Action not permitted
Modal body text goes here.
wid-sec-w-2024-1451
Vulnerability from csaf_certbund
Published
2024-06-25 22:00
Modified
2024-07-22 22:00
Summary
Linux Kernel: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-1451 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1451.json" }, { "category": "self", "summary": "WID-SEC-2024-1451 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1451" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062500-CVE-2024-39468-11d2@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062500-CVE-2024-39469-a1be@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062500-CVE-2024-39470-5b25@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062501-CVE-2024-39471-3dee@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062506-CVE-2021-4440-f8f1@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062512-CVE-2024-39461-cdbc@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39462-f5ec@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39463-42c8@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39464-6214@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39465-f827@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062514-CVE-2024-39466-3da4@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062514-CVE-2024-39467-b07d@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062546-CVE-2022-48772-8cbe@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-37078-3aaa@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-37354-ccfb@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-38306-c570@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-38385-4b3a@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-38661-44a9@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39276-5205@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062549-CVE-2024-39296-3976@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062549-CVE-2024-39298-53e8@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062549-CVE-2024-39301-6610@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062550-CVE-2024-39362-2d27@gregkh/" }, { "category": "external", "summary": "Linux CVE Announcement vom 2024-06-25", "url": "https://lore.kernel.org/linux-cve-announce/2024062550-CVE-2024-39371-42fb@gregkh/" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2372-1 vom 2024-07-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018901.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2360-1 vom 2024-07-09", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018907.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2381-1 vom 2024-07-10", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018916.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2394-1 vom 2024-07-10", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018922.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-5730 vom 2024-07-16", "url": "https://lists.debian.org/debian-security-announce/2024/msg00141.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2493-1 vom 2024-07-16", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018984.html" }, { "category": "external", "summary": "Debian Security Advisory DSA-5731 vom 2024-07-17", "url": "https://lists.debian.org/debian-security-announce/2024/msg00142.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2561-1 vom 2024-07-18", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019001.html" }, { "category": "external", "summary": "SUSE Security Update SUSE-SU-2024:2571-1 vom 2024-07-22", "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019019.html" } ], "source_lang": "en-US", "title": "Linux Kernel: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-07-22T22:00:00.000+00:00", "generator": { "date": "2024-07-23T08:03:11.199+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-1451", "initial_release_date": "2024-06-25T22:00:00.000+00:00", "revision_history": [ { "date": "2024-06-25T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-07-09T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-07-10T22:00:00.000+00:00", "number": "3", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-07-15T22:00:00.000+00:00", "number": "4", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2024-07-16T22:00:00.000+00:00", "number": "5", "summary": "Neue Updates von Debian aufgenommen" }, { "date": "2024-07-18T22:00:00.000+00:00", "number": "6", "summary": "Neue Updates von SUSE aufgenommen" }, { "date": "2024-07-22T22:00:00.000+00:00", "number": "7", "summary": "Neue Updates von SUSE aufgenommen" } ], "status": "final", "version": "7" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Debian Linux", "product": { "name": "Debian Linux", "product_id": "2951", "product_identification_helper": { "cpe": "cpe:/o:debian:debian_linux:-" } } } ], "category": "vendor", "name": "Debian" }, { "branches": [ { "category": "product_name", "name": "Open Source Linux Kernel", "product": { "name": "Open Source Linux Kernel", "product_id": "T035642", "product_identification_helper": { "cpe": "cpe:/o:linux:linux_kernel:-" } } } ], "category": "vendor", "name": "Open Source" }, { "branches": [ { "category": "product_name", "name": "SUSE Linux", "product": { "name": "SUSE Linux", "product_id": "T002207", "product_identification_helper": { "cpe": "cpe:/o:suse:suse_linux:-" } } } ], "category": "vendor", "name": "SUSE" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-4440", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2021-4440" }, { "cve": "CVE-2022-48772", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2022-48772" }, { "cve": "CVE-2024-37078", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-37078" }, { "cve": "CVE-2024-37354", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-37354" }, { "cve": "CVE-2024-38306", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-38306" }, { "cve": "CVE-2024-38385", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-38385" }, { "cve": "CVE-2024-38661", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-38661" }, { "cve": "CVE-2024-39276", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39276" }, { "cve": "CVE-2024-39293", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39293" }, { "cve": "CVE-2024-39296", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39296" }, { "cve": "CVE-2024-39298", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39298" }, { "cve": "CVE-2024-39301", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39301" }, { "cve": "CVE-2024-39362", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39362" }, { "cve": "CVE-2024-39371", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39371" }, { "cve": "CVE-2024-39461", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39461" }, { "cve": "CVE-2024-39462", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39462" }, { "cve": "CVE-2024-39463", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39463" }, { "cve": "CVE-2024-39464", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39464" }, { "cve": "CVE-2024-39465", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39465" }, { "cve": "CVE-2024-39466", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39466" }, { "cve": "CVE-2024-39467", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39467" }, { "cve": "CVE-2024-39468", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39468" }, { "cve": "CVE-2024-39469", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39469" }, { "cve": "CVE-2024-39470", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39470" }, { "cve": "CVE-2024-39471", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren." } ], "product_status": { "known_affected": [ "2951", "T002207", "T035642" ] }, "release_date": "2024-06-25T22:00:00Z", "title": "CVE-2024-39471" } ] }
cve-2024-39469
Vulnerability from cvelistv5
Published
2024-06-25 14:28
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:15.309Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2ac8a2fe22bdde9eecce2a42cf5cab79333fb428" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/405b71f1251e5ae865f53bd27c45114e6c83bee3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c77ad608df6c091fe64ecb91f41ef7cb465587f1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/11a2edb70356a2202dcb7c9c189c8356ab4752cd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/129dcd3e7d036218db3f59c82d82004b9539ed82" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d18b05eda7fa77f02114f15b02c009f28ee42346" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/59f14875a96ef93f05b82ad3c980605f2cb444b5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7373a51e7998b508af7136530f3a997b286ce81c" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-39469", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T17:07:55.313333Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:34:41.781Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/nilfs2/dir.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "2ac8a2fe22bd", "status": "affected", "version": "2ba466d74ed7", "versionType": "git" }, { "lessThan": "405b71f1251e", "status": "affected", "version": "2ba466d74ed7", "versionType": "git" }, { "lessThan": "c77ad608df6c", "status": "affected", "version": "2ba466d74ed7", "versionType": "git" }, { "lessThan": "11a2edb70356", "status": "affected", "version": "2ba466d74ed7", "versionType": "git" }, { "lessThan": "129dcd3e7d03", "status": "affected", "version": "2ba466d74ed7", "versionType": "git" }, { "lessThan": "d18b05eda7fa", "status": "affected", "version": "2ba466d74ed7", "versionType": "git" }, { "lessThan": "59f14875a96e", "status": "affected", "version": "2ba466d74ed7", "versionType": "git" }, { "lessThan": "7373a51e7998", "status": "affected", "version": "2ba466d74ed7", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/nilfs2/dir.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "2.6.30" }, { "lessThan": "2.6.30", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.317", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.279", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.221", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.162", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.95", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.35", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors\n\nThe error handling in nilfs_empty_dir() when a directory folio/page read\nfails is incorrect, as in the old ext2 implementation, and if the\nfolio/page cannot be read or nilfs_check_folio() fails, it will falsely\ndetermine the directory as empty and corrupt the file system.\n\nIn addition, since nilfs_empty_dir() does not immediately return on a\nfailed folio/page read, but continues to loop, this can cause a long loop\nwith I/O if i_size of the directory\u0027s inode is also corrupted, causing the\nlog writer thread to wait and hang, as reported by syzbot.\n\nFix these issues by making nilfs_empty_dir() immediately return a false\nvalue (0) if it fails to get a directory folio/page." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:55.006Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/2ac8a2fe22bdde9eecce2a42cf5cab79333fb428" }, { "url": "https://git.kernel.org/stable/c/405b71f1251e5ae865f53bd27c45114e6c83bee3" }, { "url": "https://git.kernel.org/stable/c/c77ad608df6c091fe64ecb91f41ef7cb465587f1" }, { "url": "https://git.kernel.org/stable/c/11a2edb70356a2202dcb7c9c189c8356ab4752cd" }, { "url": "https://git.kernel.org/stable/c/129dcd3e7d036218db3f59c82d82004b9539ed82" }, { "url": "https://git.kernel.org/stable/c/d18b05eda7fa77f02114f15b02c009f28ee42346" }, { "url": "https://git.kernel.org/stable/c/59f14875a96ef93f05b82ad3c980605f2cb444b5" }, { "url": "https://git.kernel.org/stable/c/7373a51e7998b508af7136530f3a997b286ce81c" } ], "title": "nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39469", "datePublished": "2024-06-25T14:28:55.581Z", "dateReserved": "2024-06-25T14:23:23.745Z", "dateUpdated": "2024-11-05T09:31:55.006Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39276
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2024-11-05 14:27
Severity ?
EPSS score ?
Summary
ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()
References
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-39276", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-25T15:26:44.344702Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-05T14:27:26.405Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:19:20.631Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9ad75e78747b5a50dc5a52f0f8e92e920a653f16" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/896a7e7d0d555ad8b2b46af0c2fa7de7467f9483" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/76dc776153a47372719d664e0fc50d6355791abb" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/681ff9a09accd8a4379f8bd30b7a1641ee19bb3e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/e941b712e758f615d311946bf98216e79145ccd9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a95df6f04f2c37291adf26a74205cde0314d4577" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b37c0edef4e66fb21a2fbc211471195a383e5ab8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0c0b4a49d3e7f49690a6827a41faeffad5df7e21" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/ext4/xattr.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "9ad75e78747b", "status": "affected", "version": "b878c8a7f08f", "versionType": "git" }, { "lessThan": "896a7e7d0d55", "status": "affected", "version": "fb265c9cb49e", "versionType": "git" }, { "lessThan": "76dc776153a4", "status": "affected", "version": "fb265c9cb49e", "versionType": "git" }, { "lessThan": "681ff9a09acc", "status": "affected", "version": "fb265c9cb49e", "versionType": "git" }, { "lessThan": "e941b712e758", "status": "affected", "version": "fb265c9cb49e", "versionType": "git" }, { "lessThan": "a95df6f04f2c", "status": "affected", "version": "fb265c9cb49e", "versionType": "git" }, { "lessThan": "b37c0edef4e6", "status": "affected", "version": "fb265c9cb49e", "versionType": "git" }, { "lessThan": "0c0b4a49d3e7", "status": "affected", "version": "fb265c9cb49e", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/ext4/xattr.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.0" }, { "lessThan": "5.0", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.316", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.278", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.219", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.161", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.94", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix mb_cache_entry\u0027s e_refcnt leak in ext4_xattr_block_cache_find()\n\nSyzbot reports a warning as follows:\n\n============================================\nWARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mb_cache_destroy+0x224/0x290\nModules linked in:\nCPU: 0 PID: 5075 Comm: syz-executor199 Not tainted 6.9.0-rc6-gb947cc5bf6d7\nRIP: 0010:mb_cache_destroy+0x224/0x290 fs/mbcache.c:419\nCall Trace:\n \u003cTASK\u003e\n ext4_put_super+0x6d4/0xcd0 fs/ext4/super.c:1375\n generic_shutdown_super+0x136/0x2d0 fs/super.c:641\n kill_block_super+0x44/0x90 fs/super.c:1675\n ext4_kill_sb+0x68/0xa0 fs/ext4/super.c:7327\n[...]\n============================================\n\nThis is because when finding an entry in ext4_xattr_block_cache_find(), if\next4_sb_bread() returns -ENOMEM, the ce\u0027s e_refcnt, which has already grown\nin the __entry_find(), won\u0027t be put away, and eventually trigger the above\nissue in mb_cache_destroy() due to reference count leakage.\n\nSo call mb_cache_entry_put() on the -ENOMEM error branch as a quick fix." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:34.848Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/9ad75e78747b5a50dc5a52f0f8e92e920a653f16" }, { "url": "https://git.kernel.org/stable/c/896a7e7d0d555ad8b2b46af0c2fa7de7467f9483" }, { "url": "https://git.kernel.org/stable/c/76dc776153a47372719d664e0fc50d6355791abb" }, { "url": "https://git.kernel.org/stable/c/681ff9a09accd8a4379f8bd30b7a1641ee19bb3e" }, { "url": "https://git.kernel.org/stable/c/e941b712e758f615d311946bf98216e79145ccd9" }, { "url": "https://git.kernel.org/stable/c/a95df6f04f2c37291adf26a74205cde0314d4577" }, { "url": "https://git.kernel.org/stable/c/b37c0edef4e66fb21a2fbc211471195a383e5ab8" }, { "url": "https://git.kernel.org/stable/c/0c0b4a49d3e7f49690a6827a41faeffad5df7e21" } ], "title": "ext4: fix mb_cache_entry\u0027s e_refcnt leak in ext4_xattr_block_cache_find()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39276", "datePublished": "2024-06-25T14:22:38.886Z", "dateReserved": "2024-06-24T13:53:25.552Z", "dateUpdated": "2024-11-05T14:27:26.405Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39362
Vulnerability from cvelistv5
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Show details on NVD website{ "containers": { "cna": { "providerMetadata": { "dateUpdated": "2024-07-02T19:14:42.574Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "rejectedReasons": [ { "lang": "en", "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ] } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39362", "datePublished": "2024-06-25T14:22:42.255Z", "dateRejected": "2024-07-02T19:14:42.574Z", "dateReserved": "2024-06-24T13:54:11.078Z", "dateUpdated": "2024-07-02T19:14:42.574Z", "state": "REJECTED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39464
Vulnerability from cvelistv5
Published
2024-06-25 14:25
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
media: v4l: async: Fix notifier list entry init
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:15.280Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a80d1da923f671c1e6a14e8417cd2f117b27a442" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/44f6d619c30f0c65fcdd2b6eba70fdb4460d87ad" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6d8acd02c4c6a8f917eefac1de2e035521ca119d" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-39464", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T17:08:05.187963Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:34:42.202Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/media/v4l2-core/v4l2-async.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "a80d1da923f6", "status": "affected", "version": "b8ec754ae4c5", "versionType": "git" }, { "lessThan": "44f6d619c30f", "status": "affected", "version": "b8ec754ae4c5", "versionType": "git" }, { "lessThan": "6d8acd02c4c6", "status": "affected", "version": "b8ec754ae4c5", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/media/v4l2-core/v4l2-async.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.6" }, { "lessThan": "6.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix notifier list entry init\n\nstruct v4l2_async_notifier has several list_head members, but only\nwaiting_list and done_list are initialized. notifier_entry was kept\n\u0027zeroed\u0027 leading to an uninitialized list_head.\nThis results in a NULL-pointer dereference if csi2_async_register() fails,\ne.g. node for remote endpoint is disabled, and returns -ENOTCONN.\nThe following calls to v4l2_async_nf_unregister() results in a NULL\npointer dereference.\nAdd the missing list head initializer." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:49.268Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/a80d1da923f671c1e6a14e8417cd2f117b27a442" }, { "url": "https://git.kernel.org/stable/c/44f6d619c30f0c65fcdd2b6eba70fdb4460d87ad" }, { "url": "https://git.kernel.org/stable/c/6d8acd02c4c6a8f917eefac1de2e035521ca119d" } ], "title": "media: v4l: async: Fix notifier list entry init", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39464", "datePublished": "2024-06-25T14:25:03.578Z", "dateReserved": "2024-06-25T14:23:23.744Z", "dateUpdated": "2024-11-05T09:31:49.268Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39296
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
bonding: fix oops during rmmod
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39296", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-25T20:46:46.560534Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-25T20:46:55.199Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:19:20.715Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f07224c16678a8af54ddc059b3d2d51885d7f35e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cf48aee81103ca06d09d73d33fb72f1191069aa6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a45835a0bb6ef7d5ddbc0714dd760de979cb6ece" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/net/bonding/bond_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "f07224c16678", "status": "affected", "version": "cc317ea3d927", "versionType": "git" }, { "lessThan": "cf48aee81103", "status": "affected", "version": "cc317ea3d927", "versionType": "git" }, { "lessThan": "a45835a0bb6e", "status": "affected", "version": "cc317ea3d927", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/net/bonding/bond_main.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.6" }, { "lessThan": "6.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix oops during rmmod\n\n\"rmmod bonding\" causes an oops ever since commit cc317ea3d927 (\"bonding:\nremove redundant NULL check in debugfs function\"). Here are the relevant\nfunctions being called:\n\nbonding_exit()\n bond_destroy_debugfs()\n debugfs_remove_recursive(bonding_debug_root);\n bonding_debug_root = NULL; \u003c--------- SET TO NULL HERE\n bond_netlink_fini()\n rtnl_link_unregister()\n __rtnl_link_unregister()\n unregister_netdevice_many_notify()\n bond_uninit()\n bond_debug_unregister()\n (commit removed check for bonding_debug_root == NULL)\n debugfs_remove()\n simple_recursive_removal()\n down_write() -\u003e OOPS\n\nHowever, reverting the bad commit does not solve the problem completely\nbecause the original code contains a race that could cause the same\noops, although it was much less likely to be triggered unintentionally:\n\nCPU1\n rmmod bonding\n bonding_exit()\n bond_destroy_debugfs()\n debugfs_remove_recursive(bonding_debug_root);\n\nCPU2\n echo -bond0 \u003e /sys/class/net/bonding_masters\n bond_uninit()\n bond_debug_unregister()\n if (!bonding_debug_root)\n\nCPU1\n bonding_debug_root = NULL;\n\nSo do NOT revert the bad commit (since the removed checks were racy\nanyway), and instead change the order of actions taken during module\nremoval. The same oops can also happen if there is an error during\nmodule init, so apply the same fix there." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:40.637Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/f07224c16678a8af54ddc059b3d2d51885d7f35e" }, { "url": "https://git.kernel.org/stable/c/cf48aee81103ca06d09d73d33fb72f1191069aa6" }, { "url": "https://git.kernel.org/stable/c/a45835a0bb6ef7d5ddbc0714dd760de979cb6ece" } ], "title": "bonding: fix oops during rmmod", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39296", "datePublished": "2024-06-25T14:22:40.218Z", "dateReserved": "2024-06-24T13:54:11.074Z", "dateUpdated": "2024-11-05T09:31:40.637Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-48772
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2024-11-04 12:16
Severity ?
EPSS score ?
Summary
media: lgdt3306a: Add a check against null-pointer-def
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2022-48772", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-10T16:35:41.584253Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-10T16:36:24.637Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T15:25:01.596Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8915dcd29a82096acacf54364a8425363782aea0" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b479fd59a1f4a342b69fce34f222d93bf791dca4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/526238d32c3acc3d597fd8c9a34652bfe9086cea" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d082757b8359201c3864323cea4b91ea30a1e676" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7d12e918f2994c883f41f22552a61b9310fa1e87" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8e1e00718d0d9dd83337300572561e30b9c0d115" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c1115ddbda9c930fba0fdd062e7a8873ebaf898d" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/media/dvb-frontends/lgdt3306a.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "8915dcd29a82", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "b479fd59a1f4", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "526238d32c3a", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "d082757b8359", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "7d12e918f299", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "8e1e00718d0d", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "c1115ddbda9c", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/media/dvb-frontends/lgdt3306a.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.278", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.219", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.161", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.94", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: lgdt3306a: Add a check against null-pointer-def\n\nThe driver should check whether the client provides the platform_data.\n\nThe following log reveals it:\n\n[ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40\n[ 29.610730] Read of size 40 at addr 0000000000000000 by task bash/414\n[ 29.612820] Call Trace:\n[ 29.613030] \u003cTASK\u003e\n[ 29.613201] dump_stack_lvl+0x56/0x6f\n[ 29.613496] ? kmemdup+0x30/0x40\n[ 29.613754] print_report.cold+0x494/0x6b7\n[ 29.614082] ? kmemdup+0x30/0x40\n[ 29.614340] kasan_report+0x8a/0x190\n[ 29.614628] ? kmemdup+0x30/0x40\n[ 29.614888] kasan_check_range+0x14d/0x1d0\n[ 29.615213] memcpy+0x20/0x60\n[ 29.615454] kmemdup+0x30/0x40\n[ 29.615700] lgdt3306a_probe+0x52/0x310\n[ 29.616339] i2c_device_probe+0x951/0xa90" } ], "providerMetadata": { "dateUpdated": "2024-11-04T12:16:12.090Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/8915dcd29a82096acacf54364a8425363782aea0" }, { "url": "https://git.kernel.org/stable/c/b479fd59a1f4a342b69fce34f222d93bf791dca4" }, { "url": "https://git.kernel.org/stable/c/526238d32c3acc3d597fd8c9a34652bfe9086cea" }, { "url": "https://git.kernel.org/stable/c/d082757b8359201c3864323cea4b91ea30a1e676" }, { "url": "https://git.kernel.org/stable/c/7d12e918f2994c883f41f22552a61b9310fa1e87" }, { "url": "https://git.kernel.org/stable/c/8e1e00718d0d9dd83337300572561e30b9c0d115" }, { "url": "https://git.kernel.org/stable/c/c1115ddbda9c930fba0fdd062e7a8873ebaf898d" } ], "title": "media: lgdt3306a: Add a check against null-pointer-def", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2022-48772", "datePublished": "2024-06-25T14:22:34.892Z", "dateReserved": "2024-06-20T11:09:39.061Z", "dateUpdated": "2024-11-04T12:16:12.090Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-38306
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2024-11-05 09:29
Severity ?
EPSS score ?
Summary
btrfs: protect folio::private when attaching extent buffer folios
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:04:25.336Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/952f048eb901881a7cc6f7c1368b53cd386ead7b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f3a5367c679d31473d3fbb391675055b4792c309" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-38306", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T17:08:21.055578Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:34:42.868Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/btrfs/extent_io.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "952f048eb901", "status": "affected", "version": "09e6cef19c9f", "versionType": "git" }, { "lessThan": "f3a5367c679d", "status": "affected", "version": "09e6cef19c9f", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/btrfs/extent_io.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.8" }, { "lessThan": "6.8", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: protect folio::private when attaching extent buffer folios\n\n[BUG]\nSince v6.8 there are rare kernel crashes reported by various people,\nthe common factor is bad page status error messages like this:\n\n BUG: Bad page state in process kswapd0 pfn:d6e840\n page: refcount:0 mapcount:0 mapping:000000007512f4f2 index:0x2796c2c7c\n pfn:0xd6e840\n aops:btree_aops ino:1\n flags: 0x17ffffe0000008(uptodate|node=0|zone=2|lastcpupid=0x3fffff)\n page_type: 0xffffffff()\n raw: 0017ffffe0000008 dead000000000100 dead000000000122 ffff88826d0be4c0\n raw: 00000002796c2c7c 0000000000000000 00000000ffffffff 0000000000000000\n page dumped because: non-NULL mapping\n\n[CAUSE]\nCommit 09e6cef19c9f (\"btrfs: refactor alloc_extent_buffer() to\nallocate-then-attach method\") changes the sequence when allocating a new\nextent buffer.\n\nPreviously we always called grab_extent_buffer() under\nmapping-\u003ei_private_lock, to ensure the safety on modification on\nfolio::private (which is a pointer to extent buffer for regular\nsectorsize).\n\nThis can lead to the following race:\n\nThread A is trying to allocate an extent buffer at bytenr X, with 4\n4K pages, meanwhile thread B is trying to release the page at X + 4K\n(the second page of the extent buffer at X).\n\n Thread A | Thread B\n-----------------------------------+-------------------------------------\n | btree_release_folio()\n\t\t\t\t | | This is for the page at X + 4K,\n\t\t\t\t | | Not page X.\n\t\t\t\t | |\nalloc_extent_buffer() | |- release_extent_buffer()\n|- filemap_add_folio() for the | | |- atomic_dec_and_test(eb-\u003erefs)\n| page at bytenr X (the first | | |\n| page). | | |\n| Which returned -EEXIST. | | |\n| | | |\n|- filemap_lock_folio() | | |\n| Returned the first page locked. | | |\n| | | |\n|- grab_extent_buffer() | | |\n| |- atomic_inc_not_zero() | | |\n| | Returned false | | |\n| |- folio_detach_private() | | |- folio_detach_private() for X\n| |- folio_test_private() | | |- folio_test_private()\n | Returned true | | | Returned true\n |- folio_put() | |- folio_put()\n\nNow there are two puts on the same folio at folio X, leading to refcount\nunderflow of the folio X, and eventually causing the BUG_ON() on the\npage-\u003emapping.\n\nThe condition is not that easy to hit:\n\n- The release must be triggered for the middle page of an eb\n If the release is on the same first page of an eb, page lock would kick\n in and prevent the race.\n\n- folio_detach_private() has a very small race window\n It\u0027s only between folio_test_private() and folio_clear_private().\n\nThat\u0027s exactly when mapping-\u003ei_private_lock is used to prevent such race,\nand commit 09e6cef19c9f (\"btrfs: refactor alloc_extent_buffer() to\nallocate-then-attach method\") screwed that up.\n\nAt that time, I thought the page lock would kick in as\nfilemap_release_folio() also requires the page to be locked, but forgot\nthe filemap_release_folio() only locks one page, not all pages of an\nextent buffer.\n\n[FIX]\nMove all the code requiring i_private_lock into\nattach_eb_folio_to_filemap(), so that everything is done with proper\nlock protection.\n\nFurthermore to prevent future problems, add an extra\nlockdep_assert_locked() to ensure we\u0027re holding the proper lock.\n\nTo reproducer that is able to hit the race (takes a few minutes with\ninstrumented code inserting delays to alloc_extent_buffer()):\n\n #!/bin/sh\n drop_caches () {\n\t while(true); do\n\t\t echo 3 \u003e /proc/sys/vm/drop_caches\n\t\t echo 1 \u003e /proc/sys/vm/compact_memory\n\t done\n }\n\n run_tar () {\n\t while(true); do\n\t\t for x in `seq 1 80` ; do\n\t\t\t tar cf /dev/zero /mnt \u003e /dev/null \u0026\n\t\t done\n\t\t wait\n\t done\n }\n\n mkfs.btrfs -f -d single -m single\n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:29:21.688Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/952f048eb901881a7cc6f7c1368b53cd386ead7b" }, { "url": "https://git.kernel.org/stable/c/f3a5367c679d31473d3fbb391675055b4792c309" } ], "title": "btrfs: protect folio::private when attaching extent buffer folios", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-38306", "datePublished": "2024-06-25T14:22:36.903Z", "dateReserved": "2024-06-24T13:53:25.575Z", "dateUpdated": "2024-11-05T09:29:21.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39470
Vulnerability from cvelistv5
Published
2024-06-25 14:28
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
eventfs: Fix a possible null pointer dereference in eventfs_find_events()
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:14.966Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5ade5fbdbbb1f023bb70730ba4d74146c8bc7eb9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7a1b2d138189375ed1dcd7d0851118230221bd1d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d4e9a968738bf66d3bb852dd5588d4c7afd6d7f4" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-39470", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T17:07:52.051745Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:34:41.664Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/tracefs/event_inode.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5ade5fbdbbb1", "status": "affected", "version": "628adb842bd5", "versionType": "git" }, { "lessThan": "7a1b2d138189", "status": "affected", "version": "8186fff7ab64", "versionType": "git" }, { "lessThan": "d4e9a968738b", "status": "affected", "version": "8186fff7ab64", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/tracefs/event_inode.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.8" }, { "lessThan": "6.8", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Fix a possible null pointer dereference in eventfs_find_events()\n\nIn function eventfs_find_events,there is a potential null pointer\nthat may be caused by calling update_events_attr which will perform\nsome operations on the members of the ei struct when ei is NULL.\n\nHence,When ei-\u003eis_freed is set,return NULL directly." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:56.374Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5ade5fbdbbb1f023bb70730ba4d74146c8bc7eb9" }, { "url": "https://git.kernel.org/stable/c/7a1b2d138189375ed1dcd7d0851118230221bd1d" }, { "url": "https://git.kernel.org/stable/c/d4e9a968738bf66d3bb852dd5588d4c7afd6d7f4" } ], "title": "eventfs: Fix a possible null pointer dereference in eventfs_find_events()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39470", "datePublished": "2024-06-25T14:28:56.258Z", "dateReserved": "2024-06-25T14:23:23.745Z", "dateUpdated": "2024-11-05T09:31:56.374Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39466
Vulnerability from cvelistv5
Published
2024-06-25 14:25
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
thermal/drivers/qcom/lmh: Check for SCM availability at probe
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39466", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-25T15:25:40.512960Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-25T15:25:46.393Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:15.836Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/thermal/qcom/lmh.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "2226b145afa5", "status": "affected", "version": "53bca371cdf7", "versionType": "git" }, { "lessThan": "560d69c97507", "status": "affected", "version": "53bca371cdf7", "versionType": "git" }, { "lessThan": "0a47ba94ec3d", "status": "affected", "version": "53bca371cdf7", "versionType": "git" }, { "lessThan": "aa1a0807b4a7", "status": "affected", "version": "53bca371cdf7", "versionType": "git" }, { "lessThan": "d9d3490c48df", "status": "affected", "version": "53bca371cdf7", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/thermal/qcom/lmh.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.15" }, { "lessThan": "5.15", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.161", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.94", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/qcom/lmh: Check for SCM availability at probe\n\nUp until now, the necessary scm availability check has not been\nperformed, leading to possible null pointer dereferences (which did\nhappen for me on RB1).\n\nFix that." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:51.564Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3" }, { "url": "https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665" }, { "url": "https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464" }, { "url": "https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b" }, { "url": "https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be" } ], "title": "thermal/drivers/qcom/lmh: Check for SCM availability at probe", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39466", "datePublished": "2024-06-25T14:25:04.952Z", "dateReserved": "2024-06-25T14:23:23.744Z", "dateUpdated": "2024-11-05T09:31:51.564Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39465
Vulnerability from cvelistv5
Published
2024-06-25 14:25
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
media: mgb4: Fix double debugfs remove
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:15.567Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/252204b634efffd8b167d77413c93d0192aaf5f6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/825fc49497957310e421454fe3fb8b8d8d8e2dd2" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-39465", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T17:08:01.951646Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:34:42.031Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/media/pci/mgb4/mgb4_core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "252204b634ef", "status": "affected", "version": "0ab13674a9bd", "versionType": "git" }, { "lessThan": "825fc4949795", "status": "affected", "version": "0ab13674a9bd", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/media/pci/mgb4/mgb4_core.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.7" }, { "lessThan": "6.7", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mgb4: Fix double debugfs remove\n\nFixes an error where debugfs_remove_recursive() is called first on a parent\ndirectory and then again on a child which causes a kernel panic.\n\n[hverkuil: added Fixes/Cc tags]" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:50.407Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/252204b634efffd8b167d77413c93d0192aaf5f6" }, { "url": "https://git.kernel.org/stable/c/825fc49497957310e421454fe3fb8b8d8d8e2dd2" } ], "title": "media: mgb4: Fix double debugfs remove", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39465", "datePublished": "2024-06-25T14:25:04.237Z", "dateReserved": "2024-06-25T14:23:23.744Z", "dateUpdated": "2024-11-05T09:31:50.407Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39462
Vulnerability from cvelistv5
Published
2024-06-25 14:25
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
clk: bcm: dvp: Assign ->num before accessing ->hws
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "affected", "version": "6.6" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "0dc913217fb7", "status": "affected", "version": "f316cdff8d67", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "a1dd92fca0d6", "status": "affected", "version": "f316cdff8d67", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "9368cdf90f52", "status": "affected", "version": "f316cdff8d67", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "6.6", "status": "unaffected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThanOrEqual": "6.7", "status": "unaffected", "version": "6.6.34", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThanOrEqual": "6.10", "status": "unaffected", "version": "6.9.5", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "unaffected", "version": "6.10-rc1" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-39462", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-25T17:03:11.356077Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-25T17:13:58.741Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:14.280Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0dc913217fb79096597005bba9ba738e2db5cd02" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a1dd92fca0d6b58b55ed0484f75d4205dbb77010" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9368cdf90f52a68120d039887ccff74ff33b4444" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/clk/bcm/clk-bcm2711-dvp.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "0dc913217fb7", "status": "affected", "version": "f316cdff8d67", "versionType": "git" }, { "lessThan": "a1dd92fca0d6", "status": "affected", "version": "f316cdff8d67", "versionType": "git" }, { "lessThan": "9368cdf90f52", "status": "affected", "version": "f316cdff8d67", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/clk/bcm/clk-bcm2711-dvp.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.6" }, { "lessThan": "6.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: dvp: Assign -\u003enum before accessing -\u003ehws\n\nCommit f316cdff8d67 (\"clk: Annotate struct clk_hw_onecell_data with\n__counted_by\") annotated the hws member of \u0027struct clk_hw_onecell_data\u0027\nwith __counted_by, which informs the bounds sanitizer about the number\nof elements in hws, so that it can warn when hws is accessed out of\nbounds. As noted in that change, the __counted_by member must be\ninitialized with the number of elements before the first array access\nhappens, otherwise there will be a warning from each access prior to the\ninitialization because the number of elements is zero. This occurs in\nclk_dvp_probe() due to -\u003enum being assigned after -\u003ehws has been\naccessed:\n\n UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-bcm2711-dvp.c:59:2\n index 0 is out of range for type \u0027struct clk_hw *[] __counted_by(num)\u0027 (aka \u0027struct clk_hw *[]\u0027)\n\nMove the -\u003enum initialization to before the first access of -\u003ehws, which\nclears up the warning." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:46.812Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/0dc913217fb79096597005bba9ba738e2db5cd02" }, { "url": "https://git.kernel.org/stable/c/a1dd92fca0d6b58b55ed0484f75d4205dbb77010" }, { "url": "https://git.kernel.org/stable/c/9368cdf90f52a68120d039887ccff74ff33b4444" } ], "title": "clk: bcm: dvp: Assign -\u003enum before accessing -\u003ehws", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39462", "datePublished": "2024-06-25T14:25:02.196Z", "dateReserved": "2024-06-25T14:23:23.744Z", "dateUpdated": "2024-11-05T09:31:46.812Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39293
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
Revert "xsk: Support redirect to any socket bound to the same umem"
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39293", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-25T20:47:03.644056Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-25T20:47:15.195Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:19:20.676Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/xdp/xsk.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "19cb40b10645", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "7fcf26b315bb", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/xdp/xsk.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"xsk: Support redirect to any socket bound to the same umem\"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:39.537Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5" }, { "url": "https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2" } ], "title": "Revert \"xsk: Support redirect to any socket bound to the same umem\"", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39293", "datePublished": "2024-06-25T14:22:39.550Z", "dateReserved": "2024-06-24T13:53:25.541Z", "dateUpdated": "2024-11-05T09:31:39.537Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37078
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2024-11-05 09:29
Severity ?
EPSS score ?
Summary
nilfs2: fix potential kernel bug due to lack of writeback flag waiting
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T03:43:50.879Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/95f6f81e50d858a7c9aa7c795ec14a0ac3819118" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a75b8f493dfc48aa38c518430bd9e03b53bffebe" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0ecfe3a92869a59668d27228dabbd7965e83567f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/33900d7eae616647e179eee1c66ebe654ee39627" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/271dcd977ccda8c7a26e360425ae7b4db7d2ecc0" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/614d397be0cf43412b3f94a0f6460eddced8ce92" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1f3bff69f1214fe03a02bc650d5bbfaa6e65ae7d" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/a4ca369ca221bb7e06c725792ac107f0e48e82e7" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-37078", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T17:08:24.419560Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:34:43.007Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/nilfs2/segment.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "95f6f81e50d8", "status": "affected", "version": "9ff05123e3bf", "versionType": "git" }, { "lessThan": "a75b8f493dfc", "status": "affected", "version": "9ff05123e3bf", "versionType": "git" }, { "lessThan": "0ecfe3a92869", "status": "affected", "version": "9ff05123e3bf", "versionType": "git" }, { "lessThan": "33900d7eae61", "status": "affected", "version": "9ff05123e3bf", "versionType": "git" }, { "lessThan": "271dcd977ccd", "status": "affected", "version": "9ff05123e3bf", "versionType": "git" }, { "lessThan": "614d397be0cf", "status": "affected", "version": "9ff05123e3bf", "versionType": "git" }, { "lessThan": "1f3bff69f121", "status": "affected", "version": "9ff05123e3bf", "versionType": "git" }, { "lessThan": "a4ca369ca221", "status": "affected", "version": "9ff05123e3bf", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/nilfs2/segment.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "2.6.30" }, { "lessThan": "2.6.30", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.317", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.279", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.221", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.162", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.95", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.35", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential kernel bug due to lack of writeback flag waiting\n\nDestructive writes to a block device on which nilfs2 is mounted can cause\na kernel bug in the folio/page writeback start routine or writeback end\nroutine (__folio_start_writeback in the log below):\n\n kernel BUG at mm/page-writeback.c:3070!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\n ...\n RIP: 0010:__folio_start_writeback+0xbaa/0x10e0\n Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff\n e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 \u003c0f\u003e\n 0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00\n ...\n Call Trace:\n \u003cTASK\u003e\n nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2]\n nilfs_segctor_construct+0x181/0x6b0 [nilfs2]\n nilfs_segctor_thread+0x548/0x11c0 [nilfs2]\n kthread+0x2f0/0x390\n ret_from_fork+0x4b/0x80\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nThis is because when the log writer starts a writeback for segment summary\nblocks or a super root block that use the backing device\u0027s page cache, it\ndoes not wait for the ongoing folio/page writeback, resulting in an\ninconsistent writeback state.\n\nFix this issue by waiting for ongoing writebacks when putting\nfolios/pages on the backing device into writeback state." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:29:18.338Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/95f6f81e50d858a7c9aa7c795ec14a0ac3819118" }, { "url": "https://git.kernel.org/stable/c/a75b8f493dfc48aa38c518430bd9e03b53bffebe" }, { "url": "https://git.kernel.org/stable/c/0ecfe3a92869a59668d27228dabbd7965e83567f" }, { "url": "https://git.kernel.org/stable/c/33900d7eae616647e179eee1c66ebe654ee39627" }, { "url": "https://git.kernel.org/stable/c/271dcd977ccda8c7a26e360425ae7b4db7d2ecc0" }, { "url": "https://git.kernel.org/stable/c/614d397be0cf43412b3f94a0f6460eddced8ce92" }, { "url": "https://git.kernel.org/stable/c/1f3bff69f1214fe03a02bc650d5bbfaa6e65ae7d" }, { "url": "https://git.kernel.org/stable/c/a4ca369ca221bb7e06c725792ac107f0e48e82e7" } ], "title": "nilfs2: fix potential kernel bug due to lack of writeback flag waiting", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-37078", "datePublished": "2024-06-25T14:22:35.558Z", "dateReserved": "2024-06-24T13:54:11.068Z", "dateUpdated": "2024-11-05T09:29:18.338Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39463
Vulnerability from cvelistv5
Published
2024-06-25 14:25
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
9p: add missing locking around taking dentry fid list
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:15.245Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cb299cdba09f46f090b843d78ba26b667d50a456" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fe17ebf22feb4ad7094d597526d558a49aac92b4" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:5.11:*:*:*:*:*:*:*" ], "defaultStatus": "affected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "status": "affected", "version": "5.11" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "cb299cdba09f", "status": "affected", "version": "154372e67d40", "versionType": "custom" }, { "lessThan": "f0c5c944c6d8", "status": "affected", "version": "154372e67d40", "versionType": "custom" }, { "lessThan": "fe17ebf22feb", "status": "affected", "version": "154372e67d40", "versionType": "custom" }, { "lessThan": "c898afdc1564", "status": "affected", "version": "154372e67d40", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-39463", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T03:55:21.281977Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-10T15:36:18.860Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/9p/vfs_dentry.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "3bb6763a8319", "status": "affected", "version": "154372e67d40", "versionType": "git" }, { "lessThan": "cb299cdba09f", "status": "affected", "version": "154372e67d40", "versionType": "git" }, { "lessThan": "f0c5c944c6d8", "status": "affected", "version": "154372e67d40", "versionType": "git" }, { "lessThan": "fe17ebf22feb", "status": "affected", "version": "154372e67d40", "versionType": "git" }, { "lessThan": "c898afdc1564", "status": "affected", "version": "154372e67d40", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/9p/vfs_dentry.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.11" }, { "lessThan": "5.11", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.168", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.94", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p: add missing locking around taking dentry fid list\n\nFix a use-after-free on dentry\u0027s d_fsdata fid list when a thread\nlooks up a fid through dentry while another thread unlinks it:\n\nUAF thread:\nrefcount_t: addition on 0; use-after-free.\n p9_fid_get linux/./include/net/9p/client.h:262\n v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129\n v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181\n v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314\n v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400\n vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248\n\nFreed by:\n p9_fid_destroy (inlined)\n p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456\n p9_fid_put linux/./include/net/9p/client.h:278\n v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55\n v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518\n vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335\n\nThe problem is that d_fsdata was not accessed under d_lock, because\nd_release() normally is only called once the dentry is otherwise no\nlonger accessible but since we also call it explicitly in v9fs_remove\nthat lock is required:\nmove the hlist out of the dentry under lock then unref its fids once\nthey are no longer accessible." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:48.179Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/3bb6763a8319170c2d41c4232c8e7e4c37dcacfb" }, { "url": "https://git.kernel.org/stable/c/cb299cdba09f46f090b843d78ba26b667d50a456" }, { "url": "https://git.kernel.org/stable/c/f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5" }, { "url": "https://git.kernel.org/stable/c/fe17ebf22feb4ad7094d597526d558a49aac92b4" }, { "url": "https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409" }, { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1194/" } ], "title": "9p: add missing locking around taking dentry fid list", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39463", "datePublished": "2024-06-25T14:25:02.887Z", "dateReserved": "2024-06-25T14:23:23.744Z", "dateUpdated": "2024-11-05T09:31:48.179Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-38385
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2024-11-05 09:29
Severity ?
EPSS score ?
Summary
genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:04:25.138Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-38385", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T17:08:17.872806Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:34:42.745Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "kernel/irq/irqdesc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "1c7891812d85", "status": "affected", "version": "721255b9826b", "versionType": "git" }, { "lessThan": "d084aa022f84", "status": "affected", "version": "721255b9826b", "versionType": "git" }, { "lessThan": "b84a8aba8062", "status": "affected", "version": "721255b9826b", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "kernel/irq/irqdesc.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.5" }, { "lessThan": "6.5", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()\n\nirq_find_at_or_after() dereferences the interrupt descriptor which is\nreturned by mt_find() while neither holding sparse_irq_lock nor RCU read\nlock, which means the descriptor can be freed between mt_find() and the\ndereference:\n\n CPU0 CPU1\n desc = mt_find()\n delayed_free_desc(desc)\n irq_desc_get_irq(desc)\n\nThe use-after-free is reported by KASAN:\n\n Call trace:\n irq_get_next_irq+0x58/0x84\n show_stat+0x638/0x824\n seq_read_iter+0x158/0x4ec\n proc_reg_read_iter+0x94/0x12c\n vfs_read+0x1e0/0x2c8\n\n Freed by task 4471:\n slab_free_freelist_hook+0x174/0x1e0\n __kmem_cache_free+0xa4/0x1dc\n kfree+0x64/0x128\n irq_kobj_release+0x28/0x3c\n kobject_put+0xcc/0x1e0\n delayed_free_desc+0x14/0x2c\n rcu_do_batch+0x214/0x720\n\nGuard the access with a RCU read lock section." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:29:25.050Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8" }, { "url": "https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21" }, { "url": "https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba" } ], "title": "genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-38385", "datePublished": "2024-06-25T14:22:37.560Z", "dateReserved": "2024-06-24T13:54:11.033Z", "dateUpdated": "2024-11-05T09:29:25.050Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39301
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
net/9p: fix uninit-value in p9_client_rpc()
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39301", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-25T15:42:59.168505Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-25T15:43:08.345Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:19:20.748Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/72c5d8e416ecc46af370a1340b3db5ff0b0cc867" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2101901dd58c6da4924bc5efb217a1d83436290b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/124947855564572713d705a13be7d0c9dae16a17" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/89969ffbeb948ffc159d19252e7469490103011b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ca71f204711ad24113e8b344dc5bb8b0385f5672" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6c1791130b781c843572fb6391c4a4c5d857ab17" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/fe5c604053c36c62af24eee8a76407d026ea5163" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/25460d6f39024cc3b8241b14c7ccf0d6f11a736a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "net/9p/client.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "72c5d8e416ec", "status": "affected", "version": "348b59012e5c", "versionType": "git" }, { "lessThan": "2101901dd58c", "status": "affected", "version": "348b59012e5c", "versionType": "git" }, { "lessThan": "124947855564", "status": "affected", "version": "348b59012e5c", "versionType": "git" }, { "lessThan": "89969ffbeb94", "status": "affected", "version": "348b59012e5c", "versionType": "git" }, { "lessThan": "ca71f204711a", "status": "affected", "version": "348b59012e5c", "versionType": "git" }, { "lessThan": "6c1791130b78", "status": "affected", "version": "348b59012e5c", "versionType": "git" }, { "lessThan": "fe5c604053c3", "status": "affected", "version": "348b59012e5c", "versionType": "git" }, { "lessThan": "25460d6f3902", "status": "affected", "version": "348b59012e5c", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "net/9p/client.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "3.2" }, { "lessThan": "3.2", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.316", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.278", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.219", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.161", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.94", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: fix uninit-value in p9_client_rpc()\n\nSyzbot with the help of KMSAN reported the following error:\n\nBUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline]\nBUG: KMSAN: uninit-value in p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n trace_9p_client_res include/trace/events/9p.h:146 [inline]\n p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2175 [inline]\n allocate_slab mm/slub.c:2338 [inline]\n new_slab+0x2de/0x1400 mm/slub.c:2391\n ___slab_alloc+0x1184/0x33d0 mm/slub.c:3525\n __slab_alloc mm/slub.c:3610 [inline]\n __slab_alloc_node mm/slub.c:3663 [inline]\n slab_alloc_node mm/slub.c:3835 [inline]\n kmem_cache_alloc+0x6d3/0xbe0 mm/slub.c:3852\n p9_tag_alloc net/9p/client.c:278 [inline]\n p9_client_prepare_req+0x20a/0x1770 net/9p/client.c:641\n p9_client_rpc+0x27e/0x1340 net/9p/client.c:688\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nIf p9_check_errors() fails early in p9_client_rpc(), req-\u003erc.tag\nwill not be properly initialized. However, trace_9p_client_res()\nends up trying to print it out anyway before p9_client_rpc()\nfinishes.\n\nFix this issue by assigning default values to p9_fcall fields\nsuch as \u0027tag\u0027 and (just in case KMSAN unearths something new) \u0027id\u0027\nduring the tag allocation stage." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:42.968Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/72c5d8e416ecc46af370a1340b3db5ff0b0cc867" }, { "url": "https://git.kernel.org/stable/c/2101901dd58c6da4924bc5efb217a1d83436290b" }, { "url": "https://git.kernel.org/stable/c/124947855564572713d705a13be7d0c9dae16a17" }, { "url": "https://git.kernel.org/stable/c/89969ffbeb948ffc159d19252e7469490103011b" }, { "url": "https://git.kernel.org/stable/c/ca71f204711ad24113e8b344dc5bb8b0385f5672" }, { "url": "https://git.kernel.org/stable/c/6c1791130b781c843572fb6391c4a4c5d857ab17" }, { "url": "https://git.kernel.org/stable/c/fe5c604053c36c62af24eee8a76407d026ea5163" }, { "url": "https://git.kernel.org/stable/c/25460d6f39024cc3b8241b14c7ccf0d6f11a736a" } ], "title": "net/9p: fix uninit-value in p9_client_rpc()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39301", "datePublished": "2024-06-25T14:22:41.566Z", "dateReserved": "2024-06-24T13:53:25.535Z", "dateUpdated": "2024-11-05T09:31:42.968Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39371
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
io_uring: check for non-NULL file pointer in io_file_can_poll()
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:14.280Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c2844d5e58576c55d8e8d4a9f74902d3f7be8044" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/43cfac7b88adedfb26c27834386992650f1642f3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/65561b4c1c9e01443cb76387eb36a9109e7048ee" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5fc16fa5f13b3c06fdb959ef262050bd810416a2" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-39371", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T17:08:11.447058Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:34:42.499Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "io_uring/io_uring.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "c2844d5e5857", "status": "affected", "version": "a76c0b31eef5", "versionType": "git" }, { "lessThan": "43cfac7b88ad", "status": "affected", "version": "a76c0b31eef5", "versionType": "git" }, { "lessThan": "65561b4c1c9e", "status": "affected", "version": "a76c0b31eef5", "versionType": "git" }, { "lessThan": "5fc16fa5f13b", "status": "affected", "version": "a76c0b31eef5", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "io_uring/io_uring.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "5.19" }, { "lessThan": "5.19", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.95", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.35", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check for non-NULL file pointer in io_file_can_poll()\n\nIn earlier kernels, it was possible to trigger a NULL pointer\ndereference off the forced async preparation path, if no file had\nbeen assigned. The trace leading to that looks as follows:\n\nBUG: kernel NULL pointer dereference, address: 00000000000000b0\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP\nCPU: 67 PID: 1633 Comm: buf-ring-invali Not tainted 6.8.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 2/2/2022\nRIP: 0010:io_buffer_select+0xc3/0x210\nCode: 00 00 48 39 d1 0f 82 ae 00 00 00 48 81 4b 48 00 00 01 00 48 89 73 70 0f b7 50 0c 66 89 53 42 85 ed 0f 85 d2 00 00 00 48 8b 13 \u003c48\u003e 8b 92 b0 00 00 00 48 83 7a 40 00 0f 84 21 01 00 00 4c 8b 20 5b\nRSP: 0018:ffffb7bec38c7d88 EFLAGS: 00010246\nRAX: ffff97af2be61000 RBX: ffff97af234f1700 RCX: 0000000000000040\nRDX: 0000000000000000 RSI: ffff97aecfb04820 RDI: ffff97af234f1700\nRBP: 0000000000000000 R08: 0000000000200030 R09: 0000000000000020\nR10: ffffb7bec38c7dc8 R11: 000000000000c000 R12: ffffb7bec38c7db8\nR13: ffff97aecfb05800 R14: ffff97aecfb05800 R15: ffff97af2be5e000\nFS: 00007f852f74b740(0000) GS:ffff97b1eeec0000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000000000b0 CR3: 000000016deab005 CR4: 0000000000370ef0\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x1f/0x60\n ? page_fault_oops+0x14d/0x420\n ? do_user_addr_fault+0x61/0x6a0\n ? exc_page_fault+0x6c/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? io_buffer_select+0xc3/0x210\n __io_import_iovec+0xb5/0x120\n io_readv_prep_async+0x36/0x70\n io_queue_sqe_fallback+0x20/0x260\n io_submit_sqes+0x314/0x630\n __do_sys_io_uring_enter+0x339/0xbc0\n ? __do_sys_io_uring_register+0x11b/0xc50\n ? vm_mmap_pgoff+0xce/0x160\n do_syscall_64+0x5f/0x180\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x55e0a110a67e\nCode: ba cc 00 00 00 45 31 c0 44 0f b6 92 d0 00 00 00 31 d2 41 b9 08 00 00 00 41 83 e2 01 41 c1 e2 04 41 09 c2 b8 aa 01 00 00 0f 05 \u003cc3\u003e 90 89 30 eb a9 0f 1f 40 00 48 8b 42 20 8b 00 a8 06 75 af 85 f6\n\nbecause the request is marked forced ASYNC and has a bad file fd, and\nhence takes the forced async prep path.\n\nCurrent kernels with the request async prep cleaned up can no longer hit\nthis issue, but for ease of backporting, let\u0027s add this safety check in\nhere too as it really doesn\u0027t hurt. For both cases, this will inevitably\nend with a CQE posted with -EBADF." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:44.109Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/c2844d5e58576c55d8e8d4a9f74902d3f7be8044" }, { "url": "https://git.kernel.org/stable/c/43cfac7b88adedfb26c27834386992650f1642f3" }, { "url": "https://git.kernel.org/stable/c/65561b4c1c9e01443cb76387eb36a9109e7048ee" }, { "url": "https://git.kernel.org/stable/c/5fc16fa5f13b3c06fdb959ef262050bd810416a2" } ], "title": "io_uring: check for non-NULL file pointer in io_file_can_poll()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39371", "datePublished": "2024-06-25T14:22:42.919Z", "dateReserved": "2024-06-24T13:54:11.039Z", "dateUpdated": "2024-11-05T09:31:44.109Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39298
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
mm/memory-failure: fix handling of dissolved but not taken off from buddy pages
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39298", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-25T19:51:01.322854Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-25T19:51:08.827Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:19:20.814Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/00b0752c7f15dfdf129cacc6a27d61c54141182b" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/bb9bb13ce64cc7cae47f5e2ab9ce93b7bfa0117e" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/41cd2de3c95020b7f86a3cb5fab42fbf454a63bd" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8cf360b9d6a840700e06864236a01a883b34bbad" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "mm/memory-failure.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "00b0752c7f15", "status": "affected", "version": "ceaf8fbea79a", "versionType": "git" }, { "lessThan": "bb9bb13ce64c", "status": "affected", "version": "ceaf8fbea79a", "versionType": "git" }, { "lessThan": "41cd2de3c950", "status": "affected", "version": "ceaf8fbea79a", "versionType": "git" }, { "lessThan": "8cf360b9d6a8", "status": "affected", "version": "ceaf8fbea79a", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "mm/memory-failure.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.0" }, { "lessThan": "6.0", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.95", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.35", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/memory-failure: fix handling of dissolved but not taken off from buddy pages\n\nWhen I did memory failure tests recently, below panic occurs:\n\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00\nflags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff)\nraw: 06fffe0000000000 dead000000000100 dead000000000122 0000000000000000\nraw: 0000000000000000 0000000000000009 00000000ffffffff 0000000000000000\npage dumped because: VM_BUG_ON_PAGE(!PageBuddy(page))\n------------[ cut here ]------------\nkernel BUG at include/linux/page-flags.h:1009!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:__del_page_from_free_list+0x151/0x180\nRSP: 0018:ffffa49c90437998 EFLAGS: 00000046\nRAX: 0000000000000035 RBX: 0000000000000009 RCX: ffff8dd8dfd1c9c8\nRDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff8dd8dfd1c9c0\nRBP: ffffd901233b8000 R08: ffffffffab5511f8 R09: 0000000000008c69\nR10: 0000000000003c15 R11: ffffffffab5511f8 R12: ffff8dd8fffc0c80\nR13: 0000000000000001 R14: ffff8dd8fffc0c80 R15: 0000000000000009\nFS: 00007ff916304740(0000) GS:ffff8dd8dfd00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055eae50124c8 CR3: 00000008479e0000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n __rmqueue_pcplist+0x23b/0x520\n get_page_from_freelist+0x26b/0xe40\n __alloc_pages_noprof+0x113/0x1120\n __folio_alloc_noprof+0x11/0xb0\n alloc_buddy_hugetlb_folio.isra.0+0x5a/0x130\n __alloc_fresh_hugetlb_folio+0xe7/0x140\n alloc_pool_huge_folio+0x68/0x100\n set_max_huge_pages+0x13d/0x340\n hugetlb_sysctl_handler_common+0xe8/0x110\n proc_sys_call_handler+0x194/0x280\n vfs_write+0x387/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xc2/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff916114887\nRSP: 002b:00007ffec8a2fd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000055eae500e350 RCX: 00007ff916114887\nRDX: 0000000000000004 RSI: 000055eae500e390 RDI: 0000000000000003\nRBP: 000055eae50104c0 R08: 0000000000000000 R09: 000055eae50104c0\nR10: 0000000000000077 R11: 0000000000000246 R12: 0000000000000004\nR13: 0000000000000004 R14: 00007ff916216b80 R15: 00007ff916216a00\n \u003c/TASK\u003e\nModules linked in: mce_inject hwpoison_inject\n---[ end trace 0000000000000000 ]---\n\nAnd before the panic, there had an warning about bad page state:\n\nBUG: Bad page state in process page-types pfn:8cee00\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00\nflags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff)\npage_type: 0xffffff7f(buddy)\nraw: 06fffe0000000000 ffffd901241c0008 ffffd901240f8008 0000000000000000\nraw: 0000000000000000 0000000000000009 00000000ffffff7f 0000000000000000\npage dumped because: nonzero mapcount\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 154211 Comm: page-types Not tainted 6.9.0-rc4-00499-g5544ec3178e2-dirty #22\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x83/0xa0\n bad_page+0x63/0xf0\n free_unref_page+0x36e/0x5c0\n unpoison_memory+0x50b/0x630\n simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110\n debugfs_attr_write+0x42/0x60\n full_proxy_write+0x5b/0x80\n vfs_write+0xcd/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xc2/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f189a514887\nRSP: 002b:00007ffdcd899718 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f189a514887\nRDX: 0000000000000009 RSI: 00007ffdcd899730 RDI: 0000000000000003\nRBP: 00007ffdcd8997a0 R08: 0000000000000000 R09: 00007ffdcd8994b2\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdcda199a8\nR13: 0000000000404af1 R14: 000000000040ad78 R15: 00007f189a7a5040\n \u003c/TASK\u003e\n\nThe root cause should be the below race:\n\n memory_failure\n try_memory_failure_hugetlb\n me_huge_page\n __page_handle_poison\n dissolve_free_hugetlb_folio\n drain_all_pages -- Buddy page can be isolated e.g. for compaction.\n take_page_off_buddy -- Failed as page is not in the \n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:41.802Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/00b0752c7f15dfdf129cacc6a27d61c54141182b" }, { "url": "https://git.kernel.org/stable/c/bb9bb13ce64cc7cae47f5e2ab9ce93b7bfa0117e" }, { "url": "https://git.kernel.org/stable/c/41cd2de3c95020b7f86a3cb5fab42fbf454a63bd" }, { "url": "https://git.kernel.org/stable/c/8cf360b9d6a840700e06864236a01a883b34bbad" } ], "title": "mm/memory-failure: fix handling of dissolved but not taken off from buddy pages", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39298", "datePublished": "2024-06-25T14:22:40.887Z", "dateReserved": "2024-06-24T13:53:25.515Z", "dateUpdated": "2024-11-05T09:31:41.802Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-37354
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2024-11-05 09:29
Severity ?
EPSS score ?
Summary
btrfs: fix crash on racing fsync and size-extending write into prealloc
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-37354", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-25T15:43:24.537360Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-25T15:43:32.621Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T03:50:56.095Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1ff2bd566fbcefcb892be85c493bdb92b911c428" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/3d08c52ba1887a1ff9c179d4b6a18b427bcb2097" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/f4e5ed974876c14d3623e04dc43d3e3281bc6011" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9d274c19a71b3a276949933859610721a453946b" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/btrfs/tree-log.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "1ff2bd566fbc", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "3d08c52ba188", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "f4e5ed974876", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "9d274c19a71b", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/btrfs/tree-log.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.94", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix crash on racing fsync and size-extending write into prealloc\n\nWe have been seeing crashes on duplicate keys in\nbtrfs_set_item_key_safe():\n\n BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)\n ------------[ cut here ]------------\n kernel BUG at fs/btrfs/ctree.c:2620!\n invalid opcode: 0000 [#1] PREEMPT SMP PTI\n CPU: 0 PID: 3139 Comm: xfs_io Kdump: loaded Not tainted 6.9.0 #6\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\n RIP: 0010:btrfs_set_item_key_safe+0x11f/0x290 [btrfs]\n\nWith the following stack trace:\n\n #0 btrfs_set_item_key_safe (fs/btrfs/ctree.c:2620:4)\n #1 btrfs_drop_extents (fs/btrfs/file.c:411:4)\n #2 log_one_extent (fs/btrfs/tree-log.c:4732:9)\n #3 btrfs_log_changed_extents (fs/btrfs/tree-log.c:4955:9)\n #4 btrfs_log_inode (fs/btrfs/tree-log.c:6626:9)\n #5 btrfs_log_inode_parent (fs/btrfs/tree-log.c:7070:8)\n #6 btrfs_log_dentry_safe (fs/btrfs/tree-log.c:7171:8)\n #7 btrfs_sync_file (fs/btrfs/file.c:1933:8)\n #8 vfs_fsync_range (fs/sync.c:188:9)\n #9 vfs_fsync (fs/sync.c:202:9)\n #10 do_fsync (fs/sync.c:212:9)\n #11 __do_sys_fdatasync (fs/sync.c:225:9)\n #12 __se_sys_fdatasync (fs/sync.c:223:1)\n #13 __x64_sys_fdatasync (fs/sync.c:223:1)\n #14 do_syscall_x64 (arch/x86/entry/common.c:52:14)\n #15 do_syscall_64 (arch/x86/entry/common.c:83:7)\n #16 entry_SYSCALL_64+0xaf/0x14c (arch/x86/entry/entry_64.S:121)\n\nSo we\u0027re logging a changed extent from fsync, which is splitting an\nextent in the log tree. But this split part already exists in the tree,\ntriggering the BUG().\n\nThis is the state of the log tree at the time of the crash, dumped with\ndrgn (https://github.com/osandov/drgn/blob/main/contrib/btrfs_tree.py)\nto get more details than btrfs_print_leaf() gives us:\n\n \u003e\u003e\u003e print_extent_buffer(prog.crashed_thread().stack_trace()[0][\"eb\"])\n leaf 33439744 level 0 items 72 generation 9 owner 18446744073709551610\n leaf 33439744 flags 0x100000000000000\n fs uuid e5bd3946-400c-4223-8923-190ef1f18677\n chunk uuid d58cb17e-6d02-494a-829a-18b7d8a399da\n item 0 key (450 INODE_ITEM 0) itemoff 16123 itemsize 160\n generation 7 transid 9 size 8192 nbytes 8473563889606862198\n block group 0 mode 100600 links 1 uid 0 gid 0 rdev 0\n sequence 204 flags 0x10(PREALLOC)\n atime 1716417703.220000000 (2024-05-22 15:41:43)\n ctime 1716417704.983333333 (2024-05-22 15:41:44)\n mtime 1716417704.983333333 (2024-05-22 15:41:44)\n otime 17592186044416.000000000 (559444-03-08 01:40:16)\n item 1 key (450 INODE_REF 256) itemoff 16110 itemsize 13\n index 195 namelen 3 name: 193\n item 2 key (450 XATTR_ITEM 1640047104) itemoff 16073 itemsize 37\n location key (0 UNKNOWN.0 0) type XATTR\n transid 7 data_len 1 name_len 6\n name: user.a\n data a\n item 3 key (450 EXTENT_DATA 0) itemoff 16020 itemsize 53\n generation 9 type 1 (regular)\n extent data disk byte 303144960 nr 12288\n extent data offset 0 nr 4096 ram 12288\n extent compression 0 (none)\n item 4 key (450 EXTENT_DATA 4096) itemoff 15967 itemsize 53\n generation 9 type 2 (prealloc)\n prealloc data disk byte 303144960 nr 12288\n prealloc data offset 4096 nr 8192\n item 5 key (450 EXTENT_DATA 8192) itemoff 15914 itemsize 53\n generation 9 type 2 (prealloc)\n prealloc data disk byte 303144960 nr 12288\n prealloc data offset 8192 nr 4096\n ...\n\nSo the real problem happened earlier: notice that items 4 (4k-12k) and 5\n(8k-12k) overlap. Both are prealloc extents. Item 4 straddles i_size and\nitem 5 starts at i_size.\n\nHere is the state of \n---truncated---" } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:29:19.486Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/1ff2bd566fbcefcb892be85c493bdb92b911c428" }, { "url": "https://git.kernel.org/stable/c/3d08c52ba1887a1ff9c179d4b6a18b427bcb2097" }, { "url": "https://git.kernel.org/stable/c/f4e5ed974876c14d3623e04dc43d3e3281bc6011" }, { "url": "https://git.kernel.org/stable/c/9d274c19a71b3a276949933859610721a453946b" } ], "title": "btrfs: fix crash on racing fsync and size-extending write into prealloc", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-37354", "datePublished": "2024-06-25T14:22:36.228Z", "dateReserved": "2024-06-24T13:53:25.569Z", "dateUpdated": "2024-11-05T09:29:19.486Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39467
Vulnerability from cvelistv5
Published
2024-06-25 14:25
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
References
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-39467", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-25T20:07:46.450278Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-30T14:19:38.256Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:15.173Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/c559a8d840562fbfce9f318448dda2f7d3e6d8e8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/75c87e2ac6149abf44bdde0dd6d541763ddb0dff" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1640dcf383cdba52be8b28d2a1a2aa7ef7a30c98" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8c8aa473fe6eb46a4bf99f3ea2dbe52bf0c1a1f0" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/be0155202e431f3007778568a72432c68f8946ba" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/68e3cd4ecb8603936cccdc338929130045df2e57" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/20faaf30e55522bba2b56d9c46689233205d7717" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/f2fs/inode.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "c559a8d84056", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "75c87e2ac614", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "1640dcf383cd", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "8c8aa473fe6e", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "be0155202e43", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "68e3cd4ecb86", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "20faaf30e555", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/f2fs/inode.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.278", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.219", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.161", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.94", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()\n\nsyzbot reports a kernel bug as below:\n\nF2FS-fs (loop0): Mounted with checkpoint version = 48b305e4\n==================================================================\nBUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline]\nBUG: KASAN: slab-out-of-bounds in current_nat_addr fs/f2fs/node.h:213 [inline]\nBUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600\nRead of size 1 at addr ffff88807a58c76c by task syz-executor280/5076\n\nCPU: 1 PID: 5076 Comm: syz-executor280 Not tainted 6.9.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline]\n current_nat_addr fs/f2fs/node.h:213 [inline]\n f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600\n f2fs_xattr_fiemap fs/f2fs/data.c:1848 [inline]\n f2fs_fiemap+0x55d/0x1ee0 fs/f2fs/data.c:1925\n ioctl_fiemap fs/ioctl.c:220 [inline]\n do_vfs_ioctl+0x1c07/0x2e50 fs/ioctl.c:838\n __do_sys_ioctl fs/ioctl.c:902 [inline]\n __se_sys_ioctl+0x81/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe root cause is we missed to do sanity check on i_xattr_nid during\nf2fs_iget(), so that in fiemap() path, current_nat_addr() will access\nnat_bitmap w/ offset from invalid i_xattr_nid, result in triggering\nkasan bug report, fix it." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:52.677Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/c559a8d840562fbfce9f318448dda2f7d3e6d8e8" }, { "url": "https://git.kernel.org/stable/c/75c87e2ac6149abf44bdde0dd6d541763ddb0dff" }, { "url": "https://git.kernel.org/stable/c/1640dcf383cdba52be8b28d2a1a2aa7ef7a30c98" }, { "url": "https://git.kernel.org/stable/c/8c8aa473fe6eb46a4bf99f3ea2dbe52bf0c1a1f0" }, { "url": "https://git.kernel.org/stable/c/be0155202e431f3007778568a72432c68f8946ba" }, { "url": "https://git.kernel.org/stable/c/68e3cd4ecb8603936cccdc338929130045df2e57" }, { "url": "https://git.kernel.org/stable/c/20faaf30e55522bba2b56d9c46689233205d7717" } ], "title": "f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39467", "datePublished": "2024-06-25T14:25:05.609Z", "dateReserved": "2024-06-25T14:23:23.744Z", "dateUpdated": "2024-11-05T09:31:52.677Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39471
Vulnerability from cvelistv5
Published
2024-06-25 14:28
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
drm/amdgpu: add error handle to avoid out-of-bounds
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:15.268Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-39471", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T17:07:48.948392Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:34:41.543Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5594971e0276", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "8112fa72b7f1", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "ea906e9ac61e", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "011552f29f20", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "5b0a3dc3e878", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "0964c84b93db", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "8b2faf1a4f3b", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.278", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.219", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.161", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.94", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add error handle to avoid out-of-bounds\n\nif the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should\nbe stop to avoid out-of-bounds read, so directly return -EINVAL." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:57.560Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8" }, { "url": "https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f" }, { "url": "https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a" }, { "url": "https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46" }, { "url": "https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691" }, { "url": "https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3" }, { "url": "https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520" } ], "title": "drm/amdgpu: add error handle to avoid out-of-bounds", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39471", "datePublished": "2024-06-25T14:28:56.906Z", "dateReserved": "2024-06-25T14:23:23.745Z", "dateUpdated": "2024-11-05T09:31:57.560Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-38661
Vulnerability from cvelistv5
Published
2024-06-25 14:22
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
s390/ap: Fix crash in AP internal function modify_bitmap()
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:12:26.043Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/2062e3f1f2374102f8014d7ca286b9aa527bd558" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7c72af16abf2ec7520407098360bbba312289e05" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7360cef95aa1ea2b5efb7b5e2ed32e941664e1f0" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/67011123453b91ec03671d40712fa213e94a01b9" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8c5f5911c1b13170d3404eb992c6a0deaa8d81ad" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/4c0bfb4e867c1ec6616a5049bd3618021e127056" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/7dabe54a016defe11bb2a278cd9f1ff6db3feba6" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/d4f9d5a99a3fd1b1c691b7a1a6f8f3f25f4116c9" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-38661", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T17:08:14.637796Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:34:42.611Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/s390/crypto/ap_bus.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "2062e3f1f237", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "7c72af16abf2", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "7360cef95aa1", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "67011123453b", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "8c5f5911c1b1", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "4c0bfb4e867c", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "7dabe54a016d", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "d4f9d5a99a3f", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/s390/crypto/ap_bus.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "4.19.*", "status": "unaffected", "version": "4.19.316", "versionType": "semver" }, { "lessThanOrEqual": "5.4.*", "status": "unaffected", "version": "5.4.278", "versionType": "semver" }, { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.219", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.161", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.94", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ap: Fix crash in AP internal function modify_bitmap()\n\nA system crash like this\n\n Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403\n Fault in home space mode while using kernel ASCE.\n AS:00000002d71bc007 R3:00000003fe5b8007 S:000000011a446000 P:000000015660c13d\n Oops: 0038 ilc:3 [#1] PREEMPT SMP\n Modules linked in: mlx5_ib ...\n CPU: 8 PID: 7556 Comm: bash Not tainted 6.9.0-rc7 #8\n Hardware name: IBM 3931 A01 704 (LPAR)\n Krnl PSW : 0704e00180000000 0000014b75e7b606 (ap_parse_bitmap_str+0x10e/0x1f8)\n R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\n Krnl GPRS: 0000000000000001 ffffffffffffffc0 0000000000000001 00000048f96b75d3\n 000000cb00000100 ffffffffffffffff ffffffffffffffff 000000cb7df6fce0\n 000000cb7df6fce0 00000000ffffffff 000000000000002b 00000048ffffffff\n 000003ff9b2dbc80 200000cb7df6fcd8 0000014bffffffc0 000000cb7df6fbc8\n Krnl Code: 0000014b75e7b5fc: a7840047 brc 8,0000014b75e7b68a\n 0000014b75e7b600: 18b2 lr %r11,%r2\n #0000014b75e7b602: a7f4000a brc 15,0000014b75e7b616\n \u003e0000014b75e7b606: eb22d00000e6 laog %r2,%r2,0(%r13)\n 0000014b75e7b60c: a7680001 lhi %r6,1\n 0000014b75e7b610: 187b lr %r7,%r11\n 0000014b75e7b612: 84960021 brxh %r9,%r6,0000014b75e7b654\n 0000014b75e7b616: 18e9 lr %r14,%r9\n Call Trace:\n [\u003c0000014b75e7b606\u003e] ap_parse_bitmap_str+0x10e/0x1f8\n ([\u003c0000014b75e7b5dc\u003e] ap_parse_bitmap_str+0xe4/0x1f8)\n [\u003c0000014b75e7b758\u003e] apmask_store+0x68/0x140\n [\u003c0000014b75679196\u003e] kernfs_fop_write_iter+0x14e/0x1e8\n [\u003c0000014b75598524\u003e] vfs_write+0x1b4/0x448\n [\u003c0000014b7559894c\u003e] ksys_write+0x74/0x100\n [\u003c0000014b7618a440\u003e] __do_syscall+0x268/0x328\n [\u003c0000014b761a3558\u003e] system_call+0x70/0x98\n INFO: lockdep is turned off.\n Last Breaking-Event-Address:\n [\u003c0000014b75e7b636\u003e] ap_parse_bitmap_str+0x13e/0x1f8\n Kernel panic - not syncing: Fatal exception: panic_on_oops\n\noccured when /sys/bus/ap/a[pq]mask was updated with a relative mask value\n(like +0x10-0x12,+60,-90) with one of the numeric values exceeding INT_MAX.\n\nThe fix is simple: use unsigned long values for the internal variables. The\ncorrect checks are already in place in the function but a simple int for\nthe internal variables was used with the possibility to overflow." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:27.878Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/2062e3f1f2374102f8014d7ca286b9aa527bd558" }, { "url": "https://git.kernel.org/stable/c/7c72af16abf2ec7520407098360bbba312289e05" }, { "url": "https://git.kernel.org/stable/c/7360cef95aa1ea2b5efb7b5e2ed32e941664e1f0" }, { "url": "https://git.kernel.org/stable/c/67011123453b91ec03671d40712fa213e94a01b9" }, { "url": "https://git.kernel.org/stable/c/8c5f5911c1b13170d3404eb992c6a0deaa8d81ad" }, { "url": "https://git.kernel.org/stable/c/4c0bfb4e867c1ec6616a5049bd3618021e127056" }, { "url": "https://git.kernel.org/stable/c/7dabe54a016defe11bb2a278cd9f1ff6db3feba6" }, { "url": "https://git.kernel.org/stable/c/d4f9d5a99a3fd1b1c691b7a1a6f8f3f25f4116c9" } ], "title": "s390/ap: Fix crash in AP internal function modify_bitmap()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-38661", "datePublished": "2024-06-25T14:22:38.224Z", "dateReserved": "2024-06-24T13:53:25.560Z", "dateUpdated": "2024-11-05T09:31:27.878Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39461
Vulnerability from cvelistv5
Published
2024-06-25 14:25
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
clk: bcm: rpi: Assign ->num before accessing ->hws
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:14.267Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-39461", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T17:08:08.266580Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:34:42.350Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "drivers/clk/bcm/clk-raspberrypi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "9562dbe5cdbb", "status": "affected", "version": "f316cdff8d67", "versionType": "git" }, { "lessThan": "cdf9c7871d58", "status": "affected", "version": "f316cdff8d67", "versionType": "git" }, { "lessThan": "6dc445c19050", "status": "affected", "version": "f316cdff8d67", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "drivers/clk/bcm/clk-raspberrypi.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "status": "affected", "version": "6.6" }, { "lessThan": "6.6", "status": "unaffected", "version": "0", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Assign -\u003enum before accessing -\u003ehws\n\nCommit f316cdff8d67 (\"clk: Annotate struct clk_hw_onecell_data with\n__counted_by\") annotated the hws member of \u0027struct clk_hw_onecell_data\u0027\nwith __counted_by, which informs the bounds sanitizer about the number\nof elements in hws, so that it can warn when hws is accessed out of\nbounds. As noted in that change, the __counted_by member must be\ninitialized with the number of elements before the first array access\nhappens, otherwise there will be a warning from each access prior to the\ninitialization because the number of elements is zero. This occurs in\nraspberrypi_discover_clocks() due to -\u003enum being assigned after -\u003ehws\nhas been accessed:\n\n UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4\n index 3 is out of range for type \u0027struct clk_hw *[] __counted_by(num)\u0027 (aka \u0027struct clk_hw *[]\u0027)\n\nMove the -\u003enum initialization to before the first access of -\u003ehws, which\nclears up the warning." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:45.647Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c" }, { "url": "https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920" }, { "url": "https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f" } ], "title": "clk: bcm: rpi: Assign -\u003enum before accessing -\u003ehws", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39461", "datePublished": "2024-06-25T14:25:01.453Z", "dateReserved": "2024-06-25T14:23:23.743Z", "dateUpdated": "2024-11-05T09:31:45.647Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-39468
Vulnerability from cvelistv5
Published
2024-06-25 14:28
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
smb: client: fix deadlock in smb2_find_smb_tcon()
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:26:15.555Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b055752675cd1d1db4ac9c2750db3dc3e89ea261" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/21f5dd36e655d25a7b45b61c1e537198b671f720" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/b09b556e48968317887a11243a5331a7bc00ece5" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/225de871ddf994f69a57f035709cad9c0ab8615a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/8d0f5f1ccf675454a833a573c53830a49b7d1a47" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/02c418774f76a0a36a6195c9dbf8971eb4130a15" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-39468", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-10T17:07:58.449670Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-11T17:34:41.922Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "fs/smb/client/smb2transport.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "b055752675cd", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "21f5dd36e655", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "b09b556e4896", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "225de871ddf9", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "8d0f5f1ccf67", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" }, { "lessThan": "02c418774f76", "status": "affected", "version": "1da177e4c3f4", "versionType": "git" } ] }, { "defaultStatus": "affected", "product": "Linux", "programFiles": [ "fs/smb/client/smb2transport.c" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.10.*", "status": "unaffected", "version": "5.10.221", "versionType": "semver" }, { "lessThanOrEqual": "5.15.*", "status": "unaffected", "version": "5.15.162", "versionType": "semver" }, { "lessThanOrEqual": "6.1.*", "status": "unaffected", "version": "6.1.94", "versionType": "semver" }, { "lessThanOrEqual": "6.6.*", "status": "unaffected", "version": "6.6.34", "versionType": "semver" }, { "lessThanOrEqual": "6.9.*", "status": "unaffected", "version": "6.9.5", "versionType": "semver" }, { "lessThanOrEqual": "*", "status": "unaffected", "version": "6.10", "versionType": "original_commit_for_fix" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix deadlock in smb2_find_smb_tcon()\n\nUnlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such\ndeadlock." } ], "providerMetadata": { "dateUpdated": "2024-11-05T09:31:53.834Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/b055752675cd1d1db4ac9c2750db3dc3e89ea261" }, { "url": "https://git.kernel.org/stable/c/21f5dd36e655d25a7b45b61c1e537198b671f720" }, { "url": "https://git.kernel.org/stable/c/b09b556e48968317887a11243a5331a7bc00ece5" }, { "url": "https://git.kernel.org/stable/c/225de871ddf994f69a57f035709cad9c0ab8615a" }, { "url": "https://git.kernel.org/stable/c/8d0f5f1ccf675454a833a573c53830a49b7d1a47" }, { "url": "https://git.kernel.org/stable/c/02c418774f76a0a36a6195c9dbf8971eb4130a15" } ], "title": "smb: client: fix deadlock in smb2_find_smb_tcon()", "x_generator": { "engine": "bippy-9e1c9544281a" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2024-39468", "datePublished": "2024-06-25T14:28:54.897Z", "dateReserved": "2024-06-25T14:23:23.744Z", "dateUpdated": "2024-11-05T09:31:53.834Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-4440
Vulnerability from cvelistv5
Published
2024-06-25 14:20
Modified
2024-11-04 11:30
Severity ?
EPSS score ?
Summary
x86/xen: Drop USERGS_SYSRET64 paravirt call
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "1424ab4bb386", "status": "affected", "version": "cea750c99d8f", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThan": "5.10.218", "status": "affected", "version": "5.10.215", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2021-4440", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-26T13:55:14.340611Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-26T14:00:48.356Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T17:30:07.494Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/stable/c/1424ab4bb386df9cc590c73afa55f13e9b00dea2" }, { "tags": [ "x_transferred" ], "url": "https://grsecurity.net/cve-2021-4440_linux_cna_case_study" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/x86/entry/entry_64.S", "arch/x86/include/asm/irqflags.h", "arch/x86/include/asm/paravirt.h", "arch/x86/include/asm/paravirt_types.h", "arch/x86/kernel/asm-offsets_64.c", "arch/x86/kernel/paravirt.c", "arch/x86/kernel/paravirt_patch.c", "arch/x86/xen/enlighten_pv.c", "arch/x86/xen/xen-asm.S", "arch/x86/xen/xen-ops.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "1424ab4bb386", "status": "affected", "version": "cea750c99d8f", "versionType": "git" } ] }, { "defaultStatus": "unaffected", "product": "Linux", "programFiles": [ "arch/x86/entry/entry_64.S", "arch/x86/include/asm/irqflags.h", "arch/x86/include/asm/paravirt.h", "arch/x86/include/asm/paravirt_types.h", "arch/x86/kernel/asm-offsets_64.c", "arch/x86/kernel/paravirt.c", "arch/x86/kernel/paravirt_patch.c", "arch/x86/xen/enlighten_pv.c", "arch/x86/xen/xen-asm.S", "arch/x86/xen/xen-ops.h" ], "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "vendor": "Linux", "versions": [ { "lessThan": "5.10.218", "status": "affected", "version": "5.10.215", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/xen: Drop USERGS_SYSRET64 paravirt call\n\ncommit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream.\n\nUSERGS_SYSRET64 is used to return from a syscall via SYSRET, but\na Xen PV guest will nevertheless use the IRET hypercall, as there\nis no sysret PV hypercall defined.\n\nSo instead of testing all the prerequisites for doing a sysret and\nthen mangling the stack for Xen PV again for doing an iret just use\nthe iret exit from the beginning.\n\nThis can easily be done via an ALTERNATIVE like it is done for the\nsysenter compat case already.\n\nIt should be noted that this drops the optimization in Xen for not\nrestoring a few registers when returning to user mode, but it seems\nas if the saved instructions in the kernel more than compensate for\nthis drop (a kernel build in a Xen PV guest was slightly faster with\nthis patch applied).\n\nWhile at it remove the stale sysret32 remnants.\n\n [ pawan: Brad Spengler and Salvatore Bonaccorso \u003ccarnil@debian.org\u003e\n\t reported a problem with the 5.10 backport commit edc702b4a820\n\t (\"x86/entry_64: Add VERW just before userspace transition\").\n\n\t When CONFIG_PARAVIRT_XXL=y, CLEAR_CPU_BUFFERS is not executed in\n\t syscall_return_via_sysret path as USERGS_SYSRET64 is runtime\n\t patched to:\n\n\t.cpu_usergs_sysret64 = { 0x0f, 0x01, 0xf8,\n\t\t\t\t 0x48, 0x0f, 0x07 }, // swapgs; sysretq\n\n\t which is missing CLEAR_CPU_BUFFERS. It turns out dropping\n\t USERGS_SYSRET64 simplifies the code, allowing CLEAR_CPU_BUFFERS\n\t to be explicitly added to syscall_return_via_sysret path. Below\n\t is with CONFIG_PARAVIRT_XXL=y and this patch applied:\n\n\t syscall_return_via_sysret:\n\t ...\n\t \u003c+342\u003e: swapgs\n\t \u003c+345\u003e: xchg %ax,%ax\n\t \u003c+347\u003e: verw -0x1a2(%rip) \u003c------\n\t \u003c+354\u003e: sysretq\n ]" } ], "providerMetadata": { "dateUpdated": "2024-11-04T11:30:23.940Z", "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux" }, "references": [ { "url": "https://git.kernel.org/stable/c/1424ab4bb386df9cc590c73afa55f13e9b00dea2" }, { "url": "https://grsecurity.net/cve-2021-4440_linux_cna_case_study" } ], "title": "x86/xen: Drop USERGS_SYSRET64 paravirt call", "x_generator": { "engine": "bippy-c8e10e5f6187" } } }, "cveMetadata": { "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "assignerShortName": "Linux", "cveId": "CVE-2021-4440", "datePublished": "2024-06-25T14:20:00.740Z", "dateReserved": "2024-06-25T14:16:59.867Z", "dateUpdated": "2024-11-04T11:30:23.940Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.