi aufgrund verschiedener sicherheitsrelevanter Probleme wie einem Speicherleck oder einer Aufteilung durch Null und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035270",
          "398363"
        ]
      },
      "release_date": "2024-06-09T22:00:00Z",
      "title": "CVE-2024-36967"
    },
    {
      "cve": "CVE-2024-36968",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in den Komponenten remoteproc, erofs, scratch, Bluetooth, drm/amd/display und wifi aufgrund verschiedener sicherheitsrelevanter Probleme wie einem Speicherleck oder einer Aufteilung durch Null und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035270",
          "398363"
        ]
      },
      "release_date": "2024-06-09T22:00:00Z",
      "title": "CVE-2024-36968"
    },
    {
      "cve": "CVE-2024-36969",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in den Komponenten remoteproc, erofs, scratch, Bluetooth, drm/amd/display und wifi aufgrund verschiedener sicherheitsrelevanter Probleme wie einem Speicherleck oder einer Aufteilung durch Null und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035270",
          "398363"
        ]
      },
      "release_date": "2024-06-09T22:00:00Z",
      "title": "CVE-2024-36969"
    },
    {
      "cve": "CVE-2024-36970",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in den Komponenten remoteproc, erofs, scratch, Bluetooth, drm/amd/display und wifi aufgrund verschiedener sicherheitsrelevanter Probleme wie einem Speicherleck oder einer Aufteilung durch Null und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035270",
          "398363"
        ]
      },
      "release_date": "2024-06-09T22:00:00Z",
      "title": "CVE-2024-36970"
    },
    {
      "cve": "CVE-2024-36971",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in den Komponenten remoteproc, erofs, scratch, Bluetooth, drm/amd/display und wifi aufgrund verschiedener sicherheitsrelevanter Probleme wie einem Speicherleck oder einer Aufteilung durch Null und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035270",
          "398363"
        ]
      },
      "release_date": "2024-06-09T22:00:00Z",
      "title": "CVE-2024-36971"
    },
    {
      "cve": "CVE-2024-36972",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in den Komponenten remoteproc, erofs, scratch, Bluetooth, drm/amd/display und wifi aufgrund verschiedener sicherheitsrelevanter Probleme wie einem Speicherleck oder einer Aufteilung durch Null und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu verursachen oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035270",
          "398363"
        ]
      },
      "release_date": "2024-06-09T22:00:00Z",
      "title": "CVE-2024-36972"
    }
  ]
}

cve-2024-36970

Vulnerability from cvelistv5

Published

2024-06-08 13:01

Modified

2024-11-05 09:29

Severity ?

Summary

wifi: iwlwifi: Use request_module_nowait

References

▼	URL	Tags
	https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e
	https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36970",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T13:05:54.168242Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T13:06:09.182Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.567Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/intel/iwlwifi/iwl-drv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d20013259539",
              "status": "affected",
              "version": "f5c31bcf604d",
              "versionType": "git"
            },
            {
              "lessThan": "3d913719df14",
              "status": "affected",
              "version": "f5c31bcf604d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/intel/iwlwifi/iwl-drv.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "v6.9-rc1~118"
            },
            {
              "lessThan": "v6.9-rc1~118",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary \"load_module\" var and now-wrong comment]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:29:04.364Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4"
        }
      ],
      "title": "wifi: iwlwifi: Use request_module_nowait",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36970",
    "datePublished": "2024-06-08T13:01:03.077Z",
    "dateReserved": "2024-05-30T15:25:07.082Z",
    "dateUpdated": "2024-11-05T09:29:04.364Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-36972

Vulnerability from cvelistv5

Published

2024-06-10 14:57

Modified

2024-11-05 09:29

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.

References

▼	URL	Tags
	https://git.kernel.org/stable/c/518a994aa0b87d96f1bc6678a7035df5d1fcd7a1
	https://git.kernel.org/stable/c/4bf6964451c3cb411fbaa1ae8b214b3d97a59bf1
	https://git.kernel.org/stable/c/d59ae9314b97e01c76a4171472441e55721ba636
	https://git.kernel.org/stable/c/4708f49add84a57ce0ccc7bf9a6269845c631cc3
	https://git.kernel.org/stable/c/9841991a446c87f90f66f4b9fee6fe934c1336a2

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "518a994aa0b8",
                "status": "affected",
                "version": "4fe505c63aa3",
                "versionType": "git"
              },
              {
                "lessThan": "4bf6964451c3",
                "status": "affected",
                "version": "e0e09186d882",
                "versionType": "git"
              },
              {
                "lessThan": "d59ae9314b97",
                "status": "affected",
                "version": "b74aa9ce13d0",
                "versionType": "custom"
              },
              {
                "lessThan": "4708f49add84",
                "status": "affected",
                "version": "1279f9d9dec2",
                "versionType": "custom"
              },
              {
                "lessThan": "9841991a446c",
                "status": "affected",
                "version": "1279f9d9dec2",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:6.8:-:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "6.8"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36972",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-05T03:56:02.065864Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-05T15:34:54.248Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/518a994aa0b87d96f1bc6678a7035df5d1fcd7a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4bf6964451c3cb411fbaa1ae8b214b3d97a59bf1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d59ae9314b97e01c76a4171472441e55721ba636"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4708f49add84a57ce0ccc7bf9a6269845c631cc3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9841991a446c87f90f66f4b9fee6fe934c1336a2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/unix/af_unix.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "518a994aa0b8",
              "status": "affected",
              "version": "4fe505c63aa3",
              "versionType": "git"
            },
            {
              "lessThan": "4bf6964451c3",
              "status": "affected",
              "version": "e0e09186d882",
              "versionType": "git"
            },
            {
              "lessThan": "d59ae9314b97",
              "status": "affected",
              "version": "b74aa9ce13d0",
              "versionType": "git"
            },
            {
              "lessThan": "4708f49add84",
              "status": "affected",
              "version": "1279f9d9dec2",
              "versionType": "git"
            },
            {
              "lessThan": "9841991a446c",
              "status": "affected",
              "version": "1279f9d9dec2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/unix/af_unix.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\naf_unix: Update unix_sk(sk)-\u003eoob_skb under sk_receive_queue lock.\n\nBilly Jheng Bing-Jhong reported a race between __unix_gc() and\nqueue_oob().\n\n__unix_gc() tries to garbage-collect close()d inflight sockets,\nand then if the socket has MSG_OOB in unix_sk(sk)-\u003eoob_skb, GC\nwill drop the reference and set NULL to it locklessly.\n\nHowever, the peer socket still can send MSG_OOB message and\nqueue_oob() can update unix_sk(sk)-\u003eoob_skb concurrently, leading\nNULL pointer dereference. [0]\n\nTo fix the issue, let\u0027s update unix_sk(sk)-\u003eoob_skb under the\nsk_receive_queue\u0027s lock and take it everywhere we touch oob_skb.\n\nNote that we defer kfree_skb() in manage_oob() to silence lockdep\nfalse-positive (See [1]).\n\n[0]:\nBUG: kernel NULL pointer dereference, address: 0000000000000008\n PF: supervisor write access in kernel mode\n PF: error_code(0x0002) - not-present page\nPGD 8000000009f5e067 P4D 8000000009f5e067 PUD 9f5d067 PMD 0\nOops: 0002 [#1] PREEMPT SMP PTI\nCPU: 3 PID: 50 Comm: kworker/3:1 Not tainted 6.9.0-rc5-00191-gd091e579b864 #110\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\nWorkqueue: events delayed_fput\nRIP: 0010:skb_dequeue (./include/linux/skbuff.h:2386 ./include/linux/skbuff.h:2402 net/core/skbuff.c:3847)\nCode: 39 e3 74 3e 8b 43 10 48 89 ef 83 e8 01 89 43 10 49 8b 44 24 08 49 c7 44 24 08 00 00 00 00 49 8b 14 24 49 c7 04 24 00 00 00 00 \u003c48\u003e 89 42 08 48 89 10 e8 e7 c5 42 00 4c 89 e0 5b 5d 41 5c c3 cc cc\nRSP: 0018:ffffc900001bfd48 EFLAGS: 00000002\nRAX: 0000000000000000 RBX: ffff8880088f5ae8 RCX: 00000000361289f9\nRDX: 0000000000000000 RSI: 0000000000000206 RDI: ffff8880088f5b00\nRBP: ffff8880088f5b00 R08: 0000000000080000 R09: 0000000000000001\nR10: 0000000000000003 R11: 0000000000000001 R12: ffff8880056b6a00\nR13: ffff8880088f5280 R14: 0000000000000001 R15: ffff8880088f5a80\nFS:  0000000000000000(0000) GS:ffff88807dd80000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000008 CR3: 0000000006314000 CR4: 00000000007506f0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n unix_release_sock (net/unix/af_unix.c:654)\n unix_release (net/unix/af_unix.c:1050)\n __sock_release (net/socket.c:660)\n sock_close (net/socket.c:1423)\n __fput (fs/file_table.c:423)\n delayed_fput (fs/file_table.c:444 (discriminator 3))\n process_one_work (kernel/workqueue.c:3259)\n worker_thread (kernel/workqueue.c:3329 kernel/workqueue.c:3416)\n kthread (kernel/kthread.c:388)\n ret_from_fork (arch/x86/kernel/process.c:153)\n ret_from_fork_asm (arch/x86/entry/entry_64.S:257)\n \u003c/TASK\u003e\nModules linked in:\nCR2: 0000000000000008"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:29:06.670Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/518a994aa0b87d96f1bc6678a7035df5d1fcd7a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/4bf6964451c3cb411fbaa1ae8b214b3d97a59bf1"
        },
        {
          "url": "https://git.kernel.org/stable/c/d59ae9314b97e01c76a4171472441e55721ba636"
        },
        {
          "url": "https://git.kernel.org/stable/c/4708f49add84a57ce0ccc7bf9a6269845c631cc3"
        },
        {
          "url": "https://git.kernel.org/stable/c/9841991a446c87f90f66f4b9fee6fe934c1336a2"
        }
      ],
      "title": "af_unix: Update unix_sk(sk)-\u003eoob_skb under sk_receive_queue lock.",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36972",
    "datePublished": "2024-06-10T14:57:42.271Z",
    "dateReserved": "2024-05-30T15:25:07.082Z",
    "dateUpdated": "2024-11-05T09:29:06.670Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-36969

Vulnerability from cvelistv5

Published

2024-06-08 12:53

Modified

2024-11-05 09:29

Severity ?

Summary

drm/amd/display: Fix division by zero in setup_dsc_config

References

▼	URL	Tags
	https://git.kernel.org/stable/c/a32c8f951c8a456c1c251e1dcdf21787f8066445
	https://git.kernel.org/stable/c/91402e0e5de9124a3108db7a14163fcf9a6d322f
	https://git.kernel.org/stable/c/7e4f50dfc98c49b3dc6875a35c3112522fb25639
	https://git.kernel.org/stable/c/f187fcbbb8f8bf10c6687f0beae22509369f7563
	https://git.kernel.org/stable/c/308de6be0c9c7ba36915c0d398e771725c0ea911
	https://git.kernel.org/stable/c/130afc8a886183a94cf6eab7d24f300014ff87ba

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36969",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T18:44:38.607815Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T18:44:52.492Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a32c8f951c8a456c1c251e1dcdf21787f8066445"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/91402e0e5de9124a3108db7a14163fcf9a6d322f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e4f50dfc98c49b3dc6875a35c3112522fb25639"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f187fcbbb8f8bf10c6687f0beae22509369f7563"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/308de6be0c9c7ba36915c0d398e771725c0ea911"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/130afc8a886183a94cf6eab7d24f300014ff87ba"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a32c8f951c8a",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "91402e0e5de9",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "7e4f50dfc98c",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "f187fcbbb8f8",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "308de6be0c9c",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "130afc8a8861",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.160",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.92",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.32",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix division by zero in setup_dsc_config\n\nWhen slice_height is 0, the division by slice_height in the calculation\nof the number of slices will cause a division by zero driver crash. This\nleaves the kernel in a state that requires a reboot. This patch adds a\ncheck to avoid the division by zero.\n\nThe stack trace below is for the 6.8.4 Kernel. I reproduced the issue on\na Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor\nconnected via Thunderbolt. The amdgpu driver crashed with this exception\nwhen I rebooted the system with the monitor connected.\n\nkernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447)\nkernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154)\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175)\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2))\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548)\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: dc_dsc_compute_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1109) amdgpu\n\nAfter applying this patch, the driver no longer crashes when the monitor\nis connected and the system is rebooted. I believe this is the same\nissue reported for 3113."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:29:03.166Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a32c8f951c8a456c1c251e1dcdf21787f8066445"
        },
        {
          "url": "https://git.kernel.org/stable/c/91402e0e5de9124a3108db7a14163fcf9a6d322f"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e4f50dfc98c49b3dc6875a35c3112522fb25639"
        },
        {
          "url": "https://git.kernel.org/stable/c/f187fcbbb8f8bf10c6687f0beae22509369f7563"
        },
        {
          "url": "https://git.kernel.org/stable/c/308de6be0c9c7ba36915c0d398e771725c0ea911"
        },
        {
          "url": "https://git.kernel.org/stable/c/130afc8a886183a94cf6eab7d24f300014ff87ba"
        }
      ],
      "title": "drm/amd/display: Fix division by zero in setup_dsc_config",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36969",
    "datePublished": "2024-06-08T12:53:01.353Z",
    "dateReserved": "2024-05-30T15:25:07.081Z",
    "dateUpdated": "2024-11-05T09:29:03.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-36966

Vulnerability from cvelistv5

Published

2024-06-08 12:52

Modified

2024-11-05 09:28

Severity ?

Summary

erofs: reliably distinguish block based and fscache mode

References

▼	URL	Tags
	https://git.kernel.org/stable/c/f9b877a7ee312ec8ce17598a7ef85cb820d7c371
	https://git.kernel.org/stable/c/dcdd49701e429c55b3644fd70fc58d85745f8cfe
	https://git.kernel.org/stable/c/7af2ae1b1531feab5d38ec9c8f472dc6cceb4606

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36966",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T19:01:23.136909Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T19:01:35.258Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.363Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f9b877a7ee312ec8ce17598a7ef85cb820d7c371"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dcdd49701e429c55b3644fd70fc58d85745f8cfe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7af2ae1b1531feab5d38ec9c8f472dc6cceb4606"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/erofs/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f9b877a7ee31",
              "status": "affected",
              "version": "aca740cecbe5",
              "versionType": "git"
            },
            {
              "lessThan": "dcdd49701e42",
              "status": "affected",
              "version": "aca740cecbe5",
              "versionType": "git"
            },
            {
              "lessThan": "7af2ae1b1531",
              "status": "affected",
              "version": "aca740cecbe5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/erofs/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.32",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: reliably distinguish block based and fscache mode\n\nWhen erofs_kill_sb() is called in block dev based mode, s_bdev may not\nhave been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled,\nit will be mistaken for fscache mode, and then attempt to free an anon_dev\nthat has never been allocated, triggering the following warning:\n\n============================================\nida_free called for id=0 which is not allocated.\nWARNING: CPU: 14 PID: 926 at lib/idr.c:525 ida_free+0x134/0x140\nModules linked in:\nCPU: 14 PID: 926 Comm: mount Not tainted 6.9.0-rc3-dirty #630\nRIP: 0010:ida_free+0x134/0x140\nCall Trace:\n \u003cTASK\u003e\n erofs_kill_sb+0x81/0x90\n deactivate_locked_super+0x35/0x80\n get_tree_bdev+0x136/0x1e0\n vfs_get_tree+0x2c/0xf0\n do_new_mount+0x190/0x2f0\n [...]\n============================================\n\nNow when erofs_kill_sb() is called, erofs_sb_info must have been\ninitialised, so use sbi-\u003efsid to distinguish between the two modes."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:28:58.744Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f9b877a7ee312ec8ce17598a7ef85cb820d7c371"
        },
        {
          "url": "https://git.kernel.org/stable/c/dcdd49701e429c55b3644fd70fc58d85745f8cfe"
        },
        {
          "url": "https://git.kernel.org/stable/c/7af2ae1b1531feab5d38ec9c8f472dc6cceb4606"
        }
      ],
      "title": "erofs: reliably distinguish block based and fscache mode",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36966",
    "datePublished": "2024-06-08T12:52:59.148Z",
    "dateReserved": "2024-05-30T15:25:07.081Z",
    "dateUpdated": "2024-11-05T09:28:58.744Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-36971

Vulnerability from cvelistv5

Published

2024-06-10 09:03

Modified

2024-11-05 09:29

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

net: fix __dst_negative_advice() race

References

▼	URL	Tags
	https://git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13
	https://git.kernel.org/stable/c/db0082825037794c5dba9959c9de13ca34cc5e72
	https://git.kernel.org/stable/c/2295a7ef5c8c49241bff769e7826ef2582e532a6
	https://git.kernel.org/stable/c/eacb8b195579c174a6d3e12a9690b206eb7f28cf
	https://git.kernel.org/stable/c/81dd3c82a456b0015461754be7cb2693991421b4
	https://git.kernel.org/stable/c/5af198c387128a9d2ddd620b0f0803564a4d4508
	https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc
	https://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.464Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/db0082825037794c5dba9959c9de13ca34cc5e72"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2295a7ef5c8c49241bff769e7826ef2582e532a6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eacb8b195579c174a6d3e12a9690b206eb7f28cf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/81dd3c82a456b0015461754be7cb2693991421b4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5af198c387128a9d2ddd620b0f0803564a4d4508"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:4.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "4.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "051c0bde9f04",
                "status": "affected",
                "version": "a87cb3e48ee8",
                "versionType": "git"
              },
              {
                "lessThan": "db0082825037",
                "status": "affected",
                "version": "a87cb3e48ee8",
                "versionType": "git"
              },
              {
                "lessThan": "2295a7ef5c8c",
                "status": "affected",
                "version": "a87cb3e48ee8",
                "versionType": "git"
              },
              {
                "lessThan": "eacb8b195579",
                "status": "affected",
                "version": "a87cb3e48ee8",
                "versionType": "git"
              },
              {
                "lessThan": "81dd3c82a456",
                "status": "affected",
                "version": "a87cb3e48ee8",
                "versionType": "git"
              },
              {
                "lessThan": "5af198c38712",
                "status": "affected",
                "version": "a87cb3e48ee8",
                "versionType": "git"
              },
              {
                "lessThan": "b8af8e6118a6",
                "status": "affected",
                "version": "a87cb3e48ee8",
                "versionType": "git"
              },
              {
                "lessThan": "92f1655aa2b2",
                "status": "affected",
                "version": "a87cb3e48ee8",
                "versionType": "git"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "4.6",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:4.19.316:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "4.20",
                "status": "unaffected",
                "version": "4.19.316",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:5.4.278:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.5",
                "status": "unaffected",
                "version": "5.4.278",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:5.10.219:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.11",
                "status": "unaffected",
                "version": "5.10.219",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:5.15.161:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.16",
                "status": "unaffected",
                "version": "5.15.161",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:6.1.94:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.2",
                "status": "unaffected",
                "version": "6.1.94",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:6.6.34:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.7",
                "status": "unaffected",
                "version": "6.6.34",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:6.9.4:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.10",
                "status": "unaffected",
                "version": "6.9.4",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:6.10:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "*",
                "status": "unaffected",
                "version": "6.10",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36971",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-07T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-08-07",
                "reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:55:24.694Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2024-08-07T00:00:00+00:00",
            "value": "CVE-2024-36971 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/dst_ops.h",
            "include/net/sock.h",
            "net/ipv4/route.c",
            "net/ipv6/route.c",
            "net/xfrm/xfrm_policy.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "051c0bde9f04",
              "status": "affected",
              "version": "a87cb3e48ee8",
              "versionType": "git"
            },
            {
              "lessThan": "db0082825037",
              "status": "affected",
              "version": "a87cb3e48ee8",
              "versionType": "git"
            },
            {
              "lessThan": "2295a7ef5c8c",
              "status": "affected",
              "version": "a87cb3e48ee8",
              "versionType": "git"
            },
            {
              "lessThan": "eacb8b195579",
              "status": "affected",
              "version": "a87cb3e48ee8",
              "versionType": "git"
            },
            {
              "lessThan": "81dd3c82a456",
              "status": "affected",
              "version": "a87cb3e48ee8",
              "versionType": "git"
            },
            {
              "lessThan": "5af198c38712",
              "status": "affected",
              "version": "a87cb3e48ee8",
              "versionType": "git"
            },
            {
              "lessThan": "b8af8e6118a6",
              "status": "affected",
              "version": "a87cb3e48ee8",
              "versionType": "git"
            },
            {
              "lessThan": "92f1655aa2b2",
              "status": "affected",
              "version": "a87cb3e48ee8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/dst_ops.h",
            "include/net/sock.h",
            "net/ipv4/route.c",
            "net/ipv6/route.c",
            "net/xfrm/xfrm_policy.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.6"
            },
            {
              "lessThan": "4.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix __dst_negative_advice() race\n\n__dst_negative_advice() does not enforce proper RCU rules when\nsk-\u003edst_cache must be cleared, leading to possible UAF.\n\nRCU rules are that we must first clear sk-\u003esk_dst_cache,\nthen call dst_release(old_dst).\n\nNote that sk_dst_reset(sk) is implementing this protocol correctly,\nwhile __dst_negative_advice() uses the wrong order.\n\nGiven that ip6_negative_advice() has special logic\nagainst RTF_CACHE, this means each of the three -\u003enegative_advice()\nexisting methods must perform the sk_dst_reset() themselves.\n\nNote the check against NULL dst is centralized in\n__dst_negative_advice(), there is no need to duplicate\nit in various callbacks.\n\nMany thanks to Clement Lecigne for tracking this issue.\n\nThis old bug became visible after the blamed commit, using UDP sockets."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:29:05.519Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/051c0bde9f0450a2ec3d62a86d2a0d2fad117f13"
        },
        {
          "url": "https://git.kernel.org/stable/c/db0082825037794c5dba9959c9de13ca34cc5e72"
        },
        {
          "url": "https://git.kernel.org/stable/c/2295a7ef5c8c49241bff769e7826ef2582e532a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/eacb8b195579c174a6d3e12a9690b206eb7f28cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/81dd3c82a456b0015461754be7cb2693991421b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/5af198c387128a9d2ddd620b0f0803564a4d4508"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8af8e6118a6605f0e495a58d591ca94a85a50fc"
        },
        {
          "url": "https://git.kernel.org/stable/c/92f1655aa2b2294d0b49925f3b875a634bd3b59e"
        }
      ],
      "title": "net: fix __dst_negative_advice() race",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36971",
    "datePublished": "2024-06-10T09:03:23.878Z",
    "dateReserved": "2024-05-30T15:25:07.082Z",
    "dateUpdated": "2024-11-05T09:29:05.519Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-36968

Vulnerability from cvelistv5

Published

2024-06-08 12:53

Modified

2024-11-05 09:29

Severity ?

Summary

Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()

References

▼	URL	Tags
	https://git.kernel.org/stable/c/ad3f7986c5a0f82b8b66a0afe1cc1f5421e1d674
	https://git.kernel.org/stable/c/dfece2b4e3759759b2bdfac2cd6d0ee9fbf055f3
	https://git.kernel.org/stable/c/d2b2f7d3936dc5990549bc36ab7ac7ac37f22c30
	https://git.kernel.org/stable/c/4d3dbaa252257d20611c3647290e6171f1bbd6c8
	https://git.kernel.org/stable/c/a5b862c6a221459d54e494e88965b48dcfa6cc44

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36968",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T14:43:17.673959Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T14:43:45.857Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.479Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad3f7986c5a0f82b8b66a0afe1cc1f5421e1d674"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dfece2b4e3759759b2bdfac2cd6d0ee9fbf055f3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d2b2f7d3936dc5990549bc36ab7ac7ac37f22c30"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4d3dbaa252257d20611c3647290e6171f1bbd6c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a5b862c6a221459d54e494e88965b48dcfa6cc44"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/bluetooth/hci.h",
            "include/net/bluetooth/hci_core.h",
            "net/bluetooth/hci_conn.c",
            "net/bluetooth/hci_event.c",
            "net/bluetooth/iso.c",
            "net/bluetooth/l2cap_core.c",
            "net/bluetooth/sco.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ad3f7986c5a0",
              "status": "affected",
              "version": "6ed58ec520ad",
              "versionType": "git"
            },
            {
              "lessThan": "dfece2b4e375",
              "status": "affected",
              "version": "6ed58ec520ad",
              "versionType": "git"
            },
            {
              "lessThan": "d2b2f7d3936d",
              "status": "affected",
              "version": "6ed58ec520ad",
              "versionType": "git"
            },
            {
              "lessThan": "4d3dbaa25225",
              "status": "affected",
              "version": "6ed58ec520ad",
              "versionType": "git"
            },
            {
              "lessThan": "a5b862c6a221",
              "status": "affected",
              "version": "6ed58ec520ad",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/bluetooth/hci.h",
            "include/net/bluetooth/hci_core.h",
            "net/bluetooth/hci_conn.c",
            "net/bluetooth/hci_event.c",
            "net/bluetooth/iso.c",
            "net/bluetooth/l2cap_core.c",
            "net/bluetooth/sco.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.39"
            },
            {
              "lessThan": "2.6.39",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.32",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()\n\nl2cap_le_flowctl_init() can cause both div-by-zero and an integer\noverflow since hdev-\u003ele_mtu may not fall in the valid range.\n\nMove MTU from hci_dev to hci_conn to validate MTU and stop the connection\nprocess earlier if MTU is invalid.\nAlso, add a missing validation in read_buffer_size() and make it return\nan error value if the validation fails.\nNow hci_conn_add() returns ERR_PTR() as it can fail due to the both a\nkzalloc failure and invalid MTU value.\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G        W          6.9.0-rc5+ #20\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci0 hci_rx_work\nRIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547\nCode: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c\n89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 \u003c66\u003e f7 f3 89 c3 ff c3 4d 8d\nb7 88 00 00 00 4c 89 f0 48 c1 e8 03 42\nRSP: 0018:ffff88810bc0f858 EFLAGS: 00010246\nRAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f\nRBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa\nR10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084\nR13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000\nFS:  0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline]\n l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline]\n l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline]\n l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809\n l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506\n hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline]\n hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335\n worker_thread+0x926/0xe70 kernel/workqueue.c:3416\n kthread+0x2e3/0x380 kernel/kthread.c:388\n ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \u003c/TASK\u003e\nModules linked in:\n---[ end trace 0000000000000000 ]---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:29:01.263Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ad3f7986c5a0f82b8b66a0afe1cc1f5421e1d674"
        },
        {
          "url": "https://git.kernel.org/stable/c/dfece2b4e3759759b2bdfac2cd6d0ee9fbf055f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2b2f7d3936dc5990549bc36ab7ac7ac37f22c30"
        },
        {
          "url": "https://git.kernel.org/stable/c/4d3dbaa252257d20611c3647290e6171f1bbd6c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/a5b862c6a221459d54e494e88965b48dcfa6cc44"
        }
      ],
      "title": "Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36968",
    "datePublished": "2024-06-08T12:53:00.562Z",
    "dateReserved": "2024-05-30T15:25:07.081Z",
    "dateUpdated": "2024-11-05T09:29:01.263Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-36965

Vulnerability from cvelistv5

Published

2024-06-08 12:52

Modified

2024-11-05 09:28

Severity ?

Summary

remoteproc: mediatek: Make sure IPI buffer fits in L2TCM

References

▼	URL	Tags
	https://git.kernel.org/stable/c/00548ac6b14428719c970ef90adae2b3b48c0cdf
	https://git.kernel.org/stable/c/1d9e2de24533daca36cbf09e8d8596bf72b526b2
	https://git.kernel.org/stable/c/26c6d7dc8c6a9fde9d362ab2eef6390efeff145e
	https://git.kernel.org/stable/c/838b49e211d59fa827ff9df062d4020917cffbdf
	https://git.kernel.org/stable/c/36c79eb4845551e9f6d28c663b38ce0ab03b84a9
	https://git.kernel.org/stable/c/331f91d86f71d0bb89a44217cc0b2a22810bbd42

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.595Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/00548ac6b14428719c970ef90adae2b3b48c0cdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d9e2de24533daca36cbf09e8d8596bf72b526b2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/26c6d7dc8c6a9fde9d362ab2eef6390efeff145e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/838b49e211d59fa827ff9df062d4020917cffbdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/36c79eb4845551e9f6d28c663b38ce0ab03b84a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/331f91d86f71d0bb89a44217cc0b2a22810bbd42"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36965",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:15:29.133298Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:58.958Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/remoteproc/mtk_scp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "00548ac6b144",
              "status": "affected",
              "version": "3efa0ea743b7",
              "versionType": "git"
            },
            {
              "lessThan": "1d9e2de24533",
              "status": "affected",
              "version": "3efa0ea743b7",
              "versionType": "git"
            },
            {
              "lessThan": "26c6d7dc8c6a",
              "status": "affected",
              "version": "3efa0ea743b7",
              "versionType": "git"
            },
            {
              "lessThan": "838b49e211d5",
              "status": "affected",
              "version": "3efa0ea743b7",
              "versionType": "git"
            },
            {
              "lessThan": "36c79eb48455",
              "status": "affected",
              "version": "3efa0ea743b7",
              "versionType": "git"
            },
            {
              "lessThan": "331f91d86f71",
              "status": "affected",
              "version": "3efa0ea743b7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/remoteproc/mtk_scp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.160",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.92",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.32",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: mediatek: Make sure IPI buffer fits in L2TCM\n\nThe IPI buffer location is read from the firmware that we load to the\nSystem Companion Processor, and it\u0027s not granted that both the SRAM\n(L2TCM) size that is defined in the devicetree node is large enough\nfor that, and while this is especially true for multi-core SCP, it\u0027s\nstill useful to check on single-core variants as well.\n\nFailing to perform this check may make this driver perform R/W\noperations out of the L2TCM boundary, resulting (at best) in a\nkernel panic.\n\nTo fix that, check that the IPI buffer fits, otherwise return a\nfailure and refuse to boot the relevant SCP core (or the SCP at\nall, if this is single core)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:28:57.455Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/00548ac6b14428719c970ef90adae2b3b48c0cdf"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d9e2de24533daca36cbf09e8d8596bf72b526b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/26c6d7dc8c6a9fde9d362ab2eef6390efeff145e"
        },
        {
          "url": "https://git.kernel.org/stable/c/838b49e211d59fa827ff9df062d4020917cffbdf"
        },
        {
          "url": "https://git.kernel.org/stable/c/36c79eb4845551e9f6d28c663b38ce0ab03b84a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/331f91d86f71d0bb89a44217cc0b2a22810bbd42"
        }
      ],
      "title": "remoteproc: mediatek: Make sure IPI buffer fits in L2TCM",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36965",
    "datePublished": "2024-06-08T12:52:58.404Z",
    "dateReserved": "2024-05-30T15:25:07.081Z",
    "dateUpdated": "2024-11-05T09:28:57.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-36967

Vulnerability from cvelistv5

Published

2024-06-08 12:52

Modified

2024-11-05 09:28

Severity ?

Summary

KEYS: trusted: Fix memory leak in tpm2_key_encode()

References

▼	URL	Tags
	https://git.kernel.org/stable/c/1e6914fa8e7798bcf3ce4a5b96ea4ac1d5571cdf
	https://git.kernel.org/stable/c/5d91238b590bd883c86ba7707c5c9096469c08b7
	https://git.kernel.org/stable/c/e62835264d0352be6086975f18fdfed2b5520b13
	https://git.kernel.org/stable/c/189c768932d435045b1fae12bf63e53866f06a28
	https://git.kernel.org/stable/c/cf26a92f560eed5d6ddc3d441cc645950cbabc56
	https://git.kernel.org/stable/c/ffcaa2172cc1a85ddb8b783de96d38ca8855e248

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36967",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T13:06:42.605558Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T13:06:51.220Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.576Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1e6914fa8e7798bcf3ce4a5b96ea4ac1d5571cdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5d91238b590bd883c86ba7707c5c9096469c08b7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e62835264d0352be6086975f18fdfed2b5520b13"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/189c768932d435045b1fae12bf63e53866f06a28"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf26a92f560eed5d6ddc3d441cc645950cbabc56"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ffcaa2172cc1a85ddb8b783de96d38ca8855e248"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/keys/trusted-keys/trusted_tpm2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1e6914fa8e77",
              "status": "affected",
              "version": "f2219745250f",
              "versionType": "git"
            },
            {
              "lessThan": "5d91238b590b",
              "status": "affected",
              "version": "f2219745250f",
              "versionType": "git"
            },
            {
              "lessThan": "e62835264d03",
              "status": "affected",
              "version": "f2219745250f",
              "versionType": "git"
            },
            {
              "lessThan": "189c768932d4",
              "status": "affected",
              "version": "f2219745250f",
              "versionType": "git"
            },
            {
              "lessThan": "cf26a92f560e",
              "status": "affected",
              "version": "f2219745250f",
              "versionType": "git"
            },
            {
              "lessThan": "ffcaa2172cc1",
              "status": "affected",
              "version": "f2219745250f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/keys/trusted-keys/trusted_tpm2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.160",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.92",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.32",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: Fix memory leak in tpm2_key_encode()\n\n\u0027scratch\u0027 is never freed. Fix this by calling kfree() in the success, and\nin the error case."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:28:59.871Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1e6914fa8e7798bcf3ce4a5b96ea4ac1d5571cdf"
        },
        {
          "url": "https://git.kernel.org/stable/c/5d91238b590bd883c86ba7707c5c9096469c08b7"
        },
        {
          "url": "https://git.kernel.org/stable/c/e62835264d0352be6086975f18fdfed2b5520b13"
        },
        {
          "url": "https://git.kernel.org/stable/c/189c768932d435045b1fae12bf63e53866f06a28"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf26a92f560eed5d6ddc3d441cc645950cbabc56"
        },
        {
          "url": "https://git.kernel.org/stable/c/ffcaa2172cc1a85ddb8b783de96d38ca8855e248"
        }
      ],
      "title": "KEYS: trusted: Fix memory leak in tpm2_key_encode()",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36967",
    "datePublished": "2024-06-08T12:52:59.895Z",
    "dateReserved": "2024-05-30T15:25:07.081Z",
    "dateUpdated": "2024-11-05T09:28:59.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_certbund

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature