csaf_certbund - wid-sec-w-2024-1451

wid-sec-w-2024-1451

Vulnerability from csaf_certbund

Published

2024-06-25 22:00

Modified

2024-07-22 22:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuführen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1451 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1451.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1451 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1451"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062500-CVE-2024-39468-11d2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062500-CVE-2024-39469-a1be@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062500-CVE-2024-39470-5b25@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062501-CVE-2024-39471-3dee@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062506-CVE-2021-4440-f8f1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062512-CVE-2024-39461-cdbc@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39462-f5ec@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39463-42c8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39464-6214@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062513-CVE-2024-39465-f827@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062514-CVE-2024-39466-3da4@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062514-CVE-2024-39467-b07d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062546-CVE-2022-48772-8cbe@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-37078-3aaa@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-37354-ccfb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062547-CVE-2024-38306-c570@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-38385-4b3a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-38661-44a9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39276-5205@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062548-CVE-2024-39293-d42a@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062549-CVE-2024-39296-3976@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062549-CVE-2024-39298-53e8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062549-CVE-2024-39301-6610@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062550-CVE-2024-39362-2d27@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement vom 2024-06-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024062550-CVE-2024-39371-42fb@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2372-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018901.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2360-1 vom 2024-07-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018907.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2381-1 vom 2024-07-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018916.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2394-1 vom 2024-07-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018922.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5730 vom 2024-07-16",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00141.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2493-1 vom 2024-07-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/018984.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5731 vom 2024-07-17",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00142.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2561-1 vom 2024-07-18",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019001.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:2571-1 vom 2024-07-22",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-July/019019.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-07-22T22:00:00.000+00:00",
      "generator": {
        "date": "2024-07-23T08:03:11.199+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2024-1451",
      "initial_release_date": "2024-06-25T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-06-25T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-07-09T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-10T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-15T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-07-16T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-07-18T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-07-22T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "7"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Linux Kernel",
            "product": {
              "name": "Open Source Linux Kernel",
              "product_id": "T035642",
              "product_identification_helper": {
                "cpe": "cpe:/o:linux:linux_kernel:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-4440",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2021-4440"
    },
    {
      "cve": "CVE-2022-48772",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2022-48772"
    },
    {
      "cve": "CVE-2024-37078",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-37078"
    },
    {
      "cve": "CVE-2024-37354",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-37354"
    },
    {
      "cve": "CVE-2024-38306",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-38306"
    },
    {
      "cve": "CVE-2024-38385",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-38385"
    },
    {
      "cve": "CVE-2024-38661",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-38661"
    },
    {
      "cve": "CVE-2024-39276",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39276"
    },
    {
      "cve": "CVE-2024-39293",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39293"
    },
    {
      "cve": "CVE-2024-39296",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39296"
    },
    {
      "cve": "CVE-2024-39298",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39298"
    },
    {
      "cve": "CVE-2024-39301",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39301"
    },
    {
      "cve": "CVE-2024-39362",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39362"
    },
    {
      "cve": "CVE-2024-39371",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39371"
    },
    {
      "cve": "CVE-2024-39461",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39461"
    },
    {
      "cve": "CVE-2024-39462",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39462"
    },
    {
      "cve": "CVE-2024-39463",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39463"
    },
    {
      "cve": "CVE-2024-39464",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39464"
    },
    {
      "cve": "CVE-2024-39465",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39465"
    },
    {
      "cve": "CVE-2024-39466",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39466"
    },
    {
      "cve": "CVE-2024-39467",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39467"
    },
    {
      "cve": "CVE-2024-39468",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39468"
    },
    {
      "cve": "CVE-2024-39469",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39469"
    },
    {
      "cve": "CVE-2024-39470",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39470"
    },
    {
      "cve": "CVE-2024-39471",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in mehreren Komponenten und Subsystemen wie nilfs2, eventfs oder x86/xen, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einer NULL- Pointer-Dereferenz, einer Endlosschleife oder einem use-after-free und mehr. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand herbeizuf\u00fchren oder einen unspezifischen Angriff durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2951",
          "T002207",
          "T035642"
        ]
      },
      "release_date": "2024-06-25T22:00:00Z",
      "title": "CVE-2024-39471"
    }
  ]
}

cve-2024-39469

Vulnerability from cvelistv5

Published

2024-06-25 14:28

Modified

2024-11-05 09:31

Severity ?

Summary

nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors

References

▼	URL	Tags
	https://git.kernel.org/stable/c/2ac8a2fe22bdde9eecce2a42cf5cab79333fb428
	https://git.kernel.org/stable/c/405b71f1251e5ae865f53bd27c45114e6c83bee3
	https://git.kernel.org/stable/c/c77ad608df6c091fe64ecb91f41ef7cb465587f1
	https://git.kernel.org/stable/c/11a2edb70356a2202dcb7c9c189c8356ab4752cd
	https://git.kernel.org/stable/c/129dcd3e7d036218db3f59c82d82004b9539ed82
	https://git.kernel.org/stable/c/d18b05eda7fa77f02114f15b02c009f28ee42346
	https://git.kernel.org/stable/c/59f14875a96ef93f05b82ad3c980605f2cb444b5
	https://git.kernel.org/stable/c/7373a51e7998b508af7136530f3a997b286ce81c

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2ac8a2fe22bdde9eecce2a42cf5cab79333fb428"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/405b71f1251e5ae865f53bd27c45114e6c83bee3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c77ad608df6c091fe64ecb91f41ef7cb465587f1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/11a2edb70356a2202dcb7c9c189c8356ab4752cd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/129dcd3e7d036218db3f59c82d82004b9539ed82"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d18b05eda7fa77f02114f15b02c009f28ee42346"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/59f14875a96ef93f05b82ad3c980605f2cb444b5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7373a51e7998b508af7136530f3a997b286ce81c"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39469",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:07:55.313333Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:41.781Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2ac8a2fe22bd",
              "status": "affected",
              "version": "2ba466d74ed7",
              "versionType": "git"
            },
            {
              "lessThan": "405b71f1251e",
              "status": "affected",
              "version": "2ba466d74ed7",
              "versionType": "git"
            },
            {
              "lessThan": "c77ad608df6c",
              "status": "affected",
              "version": "2ba466d74ed7",
              "versionType": "git"
            },
            {
              "lessThan": "11a2edb70356",
              "status": "affected",
              "version": "2ba466d74ed7",
              "versionType": "git"
            },
            {
              "lessThan": "129dcd3e7d03",
              "status": "affected",
              "version": "2ba466d74ed7",
              "versionType": "git"
            },
            {
              "lessThan": "d18b05eda7fa",
              "status": "affected",
              "version": "2ba466d74ed7",
              "versionType": "git"
            },
            {
              "lessThan": "59f14875a96e",
              "status": "affected",
              "version": "2ba466d74ed7",
              "versionType": "git"
            },
            {
              "lessThan": "7373a51e7998",
              "status": "affected",
              "version": "2ba466d74ed7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors\n\nThe error handling in nilfs_empty_dir() when a directory folio/page read\nfails is incorrect, as in the old ext2 implementation, and if the\nfolio/page cannot be read or nilfs_check_folio() fails, it will falsely\ndetermine the directory as empty and corrupt the file system.\n\nIn addition, since nilfs_empty_dir() does not immediately return on a\nfailed folio/page read, but continues to loop, this can cause a long loop\nwith I/O if i_size of the directory\u0027s inode is also corrupted, causing the\nlog writer thread to wait and hang, as reported by syzbot.\n\nFix these issues by making nilfs_empty_dir() immediately return a false\nvalue (0) if it fails to get a directory folio/page."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:55.006Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2ac8a2fe22bdde9eecce2a42cf5cab79333fb428"
        },
        {
          "url": "https://git.kernel.org/stable/c/405b71f1251e5ae865f53bd27c45114e6c83bee3"
        },
        {
          "url": "https://git.kernel.org/stable/c/c77ad608df6c091fe64ecb91f41ef7cb465587f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/11a2edb70356a2202dcb7c9c189c8356ab4752cd"
        },
        {
          "url": "https://git.kernel.org/stable/c/129dcd3e7d036218db3f59c82d82004b9539ed82"
        },
        {
          "url": "https://git.kernel.org/stable/c/d18b05eda7fa77f02114f15b02c009f28ee42346"
        },
        {
          "url": "https://git.kernel.org/stable/c/59f14875a96ef93f05b82ad3c980605f2cb444b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/7373a51e7998b508af7136530f3a997b286ce81c"
        }
      ],
      "title": "nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39469",
    "datePublished": "2024-06-25T14:28:55.581Z",
    "dateReserved": "2024-06-25T14:23:23.745Z",
    "dateUpdated": "2024-11-05T09:31:55.006Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39276

Vulnerability from cvelistv5

Published

2024-06-25 14:22

Modified

2024-11-05 14:27

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()

References

▼	URL	Tags
	https://git.kernel.org/stable/c/9ad75e78747b5a50dc5a52f0f8e92e920a653f16
	https://git.kernel.org/stable/c/896a7e7d0d555ad8b2b46af0c2fa7de7467f9483
	https://git.kernel.org/stable/c/76dc776153a47372719d664e0fc50d6355791abb
	https://git.kernel.org/stable/c/681ff9a09accd8a4379f8bd30b7a1641ee19bb3e
	https://git.kernel.org/stable/c/e941b712e758f615d311946bf98216e79145ccd9
	https://git.kernel.org/stable/c/a95df6f04f2c37291adf26a74205cde0314d4577
	https://git.kernel.org/stable/c/b37c0edef4e66fb21a2fbc211471195a383e5ab8
	https://git.kernel.org/stable/c/0c0b4a49d3e7f49690a6827a41faeffad5df7e21

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-39276",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T15:26:44.344702Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-05T14:27:26.405Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:19:20.631Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9ad75e78747b5a50dc5a52f0f8e92e920a653f16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/896a7e7d0d555ad8b2b46af0c2fa7de7467f9483"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/76dc776153a47372719d664e0fc50d6355791abb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/681ff9a09accd8a4379f8bd30b7a1641ee19bb3e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e941b712e758f615d311946bf98216e79145ccd9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a95df6f04f2c37291adf26a74205cde0314d4577"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b37c0edef4e66fb21a2fbc211471195a383e5ab8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c0b4a49d3e7f49690a6827a41faeffad5df7e21"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9ad75e78747b",
              "status": "affected",
              "version": "b878c8a7f08f",
              "versionType": "git"
            },
            {
              "lessThan": "896a7e7d0d55",
              "status": "affected",
              "version": "fb265c9cb49e",
              "versionType": "git"
            },
            {
              "lessThan": "76dc776153a4",
              "status": "affected",
              "version": "fb265c9cb49e",
              "versionType": "git"
            },
            {
              "lessThan": "681ff9a09acc",
              "status": "affected",
              "version": "fb265c9cb49e",
              "versionType": "git"
            },
            {
              "lessThan": "e941b712e758",
              "status": "affected",
              "version": "fb265c9cb49e",
              "versionType": "git"
            },
            {
              "lessThan": "a95df6f04f2c",
              "status": "affected",
              "version": "fb265c9cb49e",
              "versionType": "git"
            },
            {
              "lessThan": "b37c0edef4e6",
              "status": "affected",
              "version": "fb265c9cb49e",
              "versionType": "git"
            },
            {
              "lessThan": "0c0b4a49d3e7",
              "status": "affected",
              "version": "fb265c9cb49e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.0"
            },
            {
              "lessThan": "5.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: fix mb_cache_entry\u0027s e_refcnt leak in ext4_xattr_block_cache_find()\n\nSyzbot reports a warning as follows:\n\n============================================\nWARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mb_cache_destroy+0x224/0x290\nModules linked in:\nCPU: 0 PID: 5075 Comm: syz-executor199 Not tainted 6.9.0-rc6-gb947cc5bf6d7\nRIP: 0010:mb_cache_destroy+0x224/0x290 fs/mbcache.c:419\nCall Trace:\n \u003cTASK\u003e\n ext4_put_super+0x6d4/0xcd0 fs/ext4/super.c:1375\n generic_shutdown_super+0x136/0x2d0 fs/super.c:641\n kill_block_super+0x44/0x90 fs/super.c:1675\n ext4_kill_sb+0x68/0xa0 fs/ext4/super.c:7327\n[...]\n============================================\n\nThis is because when finding an entry in ext4_xattr_block_cache_find(), if\next4_sb_bread() returns -ENOMEM, the ce\u0027s e_refcnt, which has already grown\nin the __entry_find(), won\u0027t be put away, and eventually trigger the above\nissue in mb_cache_destroy() due to reference count leakage.\n\nSo call mb_cache_entry_put() on the -ENOMEM error branch as a quick fix."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:34.848Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9ad75e78747b5a50dc5a52f0f8e92e920a653f16"
        },
        {
          "url": "https://git.kernel.org/stable/c/896a7e7d0d555ad8b2b46af0c2fa7de7467f9483"
        },
        {
          "url": "https://git.kernel.org/stable/c/76dc776153a47372719d664e0fc50d6355791abb"
        },
        {
          "url": "https://git.kernel.org/stable/c/681ff9a09accd8a4379f8bd30b7a1641ee19bb3e"
        },
        {
          "url": "https://git.kernel.org/stable/c/e941b712e758f615d311946bf98216e79145ccd9"
        },
        {
          "url": "https://git.kernel.org/stable/c/a95df6f04f2c37291adf26a74205cde0314d4577"
        },
        {
          "url": "https://git.kernel.org/stable/c/b37c0edef4e66fb21a2fbc211471195a383e5ab8"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c0b4a49d3e7f49690a6827a41faeffad5df7e21"
        }
      ],
      "title": "ext4: fix mb_cache_entry\u0027s e_refcnt leak in ext4_xattr_block_cache_find()",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39276",
    "datePublished": "2024-06-25T14:22:38.886Z",
    "dateReserved": "2024-06-24T13:53:25.552Z",
    "dateUpdated": "2024-11-05T14:27:26.405Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39362

Vulnerability from cvelistv5

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2024-07-02T19:14:42.574Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39362",
    "datePublished": "2024-06-25T14:22:42.255Z",
    "dateRejected": "2024-07-02T19:14:42.574Z",
    "dateReserved": "2024-06-24T13:54:11.078Z",
    "dateUpdated": "2024-07-02T19:14:42.574Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39464

Vulnerability from cvelistv5

Published

2024-06-25 14:25

Modified

2024-11-05 09:31

Severity ?

Summary

media: v4l: async: Fix notifier list entry init

References

▼	URL	Tags
	https://git.kernel.org/stable/c/a80d1da923f671c1e6a14e8417cd2f117b27a442
	https://git.kernel.org/stable/c/44f6d619c30f0c65fcdd2b6eba70fdb4460d87ad
	https://git.kernel.org/stable/c/6d8acd02c4c6a8f917eefac1de2e035521ca119d

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.280Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a80d1da923f671c1e6a14e8417cd2f117b27a442"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/44f6d619c30f0c65fcdd2b6eba70fdb4460d87ad"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d8acd02c4c6a8f917eefac1de2e035521ca119d"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39464",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:05.187963Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:42.202Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/v4l2-core/v4l2-async.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a80d1da923f6",
              "status": "affected",
              "version": "b8ec754ae4c5",
              "versionType": "git"
            },
            {
              "lessThan": "44f6d619c30f",
              "status": "affected",
              "version": "b8ec754ae4c5",
              "versionType": "git"
            },
            {
              "lessThan": "6d8acd02c4c6",
              "status": "affected",
              "version": "b8ec754ae4c5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/v4l2-core/v4l2-async.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Fix notifier list entry init\n\nstruct v4l2_async_notifier has several list_head members, but only\nwaiting_list and done_list are initialized. notifier_entry was kept\n\u0027zeroed\u0027 leading to an uninitialized list_head.\nThis results in a NULL-pointer dereference if csi2_async_register() fails,\ne.g. node for remote endpoint is disabled, and returns -ENOTCONN.\nThe following calls to v4l2_async_nf_unregister() results in a NULL\npointer dereference.\nAdd the missing list head initializer."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:49.268Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a80d1da923f671c1e6a14e8417cd2f117b27a442"
        },
        {
          "url": "https://git.kernel.org/stable/c/44f6d619c30f0c65fcdd2b6eba70fdb4460d87ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d8acd02c4c6a8f917eefac1de2e035521ca119d"
        }
      ],
      "title": "media: v4l: async: Fix notifier list entry init",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39464",
    "datePublished": "2024-06-25T14:25:03.578Z",
    "dateReserved": "2024-06-25T14:23:23.744Z",
    "dateUpdated": "2024-11-05T09:31:49.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39296

Vulnerability from cvelistv5

Published

2024-06-25 14:22

Modified

2024-11-05 09:31

Severity ?

Summary

bonding: fix oops during rmmod

References

▼	URL	Tags
	https://git.kernel.org/stable/c/f07224c16678a8af54ddc059b3d2d51885d7f35e
	https://git.kernel.org/stable/c/cf48aee81103ca06d09d73d33fb72f1191069aa6
	https://git.kernel.org/stable/c/a45835a0bb6ef7d5ddbc0714dd760de979cb6ece

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T20:46:46.560534Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T20:46:55.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:19:20.715Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f07224c16678a8af54ddc059b3d2d51885d7f35e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf48aee81103ca06d09d73d33fb72f1191069aa6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a45835a0bb6ef7d5ddbc0714dd760de979cb6ece"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f07224c16678",
              "status": "affected",
              "version": "cc317ea3d927",
              "versionType": "git"
            },
            {
              "lessThan": "cf48aee81103",
              "status": "affected",
              "version": "cc317ea3d927",
              "versionType": "git"
            },
            {
              "lessThan": "a45835a0bb6e",
              "status": "affected",
              "version": "cc317ea3d927",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix oops during rmmod\n\n\"rmmod bonding\" causes an oops ever since commit cc317ea3d927 (\"bonding:\nremove redundant NULL check in debugfs function\").  Here are the relevant\nfunctions being called:\n\nbonding_exit()\n  bond_destroy_debugfs()\n    debugfs_remove_recursive(bonding_debug_root);\n    bonding_debug_root = NULL; \u003c--------- SET TO NULL HERE\n  bond_netlink_fini()\n    rtnl_link_unregister()\n      __rtnl_link_unregister()\n        unregister_netdevice_many_notify()\n          bond_uninit()\n            bond_debug_unregister()\n              (commit removed check for bonding_debug_root == NULL)\n              debugfs_remove()\n              simple_recursive_removal()\n                down_write() -\u003e OOPS\n\nHowever, reverting the bad commit does not solve the problem completely\nbecause the original code contains a race that could cause the same\noops, although it was much less likely to be triggered unintentionally:\n\nCPU1\n  rmmod bonding\n    bonding_exit()\n      bond_destroy_debugfs()\n        debugfs_remove_recursive(bonding_debug_root);\n\nCPU2\n  echo -bond0 \u003e /sys/class/net/bonding_masters\n    bond_uninit()\n      bond_debug_unregister()\n        if (!bonding_debug_root)\n\nCPU1\n        bonding_debug_root = NULL;\n\nSo do NOT revert the bad commit (since the removed checks were racy\nanyway), and instead change the order of actions taken during module\nremoval.  The same oops can also happen if there is an error during\nmodule init, so apply the same fix there."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:40.637Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f07224c16678a8af54ddc059b3d2d51885d7f35e"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf48aee81103ca06d09d73d33fb72f1191069aa6"
        },
        {
          "url": "https://git.kernel.org/stable/c/a45835a0bb6ef7d5ddbc0714dd760de979cb6ece"
        }
      ],
      "title": "bonding: fix oops during rmmod",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39296",
    "datePublished": "2024-06-25T14:22:40.218Z",
    "dateReserved": "2024-06-24T13:54:11.074Z",
    "dateUpdated": "2024-11-05T09:31:40.637Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-48772

Vulnerability from cvelistv5

Published

2024-06-25 14:22

Modified

2024-11-04 12:16

Severity ?

Summary

media: lgdt3306a: Add a check against null-pointer-def

References

▼	URL	Tags
	https://git.kernel.org/stable/c/8915dcd29a82096acacf54364a8425363782aea0
	https://git.kernel.org/stable/c/b479fd59a1f4a342b69fce34f222d93bf791dca4
	https://git.kernel.org/stable/c/526238d32c3acc3d597fd8c9a34652bfe9086cea
	https://git.kernel.org/stable/c/d082757b8359201c3864323cea4b91ea30a1e676
	https://git.kernel.org/stable/c/7d12e918f2994c883f41f22552a61b9310fa1e87
	https://git.kernel.org/stable/c/8e1e00718d0d9dd83337300572561e30b9c0d115
	https://git.kernel.org/stable/c/c1115ddbda9c930fba0fdd062e7a8873ebaf898d

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48772",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-10T16:35:41.584253Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T16:36:24.637Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:25:01.596Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8915dcd29a82096acacf54364a8425363782aea0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b479fd59a1f4a342b69fce34f222d93bf791dca4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/526238d32c3acc3d597fd8c9a34652bfe9086cea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d082757b8359201c3864323cea4b91ea30a1e676"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d12e918f2994c883f41f22552a61b9310fa1e87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8e1e00718d0d9dd83337300572561e30b9c0d115"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c1115ddbda9c930fba0fdd062e7a8873ebaf898d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-frontends/lgdt3306a.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8915dcd29a82",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "b479fd59a1f4",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "526238d32c3a",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "d082757b8359",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "7d12e918f299",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "8e1e00718d0d",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "c1115ddbda9c",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-frontends/lgdt3306a.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: lgdt3306a: Add a check against null-pointer-def\n\nThe driver should check whether the client provides the platform_data.\n\nThe following log reveals it:\n\n[   29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40\n[   29.610730] Read of size 40 at addr 0000000000000000 by task bash/414\n[   29.612820] Call Trace:\n[   29.613030]  \u003cTASK\u003e\n[   29.613201]  dump_stack_lvl+0x56/0x6f\n[   29.613496]  ? kmemdup+0x30/0x40\n[   29.613754]  print_report.cold+0x494/0x6b7\n[   29.614082]  ? kmemdup+0x30/0x40\n[   29.614340]  kasan_report+0x8a/0x190\n[   29.614628]  ? kmemdup+0x30/0x40\n[   29.614888]  kasan_check_range+0x14d/0x1d0\n[   29.615213]  memcpy+0x20/0x60\n[   29.615454]  kmemdup+0x30/0x40\n[   29.615700]  lgdt3306a_probe+0x52/0x310\n[   29.616339]  i2c_device_probe+0x951/0xa90"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T12:16:12.090Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8915dcd29a82096acacf54364a8425363782aea0"
        },
        {
          "url": "https://git.kernel.org/stable/c/b479fd59a1f4a342b69fce34f222d93bf791dca4"
        },
        {
          "url": "https://git.kernel.org/stable/c/526238d32c3acc3d597fd8c9a34652bfe9086cea"
        },
        {
          "url": "https://git.kernel.org/stable/c/d082757b8359201c3864323cea4b91ea30a1e676"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d12e918f2994c883f41f22552a61b9310fa1e87"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e1e00718d0d9dd83337300572561e30b9c0d115"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1115ddbda9c930fba0fdd062e7a8873ebaf898d"
        }
      ],
      "title": "media: lgdt3306a: Add a check against null-pointer-def",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48772",
    "datePublished": "2024-06-25T14:22:34.892Z",
    "dateReserved": "2024-06-20T11:09:39.061Z",
    "dateUpdated": "2024-11-04T12:16:12.090Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-38306

Vulnerability from cvelistv5

Published

2024-06-25 14:22

Modified

2024-11-05 09:29

Severity ?

Summary

btrfs: protect folio::private when attaching extent buffer folios

References

▼	URL	Tags
	https://git.kernel.org/stable/c/952f048eb901881a7cc6f7c1368b53cd386ead7b
	https://git.kernel.org/stable/c/f3a5367c679d31473d3fbb391675055b4792c309

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:04:25.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/952f048eb901881a7cc6f7c1368b53cd386ead7b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f3a5367c679d31473d3fbb391675055b4792c309"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38306",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:21.055578Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:42.868Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/extent_io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "952f048eb901",
              "status": "affected",
              "version": "09e6cef19c9f",
              "versionType": "git"
            },
            {
              "lessThan": "f3a5367c679d",
              "status": "affected",
              "version": "09e6cef19c9f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/extent_io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: protect folio::private when attaching extent buffer folios\n\n[BUG]\nSince v6.8 there are rare kernel crashes reported by various people,\nthe common factor is bad page status error messages like this:\n\n  BUG: Bad page state in process kswapd0  pfn:d6e840\n  page: refcount:0 mapcount:0 mapping:000000007512f4f2 index:0x2796c2c7c\n  pfn:0xd6e840\n  aops:btree_aops ino:1\n  flags: 0x17ffffe0000008(uptodate|node=0|zone=2|lastcpupid=0x3fffff)\n  page_type: 0xffffffff()\n  raw: 0017ffffe0000008 dead000000000100 dead000000000122 ffff88826d0be4c0\n  raw: 00000002796c2c7c 0000000000000000 00000000ffffffff 0000000000000000\n  page dumped because: non-NULL mapping\n\n[CAUSE]\nCommit 09e6cef19c9f (\"btrfs: refactor alloc_extent_buffer() to\nallocate-then-attach method\") changes the sequence when allocating a new\nextent buffer.\n\nPreviously we always called grab_extent_buffer() under\nmapping-\u003ei_private_lock, to ensure the safety on modification on\nfolio::private (which is a pointer to extent buffer for regular\nsectorsize).\n\nThis can lead to the following race:\n\nThread A is trying to allocate an extent buffer at bytenr X, with 4\n4K pages, meanwhile thread B is trying to release the page at X + 4K\n(the second page of the extent buffer at X).\n\n           Thread A                |                 Thread B\n-----------------------------------+-------------------------------------\n                                   | btree_release_folio()\n\t\t\t\t   | | This is for the page at X + 4K,\n\t\t\t\t   | | Not page X.\n\t\t\t\t   | |\nalloc_extent_buffer()              | |- release_extent_buffer()\n|- filemap_add_folio() for the     | |  |- atomic_dec_and_test(eb-\u003erefs)\n|  page at bytenr X (the first     | |  |\n|  page).                          | |  |\n|  Which returned -EEXIST.         | |  |\n|                                  | |  |\n|- filemap_lock_folio()            | |  |\n|  Returned the first page locked. | |  |\n|                                  | |  |\n|- grab_extent_buffer()            | |  |\n|  |- atomic_inc_not_zero()        | |  |\n|  |  Returned false               | |  |\n|  |- folio_detach_private()       | |  |- folio_detach_private() for X\n|     |- folio_test_private()      | |     |- folio_test_private()\n      |  Returned true             | |     |  Returned true\n      |- folio_put()               |       |- folio_put()\n\nNow there are two puts on the same folio at folio X, leading to refcount\nunderflow of the folio X, and eventually causing the BUG_ON() on the\npage-\u003emapping.\n\nThe condition is not that easy to hit:\n\n- The release must be triggered for the middle page of an eb\n  If the release is on the same first page of an eb, page lock would kick\n  in and prevent the race.\n\n- folio_detach_private() has a very small race window\n  It\u0027s only between folio_test_private() and folio_clear_private().\n\nThat\u0027s exactly when mapping-\u003ei_private_lock is used to prevent such race,\nand commit 09e6cef19c9f (\"btrfs: refactor alloc_extent_buffer() to\nallocate-then-attach method\") screwed that up.\n\nAt that time, I thought the page lock would kick in as\nfilemap_release_folio() also requires the page to be locked, but forgot\nthe filemap_release_folio() only locks one page, not all pages of an\nextent buffer.\n\n[FIX]\nMove all the code requiring i_private_lock into\nattach_eb_folio_to_filemap(), so that everything is done with proper\nlock protection.\n\nFurthermore to prevent future problems, add an extra\nlockdep_assert_locked() to ensure we\u0027re holding the proper lock.\n\nTo reproducer that is able to hit the race (takes a few minutes with\ninstrumented code inserting delays to alloc_extent_buffer()):\n\n  #!/bin/sh\n  drop_caches () {\n\t  while(true); do\n\t\t  echo 3 \u003e /proc/sys/vm/drop_caches\n\t\t  echo 1 \u003e /proc/sys/vm/compact_memory\n\t  done\n  }\n\n  run_tar () {\n\t  while(true); do\n\t\t  for x in `seq 1 80` ; do\n\t\t\t  tar cf /dev/zero /mnt \u003e /dev/null \u0026\n\t\t  done\n\t\t  wait\n\t  done\n  }\n\n  mkfs.btrfs -f -d single -m single\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:29:21.688Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/952f048eb901881a7cc6f7c1368b53cd386ead7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f3a5367c679d31473d3fbb391675055b4792c309"
        }
      ],
      "title": "btrfs: protect folio::private when attaching extent buffer folios",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38306",
    "datePublished": "2024-06-25T14:22:36.903Z",
    "dateReserved": "2024-06-24T13:53:25.575Z",
    "dateUpdated": "2024-11-05T09:29:21.688Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39470

Vulnerability from cvelistv5

Published

2024-06-25 14:28

Modified

2024-11-05 09:31

Severity ?

Summary

eventfs: Fix a possible null pointer dereference in eventfs_find_events()

References

▼	URL	Tags
	https://git.kernel.org/stable/c/5ade5fbdbbb1f023bb70730ba4d74146c8bc7eb9
	https://git.kernel.org/stable/c/7a1b2d138189375ed1dcd7d0851118230221bd1d
	https://git.kernel.org/stable/c/d4e9a968738bf66d3bb852dd5588d4c7afd6d7f4

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:14.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ade5fbdbbb1f023bb70730ba4d74146c8bc7eb9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7a1b2d138189375ed1dcd7d0851118230221bd1d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d4e9a968738bf66d3bb852dd5588d4c7afd6d7f4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39470",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:07:52.051745Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:41.664Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/tracefs/event_inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5ade5fbdbbb1",
              "status": "affected",
              "version": "628adb842bd5",
              "versionType": "git"
            },
            {
              "lessThan": "7a1b2d138189",
              "status": "affected",
              "version": "8186fff7ab64",
              "versionType": "git"
            },
            {
              "lessThan": "d4e9a968738b",
              "status": "affected",
              "version": "8186fff7ab64",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/tracefs/event_inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\neventfs: Fix a possible null pointer dereference in eventfs_find_events()\n\nIn function eventfs_find_events,there is a potential null pointer\nthat may be caused by calling update_events_attr which will perform\nsome operations on the members of the ei struct when ei is NULL.\n\nHence,When ei-\u003eis_freed is set,return NULL directly."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:56.374Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5ade5fbdbbb1f023bb70730ba4d74146c8bc7eb9"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a1b2d138189375ed1dcd7d0851118230221bd1d"
        },
        {
          "url": "https://git.kernel.org/stable/c/d4e9a968738bf66d3bb852dd5588d4c7afd6d7f4"
        }
      ],
      "title": "eventfs: Fix a possible null pointer dereference in eventfs_find_events()",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39470",
    "datePublished": "2024-06-25T14:28:56.258Z",
    "dateReserved": "2024-06-25T14:23:23.745Z",
    "dateUpdated": "2024-11-05T09:31:56.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39466

Vulnerability from cvelistv5

Published

2024-06-25 14:25

Modified

2024-11-05 09:31

Severity ?

Summary

thermal/drivers/qcom/lmh: Check for SCM availability at probe

References

▼	URL	Tags
	https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3
	https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665
	https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464
	https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b
	https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39466",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T15:25:40.512960Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T15:25:46.393Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.836Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/thermal/qcom/lmh.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2226b145afa5",
              "status": "affected",
              "version": "53bca371cdf7",
              "versionType": "git"
            },
            {
              "lessThan": "560d69c97507",
              "status": "affected",
              "version": "53bca371cdf7",
              "versionType": "git"
            },
            {
              "lessThan": "0a47ba94ec3d",
              "status": "affected",
              "version": "53bca371cdf7",
              "versionType": "git"
            },
            {
              "lessThan": "aa1a0807b4a7",
              "status": "affected",
              "version": "53bca371cdf7",
              "versionType": "git"
            },
            {
              "lessThan": "d9d3490c48df",
              "status": "affected",
              "version": "53bca371cdf7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/thermal/qcom/lmh.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/drivers/qcom/lmh: Check for SCM availability at probe\n\nUp until now, the necessary scm availability check has not been\nperformed, leading to possible null pointer dereferences (which did\nhappen for me on RB1).\n\nFix that."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:51.564Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2226b145afa5e13cb60dbe77fb20fb0666a1caf3"
        },
        {
          "url": "https://git.kernel.org/stable/c/560d69c975072974c11434ca6953891e74c1a665"
        },
        {
          "url": "https://git.kernel.org/stable/c/0a47ba94ec3d8f782b33e3d970cfcb769b962464"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa1a0807b4a76b44fb6b58a7e9087cd4b18ab41b"
        },
        {
          "url": "https://git.kernel.org/stable/c/d9d3490c48df572edefc0b64655259eefdcbb9be"
        }
      ],
      "title": "thermal/drivers/qcom/lmh: Check for SCM availability at probe",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39466",
    "datePublished": "2024-06-25T14:25:04.952Z",
    "dateReserved": "2024-06-25T14:23:23.744Z",
    "dateUpdated": "2024-11-05T09:31:51.564Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39465

Vulnerability from cvelistv5

Published

2024-06-25 14:25

Modified

2024-11-05 09:31

Severity ?

Summary

media: mgb4: Fix double debugfs remove

References

▼	URL	Tags
	https://git.kernel.org/stable/c/252204b634efffd8b167d77413c93d0192aaf5f6
	https://git.kernel.org/stable/c/825fc49497957310e421454fe3fb8b8d8d8e2dd2

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.567Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/252204b634efffd8b167d77413c93d0192aaf5f6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/825fc49497957310e421454fe3fb8b8d8d8e2dd2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39465",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:01.951646Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:42.031Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/pci/mgb4/mgb4_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "252204b634ef",
              "status": "affected",
              "version": "0ab13674a9bd",
              "versionType": "git"
            },
            {
              "lessThan": "825fc4949795",
              "status": "affected",
              "version": "0ab13674a9bd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/pci/mgb4/mgb4_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mgb4: Fix double debugfs remove\n\nFixes an error where debugfs_remove_recursive() is called first on a parent\ndirectory and then again on a child which causes a kernel panic.\n\n[hverkuil: added Fixes/Cc tags]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:50.407Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/252204b634efffd8b167d77413c93d0192aaf5f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/825fc49497957310e421454fe3fb8b8d8d8e2dd2"
        }
      ],
      "title": "media: mgb4: Fix double debugfs remove",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39465",
    "datePublished": "2024-06-25T14:25:04.237Z",
    "dateReserved": "2024-06-25T14:23:23.744Z",
    "dateUpdated": "2024-11-05T09:31:50.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39462

Vulnerability from cvelistv5

Published

2024-06-25 14:25

Modified

2024-11-05 09:31

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

clk: bcm: dvp: Assign ->num before accessing ->hws

References

▼	URL	Tags
	https://git.kernel.org/stable/c/0dc913217fb79096597005bba9ba738e2db5cd02
	https://git.kernel.org/stable/c/a1dd92fca0d6b58b55ed0484f75d4205dbb77010
	https://git.kernel.org/stable/c/9368cdf90f52a68120d039887ccff74ff33b4444

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "6.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "0dc913217fb7",
                "status": "affected",
                "version": "f316cdff8d67",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "a1dd92fca0d6",
                "status": "affected",
                "version": "f316cdff8d67",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "9368cdf90f52",
                "status": "affected",
                "version": "f316cdff8d67",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.6",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.7",
                "status": "unaffected",
                "version": "6.6.34",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.10",
                "status": "unaffected",
                "version": "6.9.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.10-rc1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-39462",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T17:03:11.356077Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T17:13:58.741Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:14.280Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0dc913217fb79096597005bba9ba738e2db5cd02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a1dd92fca0d6b58b55ed0484f75d4205dbb77010"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9368cdf90f52a68120d039887ccff74ff33b4444"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/bcm/clk-bcm2711-dvp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0dc913217fb7",
              "status": "affected",
              "version": "f316cdff8d67",
              "versionType": "git"
            },
            {
              "lessThan": "a1dd92fca0d6",
              "status": "affected",
              "version": "f316cdff8d67",
              "versionType": "git"
            },
            {
              "lessThan": "9368cdf90f52",
              "status": "affected",
              "version": "f316cdff8d67",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/bcm/clk-bcm2711-dvp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: dvp: Assign -\u003enum before accessing -\u003ehws\n\nCommit f316cdff8d67 (\"clk: Annotate struct clk_hw_onecell_data with\n__counted_by\") annotated the hws member of \u0027struct clk_hw_onecell_data\u0027\nwith __counted_by, which informs the bounds sanitizer about the number\nof elements in hws, so that it can warn when hws is accessed out of\nbounds. As noted in that change, the __counted_by member must be\ninitialized with the number of elements before the first array access\nhappens, otherwise there will be a warning from each access prior to the\ninitialization because the number of elements is zero. This occurs in\nclk_dvp_probe() due to -\u003enum being assigned after -\u003ehws has been\naccessed:\n\n  UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-bcm2711-dvp.c:59:2\n  index 0 is out of range for type \u0027struct clk_hw *[] __counted_by(num)\u0027 (aka \u0027struct clk_hw *[]\u0027)\n\nMove the -\u003enum initialization to before the first access of -\u003ehws, which\nclears up the warning."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:46.812Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0dc913217fb79096597005bba9ba738e2db5cd02"
        },
        {
          "url": "https://git.kernel.org/stable/c/a1dd92fca0d6b58b55ed0484f75d4205dbb77010"
        },
        {
          "url": "https://git.kernel.org/stable/c/9368cdf90f52a68120d039887ccff74ff33b4444"
        }
      ],
      "title": "clk: bcm: dvp: Assign -\u003enum before accessing -\u003ehws",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39462",
    "datePublished": "2024-06-25T14:25:02.196Z",
    "dateReserved": "2024-06-25T14:23:23.744Z",
    "dateUpdated": "2024-11-05T09:31:46.812Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39293

Vulnerability from cvelistv5

Published

2024-06-25 14:22

Modified

2024-11-05 09:31

Severity ?

Summary

Revert "xsk: Support redirect to any socket bound to the same umem"

References

▼	URL	Tags
	https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5
	https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39293",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T20:47:03.644056Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T20:47:15.195Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:19:20.676Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/xdp/xsk.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "19cb40b10645",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "7fcf26b315bb",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/xdp/xsk.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"xsk: Support redirect to any socket bound to the same umem\"\n\nThis reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db.\n\nThis patch introduced a potential kernel crash when multiple napi instances\nredirect to the same AF_XDP socket. By removing the queue_index check, it is\npossible for multiple napi instances to access the Rx ring at the same time,\nwhich will result in a corrupted ring state which can lead to a crash when\nflushing the rings in __xsk_flush(). This can happen when the linked list of\nsockets to flush gets corrupted by concurrent accesses. A quick and small fix\nis not possible, so let us revert this for now."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:39.537Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/19cb40b1064566ea09538289bfcf5bc7ecb9b6f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/7fcf26b315bbb728036da0862de6b335da83dff2"
        }
      ],
      "title": "Revert \"xsk: Support redirect to any socket bound to the same umem\"",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39293",
    "datePublished": "2024-06-25T14:22:39.550Z",
    "dateReserved": "2024-06-24T13:53:25.541Z",
    "dateUpdated": "2024-11-05T09:31:39.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-37078

Vulnerability from cvelistv5

Published

2024-06-25 14:22

Modified

2024-11-05 09:29

Severity ?

Summary

nilfs2: fix potential kernel bug due to lack of writeback flag waiting

References

▼	URL	Tags
	https://git.kernel.org/stable/c/95f6f81e50d858a7c9aa7c795ec14a0ac3819118
	https://git.kernel.org/stable/c/a75b8f493dfc48aa38c518430bd9e03b53bffebe
	https://git.kernel.org/stable/c/0ecfe3a92869a59668d27228dabbd7965e83567f
	https://git.kernel.org/stable/c/33900d7eae616647e179eee1c66ebe654ee39627
	https://git.kernel.org/stable/c/271dcd977ccda8c7a26e360425ae7b4db7d2ecc0
	https://git.kernel.org/stable/c/614d397be0cf43412b3f94a0f6460eddced8ce92
	https://git.kernel.org/stable/c/1f3bff69f1214fe03a02bc650d5bbfaa6e65ae7d
	https://git.kernel.org/stable/c/a4ca369ca221bb7e06c725792ac107f0e48e82e7

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/95f6f81e50d858a7c9aa7c795ec14a0ac3819118"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a75b8f493dfc48aa38c518430bd9e03b53bffebe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0ecfe3a92869a59668d27228dabbd7965e83567f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/33900d7eae616647e179eee1c66ebe654ee39627"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/271dcd977ccda8c7a26e360425ae7b4db7d2ecc0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/614d397be0cf43412b3f94a0f6460eddced8ce92"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1f3bff69f1214fe03a02bc650d5bbfaa6e65ae7d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a4ca369ca221bb7e06c725792ac107f0e48e82e7"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37078",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:24.419560Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:43.007Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/segment.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "95f6f81e50d8",
              "status": "affected",
              "version": "9ff05123e3bf",
              "versionType": "git"
            },
            {
              "lessThan": "a75b8f493dfc",
              "status": "affected",
              "version": "9ff05123e3bf",
              "versionType": "git"
            },
            {
              "lessThan": "0ecfe3a92869",
              "status": "affected",
              "version": "9ff05123e3bf",
              "versionType": "git"
            },
            {
              "lessThan": "33900d7eae61",
              "status": "affected",
              "version": "9ff05123e3bf",
              "versionType": "git"
            },
            {
              "lessThan": "271dcd977ccd",
              "status": "affected",
              "version": "9ff05123e3bf",
              "versionType": "git"
            },
            {
              "lessThan": "614d397be0cf",
              "status": "affected",
              "version": "9ff05123e3bf",
              "versionType": "git"
            },
            {
              "lessThan": "1f3bff69f121",
              "status": "affected",
              "version": "9ff05123e3bf",
              "versionType": "git"
            },
            {
              "lessThan": "a4ca369ca221",
              "status": "affected",
              "version": "9ff05123e3bf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/segment.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential kernel bug due to lack of writeback flag waiting\n\nDestructive writes to a block device on which nilfs2 is mounted can cause\na kernel bug in the folio/page writeback start routine or writeback end\nroutine (__folio_start_writeback in the log below):\n\n kernel BUG at mm/page-writeback.c:3070!\n Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\n ...\n RIP: 0010:__folio_start_writeback+0xbaa/0x10e0\n Code: 25 ff 0f 00 00 0f 84 18 01 00 00 e8 40 ca c6 ff e9 17 f6 ff ff\n  e8 36 ca c6 ff 4c 89 f7 48 c7 c6 80 c0 12 84 e8 e7 b3 0f 00 90 \u003c0f\u003e\n  0b e8 1f ca c6 ff 4c 89 f7 48 c7 c6 a0 c6 12 84 e8 d0 b3 0f 00\n ...\n Call Trace:\n  \u003cTASK\u003e\n  nilfs_segctor_do_construct+0x4654/0x69d0 [nilfs2]\n  nilfs_segctor_construct+0x181/0x6b0 [nilfs2]\n  nilfs_segctor_thread+0x548/0x11c0 [nilfs2]\n  kthread+0x2f0/0x390\n  ret_from_fork+0x4b/0x80\n  ret_from_fork_asm+0x1a/0x30\n  \u003c/TASK\u003e\n\nThis is because when the log writer starts a writeback for segment summary\nblocks or a super root block that use the backing device\u0027s page cache, it\ndoes not wait for the ongoing folio/page writeback, resulting in an\ninconsistent writeback state.\n\nFix this issue by waiting for ongoing writebacks when putting\nfolios/pages on the backing device into writeback state."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:29:18.338Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/95f6f81e50d858a7c9aa7c795ec14a0ac3819118"
        },
        {
          "url": "https://git.kernel.org/stable/c/a75b8f493dfc48aa38c518430bd9e03b53bffebe"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ecfe3a92869a59668d27228dabbd7965e83567f"
        },
        {
          "url": "https://git.kernel.org/stable/c/33900d7eae616647e179eee1c66ebe654ee39627"
        },
        {
          "url": "https://git.kernel.org/stable/c/271dcd977ccda8c7a26e360425ae7b4db7d2ecc0"
        },
        {
          "url": "https://git.kernel.org/stable/c/614d397be0cf43412b3f94a0f6460eddced8ce92"
        },
        {
          "url": "https://git.kernel.org/stable/c/1f3bff69f1214fe03a02bc650d5bbfaa6e65ae7d"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4ca369ca221bb7e06c725792ac107f0e48e82e7"
        }
      ],
      "title": "nilfs2: fix potential kernel bug due to lack of writeback flag waiting",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-37078",
    "datePublished": "2024-06-25T14:22:35.558Z",
    "dateReserved": "2024-06-24T13:54:11.068Z",
    "dateUpdated": "2024-11-05T09:29:18.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39463

Vulnerability from cvelistv5

Published

2024-06-25 14:25

Modified

2024-11-05 09:31

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

9p: add missing locking around taking dentry fid list

References

▼	URL	Tags
	https://git.kernel.org/stable/c/3bb6763a8319170c2d41c4232c8e7e4c37dcacfb
	https://git.kernel.org/stable/c/cb299cdba09f46f090b843d78ba26b667d50a456
	https://git.kernel.org/stable/c/f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5
	https://git.kernel.org/stable/c/fe17ebf22feb4ad7094d597526d558a49aac92b4
	https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409
	https://www.zerodayinitiative.com/advisories/ZDI-24-1194/

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.245Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cb299cdba09f46f090b843d78ba26b667d50a456"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fe17ebf22feb4ad7094d597526d558a49aac92b4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:5.11:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "5.11"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "cb299cdba09f",
                "status": "affected",
                "version": "154372e67d40",
                "versionType": "custom"
              },
              {
                "lessThan": "f0c5c944c6d8",
                "status": "affected",
                "version": "154372e67d40",
                "versionType": "custom"
              },
              {
                "lessThan": "fe17ebf22feb",
                "status": "affected",
                "version": "154372e67d40",
                "versionType": "custom"
              },
              {
                "lessThan": "c898afdc1564",
                "status": "affected",
                "version": "154372e67d40",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-39463",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T03:55:21.281977Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-10T15:36:18.860Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/9p/vfs_dentry.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3bb6763a8319",
              "status": "affected",
              "version": "154372e67d40",
              "versionType": "git"
            },
            {
              "lessThan": "cb299cdba09f",
              "status": "affected",
              "version": "154372e67d40",
              "versionType": "git"
            },
            {
              "lessThan": "f0c5c944c6d8",
              "status": "affected",
              "version": "154372e67d40",
              "versionType": "git"
            },
            {
              "lessThan": "fe17ebf22feb",
              "status": "affected",
              "version": "154372e67d40",
              "versionType": "git"
            },
            {
              "lessThan": "c898afdc1564",
              "status": "affected",
              "version": "154372e67d40",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/9p/vfs_dentry.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\n9p: add missing locking around taking dentry fid list\n\nFix a use-after-free on dentry\u0027s d_fsdata fid list when a thread\nlooks up a fid through dentry while another thread unlinks it:\n\nUAF thread:\nrefcount_t: addition on 0; use-after-free.\n p9_fid_get linux/./include/net/9p/client.h:262\n v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129\n v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181\n v9fs_fid_lookup+0xbf/0xc20 linux/fs/9p/fid.c:314\n v9fs_vfs_getattr_dotl+0xf9/0x360 linux/fs/9p/vfs_inode_dotl.c:400\n vfs_statx+0xdd/0x4d0 linux/fs/stat.c:248\n\nFreed by:\n p9_fid_destroy (inlined)\n p9_client_clunk+0xb0/0xe0 linux/net/9p/client.c:1456\n p9_fid_put linux/./include/net/9p/client.h:278\n v9fs_dentry_release+0xb5/0x140 linux/fs/9p/vfs_dentry.c:55\n v9fs_remove+0x38f/0x620 linux/fs/9p/vfs_inode.c:518\n vfs_unlink+0x29a/0x810 linux/fs/namei.c:4335\n\nThe problem is that d_fsdata was not accessed under d_lock, because\nd_release() normally is only called once the dentry is otherwise no\nlonger accessible but since we also call it explicitly in v9fs_remove\nthat lock is required:\nmove the hlist out of the dentry under lock then unref its fids once\nthey are no longer accessible."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:48.179Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3bb6763a8319170c2d41c4232c8e7e4c37dcacfb"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb299cdba09f46f090b843d78ba26b667d50a456"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0c5c944c6d8614c19e6e9a97fd2011dcd30e8f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe17ebf22feb4ad7094d597526d558a49aac92b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/c898afdc15645efb555acb6d85b484eb40a45409"
        },
        {
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1194/"
        }
      ],
      "title": "9p: add missing locking around taking dentry fid list",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39463",
    "datePublished": "2024-06-25T14:25:02.887Z",
    "dateReserved": "2024-06-25T14:23:23.744Z",
    "dateUpdated": "2024-11-05T09:31:48.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-38385

Vulnerability from cvelistv5

Published

2024-06-25 14:22

Modified

2024-11-05 09:29

Severity ?

Summary

genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()

References

▼	URL	Tags
	https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8
	https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21
	https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:04:25.138Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38385",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:17.872806Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:42.745Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/irq/irqdesc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1c7891812d85",
              "status": "affected",
              "version": "721255b9826b",
              "versionType": "git"
            },
            {
              "lessThan": "d084aa022f84",
              "status": "affected",
              "version": "721255b9826b",
              "versionType": "git"
            },
            {
              "lessThan": "b84a8aba8062",
              "status": "affected",
              "version": "721255b9826b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/irq/irqdesc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngenirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()\n\nirq_find_at_or_after() dereferences the interrupt descriptor which is\nreturned by mt_find() while neither holding sparse_irq_lock nor RCU read\nlock, which means the descriptor can be freed between mt_find() and the\ndereference:\n\n    CPU0                            CPU1\n    desc = mt_find()\n                                    delayed_free_desc(desc)\n    irq_desc_get_irq(desc)\n\nThe use-after-free is reported by KASAN:\n\n    Call trace:\n     irq_get_next_irq+0x58/0x84\n     show_stat+0x638/0x824\n     seq_read_iter+0x158/0x4ec\n     proc_reg_read_iter+0x94/0x12c\n     vfs_read+0x1e0/0x2c8\n\n    Freed by task 4471:\n     slab_free_freelist_hook+0x174/0x1e0\n     __kmem_cache_free+0xa4/0x1dc\n     kfree+0x64/0x128\n     irq_kobj_release+0x28/0x3c\n     kobject_put+0xcc/0x1e0\n     delayed_free_desc+0x14/0x2c\n     rcu_do_batch+0x214/0x720\n\nGuard the access with a RCU read lock section."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:29:25.050Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1c7891812d85500ae2ca4051fa5683fcf29930d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/d084aa022f84319f8079e30882cbcbc026af9f21"
        },
        {
          "url": "https://git.kernel.org/stable/c/b84a8aba806261d2f759ccedf4a2a6a80a5e55ba"
        }
      ],
      "title": "genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after()",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38385",
    "datePublished": "2024-06-25T14:22:37.560Z",
    "dateReserved": "2024-06-24T13:54:11.033Z",
    "dateUpdated": "2024-11-05T09:29:25.050Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39301

Vulnerability from cvelistv5

Published

2024-06-25 14:22

Modified

2024-11-05 09:31

Severity ?

Summary

net/9p: fix uninit-value in p9_client_rpc()

References

▼	URL	Tags
	https://git.kernel.org/stable/c/72c5d8e416ecc46af370a1340b3db5ff0b0cc867
	https://git.kernel.org/stable/c/2101901dd58c6da4924bc5efb217a1d83436290b
	https://git.kernel.org/stable/c/124947855564572713d705a13be7d0c9dae16a17
	https://git.kernel.org/stable/c/89969ffbeb948ffc159d19252e7469490103011b
	https://git.kernel.org/stable/c/ca71f204711ad24113e8b344dc5bb8b0385f5672
	https://git.kernel.org/stable/c/6c1791130b781c843572fb6391c4a4c5d857ab17
	https://git.kernel.org/stable/c/fe5c604053c36c62af24eee8a76407d026ea5163
	https://git.kernel.org/stable/c/25460d6f39024cc3b8241b14c7ccf0d6f11a736a

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39301",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T15:42:59.168505Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T15:43:08.345Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:19:20.748Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/72c5d8e416ecc46af370a1340b3db5ff0b0cc867"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2101901dd58c6da4924bc5efb217a1d83436290b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/124947855564572713d705a13be7d0c9dae16a17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/89969ffbeb948ffc159d19252e7469490103011b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca71f204711ad24113e8b344dc5bb8b0385f5672"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6c1791130b781c843572fb6391c4a4c5d857ab17"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fe5c604053c36c62af24eee8a76407d026ea5163"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/25460d6f39024cc3b8241b14c7ccf0d6f11a736a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/9p/client.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "72c5d8e416ec",
              "status": "affected",
              "version": "348b59012e5c",
              "versionType": "git"
            },
            {
              "lessThan": "2101901dd58c",
              "status": "affected",
              "version": "348b59012e5c",
              "versionType": "git"
            },
            {
              "lessThan": "124947855564",
              "status": "affected",
              "version": "348b59012e5c",
              "versionType": "git"
            },
            {
              "lessThan": "89969ffbeb94",
              "status": "affected",
              "version": "348b59012e5c",
              "versionType": "git"
            },
            {
              "lessThan": "ca71f204711a",
              "status": "affected",
              "version": "348b59012e5c",
              "versionType": "git"
            },
            {
              "lessThan": "6c1791130b78",
              "status": "affected",
              "version": "348b59012e5c",
              "versionType": "git"
            },
            {
              "lessThan": "fe5c604053c3",
              "status": "affected",
              "version": "348b59012e5c",
              "versionType": "git"
            },
            {
              "lessThan": "25460d6f3902",
              "status": "affected",
              "version": "348b59012e5c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/9p/client.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.2"
            },
            {
              "lessThan": "3.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/9p: fix uninit-value in p9_client_rpc()\n\nSyzbot with the help of KMSAN reported the following error:\n\nBUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline]\nBUG: KMSAN: uninit-value in p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n trace_9p_client_res include/trace/events/9p.h:146 [inline]\n p9_client_rpc+0x1314/0x1340 net/9p/client.c:754\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nUninit was created at:\n __alloc_pages+0x9d6/0xe70 mm/page_alloc.c:4598\n __alloc_pages_node include/linux/gfp.h:238 [inline]\n alloc_pages_node include/linux/gfp.h:261 [inline]\n alloc_slab_page mm/slub.c:2175 [inline]\n allocate_slab mm/slub.c:2338 [inline]\n new_slab+0x2de/0x1400 mm/slub.c:2391\n ___slab_alloc+0x1184/0x33d0 mm/slub.c:3525\n __slab_alloc mm/slub.c:3610 [inline]\n __slab_alloc_node mm/slub.c:3663 [inline]\n slab_alloc_node mm/slub.c:3835 [inline]\n kmem_cache_alloc+0x6d3/0xbe0 mm/slub.c:3852\n p9_tag_alloc net/9p/client.c:278 [inline]\n p9_client_prepare_req+0x20a/0x1770 net/9p/client.c:641\n p9_client_rpc+0x27e/0x1340 net/9p/client.c:688\n p9_client_create+0x1551/0x1ff0 net/9p/client.c:1031\n v9fs_session_init+0x1b9/0x28e0 fs/9p/v9fs.c:410\n v9fs_mount+0xe2/0x12b0 fs/9p/vfs_super.c:122\n legacy_get_tree+0x114/0x290 fs/fs_context.c:662\n vfs_get_tree+0xa7/0x570 fs/super.c:1797\n do_new_mount+0x71f/0x15e0 fs/namespace.c:3352\n path_mount+0x742/0x1f20 fs/namespace.c:3679\n do_mount fs/namespace.c:3692 [inline]\n __do_sys_mount fs/namespace.c:3898 [inline]\n __se_sys_mount+0x725/0x810 fs/namespace.c:3875\n __x64_sys_mount+0xe4/0x150 fs/namespace.c:3875\n do_syscall_64+0xd5/0x1f0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nIf p9_check_errors() fails early in p9_client_rpc(), req-\u003erc.tag\nwill not be properly initialized. However, trace_9p_client_res()\nends up trying to print it out anyway before p9_client_rpc()\nfinishes.\n\nFix this issue by assigning default values to p9_fcall fields\nsuch as \u0027tag\u0027 and (just in case KMSAN unearths something new) \u0027id\u0027\nduring the tag allocation stage."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:42.968Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/72c5d8e416ecc46af370a1340b3db5ff0b0cc867"
        },
        {
          "url": "https://git.kernel.org/stable/c/2101901dd58c6da4924bc5efb217a1d83436290b"
        },
        {
          "url": "https://git.kernel.org/stable/c/124947855564572713d705a13be7d0c9dae16a17"
        },
        {
          "url": "https://git.kernel.org/stable/c/89969ffbeb948ffc159d19252e7469490103011b"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca71f204711ad24113e8b344dc5bb8b0385f5672"
        },
        {
          "url": "https://git.kernel.org/stable/c/6c1791130b781c843572fb6391c4a4c5d857ab17"
        },
        {
          "url": "https://git.kernel.org/stable/c/fe5c604053c36c62af24eee8a76407d026ea5163"
        },
        {
          "url": "https://git.kernel.org/stable/c/25460d6f39024cc3b8241b14c7ccf0d6f11a736a"
        }
      ],
      "title": "net/9p: fix uninit-value in p9_client_rpc()",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39301",
    "datePublished": "2024-06-25T14:22:41.566Z",
    "dateReserved": "2024-06-24T13:53:25.535Z",
    "dateUpdated": "2024-11-05T09:31:42.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39371

Vulnerability from cvelistv5

Published

2024-06-25 14:22

Modified

2024-11-05 09:31

Severity ?

Summary

io_uring: check for non-NULL file pointer in io_file_can_poll()

References

▼	URL	Tags
	https://git.kernel.org/stable/c/c2844d5e58576c55d8e8d4a9f74902d3f7be8044
	https://git.kernel.org/stable/c/43cfac7b88adedfb26c27834386992650f1642f3
	https://git.kernel.org/stable/c/65561b4c1c9e01443cb76387eb36a9109e7048ee
	https://git.kernel.org/stable/c/5fc16fa5f13b3c06fdb959ef262050bd810416a2

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:14.280Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c2844d5e58576c55d8e8d4a9f74902d3f7be8044"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/43cfac7b88adedfb26c27834386992650f1642f3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/65561b4c1c9e01443cb76387eb36a9109e7048ee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5fc16fa5f13b3c06fdb959ef262050bd810416a2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39371",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:11.447058Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:42.499Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "io_uring/io_uring.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c2844d5e5857",
              "status": "affected",
              "version": "a76c0b31eef5",
              "versionType": "git"
            },
            {
              "lessThan": "43cfac7b88ad",
              "status": "affected",
              "version": "a76c0b31eef5",
              "versionType": "git"
            },
            {
              "lessThan": "65561b4c1c9e",
              "status": "affected",
              "version": "a76c0b31eef5",
              "versionType": "git"
            },
            {
              "lessThan": "5fc16fa5f13b",
              "status": "affected",
              "version": "a76c0b31eef5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "io_uring/io_uring.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: check for non-NULL file pointer in io_file_can_poll()\n\nIn earlier kernels, it was possible to trigger a NULL pointer\ndereference off the forced async preparation path, if no file had\nbeen assigned. The trace leading to that looks as follows:\n\nBUG: kernel NULL pointer dereference, address: 00000000000000b0\nPGD 0 P4D 0\nOops: 0000 [#1] PREEMPT SMP\nCPU: 67 PID: 1633 Comm: buf-ring-invali Not tainted 6.8.0-rc3+ #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 2/2/2022\nRIP: 0010:io_buffer_select+0xc3/0x210\nCode: 00 00 48 39 d1 0f 82 ae 00 00 00 48 81 4b 48 00 00 01 00 48 89 73 70 0f b7 50 0c 66 89 53 42 85 ed 0f 85 d2 00 00 00 48 8b 13 \u003c48\u003e 8b 92 b0 00 00 00 48 83 7a 40 00 0f 84 21 01 00 00 4c 8b 20 5b\nRSP: 0018:ffffb7bec38c7d88 EFLAGS: 00010246\nRAX: ffff97af2be61000 RBX: ffff97af234f1700 RCX: 0000000000000040\nRDX: 0000000000000000 RSI: ffff97aecfb04820 RDI: ffff97af234f1700\nRBP: 0000000000000000 R08: 0000000000200030 R09: 0000000000000020\nR10: ffffb7bec38c7dc8 R11: 000000000000c000 R12: ffffb7bec38c7db8\nR13: ffff97aecfb05800 R14: ffff97aecfb05800 R15: ffff97af2be5e000\nFS:  00007f852f74b740(0000) GS:ffff97b1eeec0000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00000000000000b0 CR3: 000000016deab005 CR4: 0000000000370ef0\nCall Trace:\n \u003cTASK\u003e\n ? __die+0x1f/0x60\n ? page_fault_oops+0x14d/0x420\n ? do_user_addr_fault+0x61/0x6a0\n ? exc_page_fault+0x6c/0x150\n ? asm_exc_page_fault+0x22/0x30\n ? io_buffer_select+0xc3/0x210\n __io_import_iovec+0xb5/0x120\n io_readv_prep_async+0x36/0x70\n io_queue_sqe_fallback+0x20/0x260\n io_submit_sqes+0x314/0x630\n __do_sys_io_uring_enter+0x339/0xbc0\n ? __do_sys_io_uring_register+0x11b/0xc50\n ? vm_mmap_pgoff+0xce/0x160\n do_syscall_64+0x5f/0x180\n entry_SYSCALL_64_after_hwframe+0x46/0x4e\nRIP: 0033:0x55e0a110a67e\nCode: ba cc 00 00 00 45 31 c0 44 0f b6 92 d0 00 00 00 31 d2 41 b9 08 00 00 00 41 83 e2 01 41 c1 e2 04 41 09 c2 b8 aa 01 00 00 0f 05 \u003cc3\u003e 90 89 30 eb a9 0f 1f 40 00 48 8b 42 20 8b 00 a8 06 75 af 85 f6\n\nbecause the request is marked forced ASYNC and has a bad file fd, and\nhence takes the forced async prep path.\n\nCurrent kernels with the request async prep cleaned up can no longer hit\nthis issue, but for ease of backporting, let\u0027s add this safety check in\nhere too as it really doesn\u0027t hurt. For both cases, this will inevitably\nend with a CQE posted with -EBADF."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:44.109Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c2844d5e58576c55d8e8d4a9f74902d3f7be8044"
        },
        {
          "url": "https://git.kernel.org/stable/c/43cfac7b88adedfb26c27834386992650f1642f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/65561b4c1c9e01443cb76387eb36a9109e7048ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/5fc16fa5f13b3c06fdb959ef262050bd810416a2"
        }
      ],
      "title": "io_uring: check for non-NULL file pointer in io_file_can_poll()",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39371",
    "datePublished": "2024-06-25T14:22:42.919Z",
    "dateReserved": "2024-06-24T13:54:11.039Z",
    "dateUpdated": "2024-11-05T09:31:44.109Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39298

Vulnerability from cvelistv5

Published

2024-06-25 14:22

Modified

2024-11-05 09:31

Severity ?

Summary

mm/memory-failure: fix handling of dissolved but not taken off from buddy pages

References

▼	URL	Tags
	https://git.kernel.org/stable/c/00b0752c7f15dfdf129cacc6a27d61c54141182b
	https://git.kernel.org/stable/c/bb9bb13ce64cc7cae47f5e2ab9ce93b7bfa0117e
	https://git.kernel.org/stable/c/41cd2de3c95020b7f86a3cb5fab42fbf454a63bd
	https://git.kernel.org/stable/c/8cf360b9d6a840700e06864236a01a883b34bbad

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39298",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T19:51:01.322854Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T19:51:08.827Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:19:20.814Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/00b0752c7f15dfdf129cacc6a27d61c54141182b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bb9bb13ce64cc7cae47f5e2ab9ce93b7bfa0117e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/41cd2de3c95020b7f86a3cb5fab42fbf454a63bd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8cf360b9d6a840700e06864236a01a883b34bbad"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/memory-failure.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "00b0752c7f15",
              "status": "affected",
              "version": "ceaf8fbea79a",
              "versionType": "git"
            },
            {
              "lessThan": "bb9bb13ce64c",
              "status": "affected",
              "version": "ceaf8fbea79a",
              "versionType": "git"
            },
            {
              "lessThan": "41cd2de3c950",
              "status": "affected",
              "version": "ceaf8fbea79a",
              "versionType": "git"
            },
            {
              "lessThan": "8cf360b9d6a8",
              "status": "affected",
              "version": "ceaf8fbea79a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/memory-failure.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/memory-failure: fix handling of dissolved but not taken off from buddy pages\n\nWhen I did memory failure tests recently, below panic occurs:\n\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00\nflags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff)\nraw: 06fffe0000000000 dead000000000100 dead000000000122 0000000000000000\nraw: 0000000000000000 0000000000000009 00000000ffffffff 0000000000000000\npage dumped because: VM_BUG_ON_PAGE(!PageBuddy(page))\n------------[ cut here ]------------\nkernel BUG at include/linux/page-flags.h:1009!\ninvalid opcode: 0000 [#1] PREEMPT SMP NOPTI\nRIP: 0010:__del_page_from_free_list+0x151/0x180\nRSP: 0018:ffffa49c90437998 EFLAGS: 00000046\nRAX: 0000000000000035 RBX: 0000000000000009 RCX: ffff8dd8dfd1c9c8\nRDX: 0000000000000000 RSI: 0000000000000027 RDI: ffff8dd8dfd1c9c0\nRBP: ffffd901233b8000 R08: ffffffffab5511f8 R09: 0000000000008c69\nR10: 0000000000003c15 R11: ffffffffab5511f8 R12: ffff8dd8fffc0c80\nR13: 0000000000000001 R14: ffff8dd8fffc0c80 R15: 0000000000000009\nFS:  00007ff916304740(0000) GS:ffff8dd8dfd00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055eae50124c8 CR3: 00000008479e0000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n __rmqueue_pcplist+0x23b/0x520\n get_page_from_freelist+0x26b/0xe40\n __alloc_pages_noprof+0x113/0x1120\n __folio_alloc_noprof+0x11/0xb0\n alloc_buddy_hugetlb_folio.isra.0+0x5a/0x130\n __alloc_fresh_hugetlb_folio+0xe7/0x140\n alloc_pool_huge_folio+0x68/0x100\n set_max_huge_pages+0x13d/0x340\n hugetlb_sysctl_handler_common+0xe8/0x110\n proc_sys_call_handler+0x194/0x280\n vfs_write+0x387/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xc2/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff916114887\nRSP: 002b:00007ffec8a2fd78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 000055eae500e350 RCX: 00007ff916114887\nRDX: 0000000000000004 RSI: 000055eae500e390 RDI: 0000000000000003\nRBP: 000055eae50104c0 R08: 0000000000000000 R09: 000055eae50104c0\nR10: 0000000000000077 R11: 0000000000000246 R12: 0000000000000004\nR13: 0000000000000004 R14: 00007ff916216b80 R15: 00007ff916216a00\n \u003c/TASK\u003e\nModules linked in: mce_inject hwpoison_inject\n---[ end trace 0000000000000000 ]---\n\nAnd before the panic, there had an warning about bad page state:\n\nBUG: Bad page state in process page-types  pfn:8cee00\npage: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x8cee00\nflags: 0x6fffe0000000000(node=1|zone=2|lastcpupid=0x7fff)\npage_type: 0xffffff7f(buddy)\nraw: 06fffe0000000000 ffffd901241c0008 ffffd901240f8008 0000000000000000\nraw: 0000000000000000 0000000000000009 00000000ffffff7f 0000000000000000\npage dumped because: nonzero mapcount\nModules linked in: mce_inject hwpoison_inject\nCPU: 8 PID: 154211 Comm: page-types Not tainted 6.9.0-rc4-00499-g5544ec3178e2-dirty #22\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x83/0xa0\n bad_page+0x63/0xf0\n free_unref_page+0x36e/0x5c0\n unpoison_memory+0x50b/0x630\n simple_attr_write_xsigned.constprop.0.isra.0+0xb3/0x110\n debugfs_attr_write+0x42/0x60\n full_proxy_write+0x5b/0x80\n vfs_write+0xcd/0x550\n ksys_write+0x64/0xe0\n do_syscall_64+0xc2/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7f189a514887\nRSP: 002b:00007ffdcd899718 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f189a514887\nRDX: 0000000000000009 RSI: 00007ffdcd899730 RDI: 0000000000000003\nRBP: 00007ffdcd8997a0 R08: 0000000000000000 R09: 00007ffdcd8994b2\nR10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdcda199a8\nR13: 0000000000404af1 R14: 000000000040ad78 R15: 00007f189a7a5040\n \u003c/TASK\u003e\n\nThe root cause should be the below race:\n\n memory_failure\n  try_memory_failure_hugetlb\n   me_huge_page\n    __page_handle_poison\n     dissolve_free_hugetlb_folio\n     drain_all_pages -- Buddy page can be isolated e.g. for compaction.\n     take_page_off_buddy -- Failed as page is not in the \n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:41.802Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/00b0752c7f15dfdf129cacc6a27d61c54141182b"
        },
        {
          "url": "https://git.kernel.org/stable/c/bb9bb13ce64cc7cae47f5e2ab9ce93b7bfa0117e"
        },
        {
          "url": "https://git.kernel.org/stable/c/41cd2de3c95020b7f86a3cb5fab42fbf454a63bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/8cf360b9d6a840700e06864236a01a883b34bbad"
        }
      ],
      "title": "mm/memory-failure: fix handling of dissolved but not taken off from buddy pages",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39298",
    "datePublished": "2024-06-25T14:22:40.887Z",
    "dateReserved": "2024-06-24T13:53:25.515Z",
    "dateUpdated": "2024-11-05T09:31:41.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-37354

Vulnerability from cvelistv5

Published

2024-06-25 14:22

Modified

2024-11-05 09:29

Severity ?

Summary

btrfs: fix crash on racing fsync and size-extending write into prealloc

References

▼	URL	Tags
	https://git.kernel.org/stable/c/1ff2bd566fbcefcb892be85c493bdb92b911c428
	https://git.kernel.org/stable/c/3d08c52ba1887a1ff9c179d4b6a18b427bcb2097
	https://git.kernel.org/stable/c/f4e5ed974876c14d3623e04dc43d3e3281bc6011
	https://git.kernel.org/stable/c/9d274c19a71b3a276949933859610721a453946b

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37354",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T15:43:24.537360Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T15:43:32.621Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:50:56.095Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1ff2bd566fbcefcb892be85c493bdb92b911c428"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d08c52ba1887a1ff9c179d4b6a18b427bcb2097"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f4e5ed974876c14d3623e04dc43d3e3281bc6011"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d274c19a71b3a276949933859610721a453946b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/tree-log.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1ff2bd566fbc",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "3d08c52ba188",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "f4e5ed974876",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "9d274c19a71b",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/tree-log.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix crash on racing fsync and size-extending write into prealloc\n\nWe have been seeing crashes on duplicate keys in\nbtrfs_set_item_key_safe():\n\n  BTRFS critical (device vdb): slot 4 key (450 108 8192) new key (450 108 8192)\n  ------------[ cut here ]------------\n  kernel BUG at fs/btrfs/ctree.c:2620!\n  invalid opcode: 0000 [#1] PREEMPT SMP PTI\n  CPU: 0 PID: 3139 Comm: xfs_io Kdump: loaded Not tainted 6.9.0 #6\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014\n  RIP: 0010:btrfs_set_item_key_safe+0x11f/0x290 [btrfs]\n\nWith the following stack trace:\n\n  #0  btrfs_set_item_key_safe (fs/btrfs/ctree.c:2620:4)\n  #1  btrfs_drop_extents (fs/btrfs/file.c:411:4)\n  #2  log_one_extent (fs/btrfs/tree-log.c:4732:9)\n  #3  btrfs_log_changed_extents (fs/btrfs/tree-log.c:4955:9)\n  #4  btrfs_log_inode (fs/btrfs/tree-log.c:6626:9)\n  #5  btrfs_log_inode_parent (fs/btrfs/tree-log.c:7070:8)\n  #6  btrfs_log_dentry_safe (fs/btrfs/tree-log.c:7171:8)\n  #7  btrfs_sync_file (fs/btrfs/file.c:1933:8)\n  #8  vfs_fsync_range (fs/sync.c:188:9)\n  #9  vfs_fsync (fs/sync.c:202:9)\n  #10 do_fsync (fs/sync.c:212:9)\n  #11 __do_sys_fdatasync (fs/sync.c:225:9)\n  #12 __se_sys_fdatasync (fs/sync.c:223:1)\n  #13 __x64_sys_fdatasync (fs/sync.c:223:1)\n  #14 do_syscall_x64 (arch/x86/entry/common.c:52:14)\n  #15 do_syscall_64 (arch/x86/entry/common.c:83:7)\n  #16 entry_SYSCALL_64+0xaf/0x14c (arch/x86/entry/entry_64.S:121)\n\nSo we\u0027re logging a changed extent from fsync, which is splitting an\nextent in the log tree. But this split part already exists in the tree,\ntriggering the BUG().\n\nThis is the state of the log tree at the time of the crash, dumped with\ndrgn (https://github.com/osandov/drgn/blob/main/contrib/btrfs_tree.py)\nto get more details than btrfs_print_leaf() gives us:\n\n  \u003e\u003e\u003e print_extent_buffer(prog.crashed_thread().stack_trace()[0][\"eb\"])\n  leaf 33439744 level 0 items 72 generation 9 owner 18446744073709551610\n  leaf 33439744 flags 0x100000000000000\n  fs uuid e5bd3946-400c-4223-8923-190ef1f18677\n  chunk uuid d58cb17e-6d02-494a-829a-18b7d8a399da\n          item 0 key (450 INODE_ITEM 0) itemoff 16123 itemsize 160\n                  generation 7 transid 9 size 8192 nbytes 8473563889606862198\n                  block group 0 mode 100600 links 1 uid 0 gid 0 rdev 0\n                  sequence 204 flags 0x10(PREALLOC)\n                  atime 1716417703.220000000 (2024-05-22 15:41:43)\n                  ctime 1716417704.983333333 (2024-05-22 15:41:44)\n                  mtime 1716417704.983333333 (2024-05-22 15:41:44)\n                  otime 17592186044416.000000000 (559444-03-08 01:40:16)\n          item 1 key (450 INODE_REF 256) itemoff 16110 itemsize 13\n                  index 195 namelen 3 name: 193\n          item 2 key (450 XATTR_ITEM 1640047104) itemoff 16073 itemsize 37\n                  location key (0 UNKNOWN.0 0) type XATTR\n                  transid 7 data_len 1 name_len 6\n                  name: user.a\n                  data a\n          item 3 key (450 EXTENT_DATA 0) itemoff 16020 itemsize 53\n                  generation 9 type 1 (regular)\n                  extent data disk byte 303144960 nr 12288\n                  extent data offset 0 nr 4096 ram 12288\n                  extent compression 0 (none)\n          item 4 key (450 EXTENT_DATA 4096) itemoff 15967 itemsize 53\n                  generation 9 type 2 (prealloc)\n                  prealloc data disk byte 303144960 nr 12288\n                  prealloc data offset 4096 nr 8192\n          item 5 key (450 EXTENT_DATA 8192) itemoff 15914 itemsize 53\n                  generation 9 type 2 (prealloc)\n                  prealloc data disk byte 303144960 nr 12288\n                  prealloc data offset 8192 nr 4096\n  ...\n\nSo the real problem happened earlier: notice that items 4 (4k-12k) and 5\n(8k-12k) overlap. Both are prealloc extents. Item 4 straddles i_size and\nitem 5 starts at i_size.\n\nHere is the state of \n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:29:19.486Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1ff2bd566fbcefcb892be85c493bdb92b911c428"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d08c52ba1887a1ff9c179d4b6a18b427bcb2097"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4e5ed974876c14d3623e04dc43d3e3281bc6011"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d274c19a71b3a276949933859610721a453946b"
        }
      ],
      "title": "btrfs: fix crash on racing fsync and size-extending write into prealloc",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-37354",
    "datePublished": "2024-06-25T14:22:36.228Z",
    "dateReserved": "2024-06-24T13:53:25.569Z",
    "dateUpdated": "2024-11-05T09:29:19.486Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39467

Vulnerability from cvelistv5

Published

2024-06-25 14:25

Modified

2024-11-05 09:31

Severity ?

Summary

f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()

References

▼	URL	Tags
	https://git.kernel.org/stable/c/c559a8d840562fbfce9f318448dda2f7d3e6d8e8
	https://git.kernel.org/stable/c/75c87e2ac6149abf44bdde0dd6d541763ddb0dff
	https://git.kernel.org/stable/c/1640dcf383cdba52be8b28d2a1a2aa7ef7a30c98
	https://git.kernel.org/stable/c/8c8aa473fe6eb46a4bf99f3ea2dbe52bf0c1a1f0
	https://git.kernel.org/stable/c/be0155202e431f3007778568a72432c68f8946ba
	https://git.kernel.org/stable/c/68e3cd4ecb8603936cccdc338929130045df2e57
	https://git.kernel.org/stable/c/20faaf30e55522bba2b56d9c46689233205d7717

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39467",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T20:07:46.450278Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-30T14:19:38.256Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.173Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c559a8d840562fbfce9f318448dda2f7d3e6d8e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/75c87e2ac6149abf44bdde0dd6d541763ddb0dff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1640dcf383cdba52be8b28d2a1a2aa7ef7a30c98"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c8aa473fe6eb46a4bf99f3ea2dbe52bf0c1a1f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be0155202e431f3007778568a72432c68f8946ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68e3cd4ecb8603936cccdc338929130045df2e57"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/20faaf30e55522bba2b56d9c46689233205d7717"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c559a8d84056",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "75c87e2ac614",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "1640dcf383cd",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "8c8aa473fe6e",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "be0155202e43",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "68e3cd4ecb86",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "20faaf30e555",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()\n\nsyzbot reports a kernel bug as below:\n\nF2FS-fs (loop0): Mounted with checkpoint version = 48b305e4\n==================================================================\nBUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline]\nBUG: KASAN: slab-out-of-bounds in current_nat_addr fs/f2fs/node.h:213 [inline]\nBUG: KASAN: slab-out-of-bounds in f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600\nRead of size 1 at addr ffff88807a58c76c by task syz-executor280/5076\n\nCPU: 1 PID: 5076 Comm: syz-executor280 Not tainted 6.9.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n print_address_description mm/kasan/report.c:377 [inline]\n print_report+0x169/0x550 mm/kasan/report.c:488\n kasan_report+0x143/0x180 mm/kasan/report.c:601\n f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline]\n current_nat_addr fs/f2fs/node.h:213 [inline]\n f2fs_get_node_info+0xece/0x1200 fs/f2fs/node.c:600\n f2fs_xattr_fiemap fs/f2fs/data.c:1848 [inline]\n f2fs_fiemap+0x55d/0x1ee0 fs/f2fs/data.c:1925\n ioctl_fiemap fs/ioctl.c:220 [inline]\n do_vfs_ioctl+0x1c07/0x2e50 fs/ioctl.c:838\n __do_sys_ioctl fs/ioctl.c:902 [inline]\n __se_sys_ioctl+0x81/0x170 fs/ioctl.c:890\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe root cause is we missed to do sanity check on i_xattr_nid during\nf2fs_iget(), so that in fiemap() path, current_nat_addr() will access\nnat_bitmap w/ offset from invalid i_xattr_nid, result in triggering\nkasan bug report, fix it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:52.677Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c559a8d840562fbfce9f318448dda2f7d3e6d8e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/75c87e2ac6149abf44bdde0dd6d541763ddb0dff"
        },
        {
          "url": "https://git.kernel.org/stable/c/1640dcf383cdba52be8b28d2a1a2aa7ef7a30c98"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c8aa473fe6eb46a4bf99f3ea2dbe52bf0c1a1f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/be0155202e431f3007778568a72432c68f8946ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/68e3cd4ecb8603936cccdc338929130045df2e57"
        },
        {
          "url": "https://git.kernel.org/stable/c/20faaf30e55522bba2b56d9c46689233205d7717"
        }
      ],
      "title": "f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39467",
    "datePublished": "2024-06-25T14:25:05.609Z",
    "dateReserved": "2024-06-25T14:23:23.744Z",
    "dateUpdated": "2024-11-05T09:31:52.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39471

Vulnerability from cvelistv5

Published

2024-06-25 14:28

Modified

2024-11-05 09:31

Severity ?

Summary

drm/amdgpu: add error handle to avoid out-of-bounds

References

▼	URL	Tags
	https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8
	https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f
	https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a
	https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46
	https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691
	https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3
	https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39471",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:07:48.948392Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:41.543Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5594971e0276",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "8112fa72b7f1",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "ea906e9ac61e",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "011552f29f20",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "5b0a3dc3e878",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "0964c84b93db",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "8b2faf1a4f3b",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add error handle to avoid out-of-bounds\n\nif the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should\nbe stop to avoid out-of-bounds read, so directly return -EINVAL."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:57.560Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a"
        },
        {
          "url": "https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46"
        },
        {
          "url": "https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691"
        },
        {
          "url": "https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520"
        }
      ],
      "title": "drm/amdgpu: add error handle to avoid out-of-bounds",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39471",
    "datePublished": "2024-06-25T14:28:56.906Z",
    "dateReserved": "2024-06-25T14:23:23.745Z",
    "dateUpdated": "2024-11-05T09:31:57.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-38661

Vulnerability from cvelistv5

Published

2024-06-25 14:22

Modified

2024-11-05 09:31

Severity ?

Summary

s390/ap: Fix crash in AP internal function modify_bitmap()

References

▼	URL	Tags
	https://git.kernel.org/stable/c/2062e3f1f2374102f8014d7ca286b9aa527bd558
	https://git.kernel.org/stable/c/7c72af16abf2ec7520407098360bbba312289e05
	https://git.kernel.org/stable/c/7360cef95aa1ea2b5efb7b5e2ed32e941664e1f0
	https://git.kernel.org/stable/c/67011123453b91ec03671d40712fa213e94a01b9
	https://git.kernel.org/stable/c/8c5f5911c1b13170d3404eb992c6a0deaa8d81ad
	https://git.kernel.org/stable/c/4c0bfb4e867c1ec6616a5049bd3618021e127056
	https://git.kernel.org/stable/c/7dabe54a016defe11bb2a278cd9f1ff6db3feba6
	https://git.kernel.org/stable/c/d4f9d5a99a3fd1b1c691b7a1a6f8f3f25f4116c9

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:26.043Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2062e3f1f2374102f8014d7ca286b9aa527bd558"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7c72af16abf2ec7520407098360bbba312289e05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7360cef95aa1ea2b5efb7b5e2ed32e941664e1f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/67011123453b91ec03671d40712fa213e94a01b9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8c5f5911c1b13170d3404eb992c6a0deaa8d81ad"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4c0bfb4e867c1ec6616a5049bd3618021e127056"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7dabe54a016defe11bb2a278cd9f1ff6db3feba6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d4f9d5a99a3fd1b1c691b7a1a6f8f3f25f4116c9"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38661",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:14.637796Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:42.611Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/crypto/ap_bus.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2062e3f1f237",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "7c72af16abf2",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "7360cef95aa1",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "67011123453b",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "8c5f5911c1b1",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "4c0bfb4e867c",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "7dabe54a016d",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "d4f9d5a99a3f",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/crypto/ap_bus.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ap: Fix crash in AP internal function modify_bitmap()\n\nA system crash like this\n\n  Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403\n  Fault in home space mode while using kernel ASCE.\n  AS:00000002d71bc007 R3:00000003fe5b8007 S:000000011a446000 P:000000015660c13d\n  Oops: 0038 ilc:3 [#1] PREEMPT SMP\n  Modules linked in: mlx5_ib ...\n  CPU: 8 PID: 7556 Comm: bash Not tainted 6.9.0-rc7 #8\n  Hardware name: IBM 3931 A01 704 (LPAR)\n  Krnl PSW : 0704e00180000000 0000014b75e7b606 (ap_parse_bitmap_str+0x10e/0x1f8)\n  R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:2 PM:0 RI:0 EA:3\n  Krnl GPRS: 0000000000000001 ffffffffffffffc0 0000000000000001 00000048f96b75d3\n  000000cb00000100 ffffffffffffffff ffffffffffffffff 000000cb7df6fce0\n  000000cb7df6fce0 00000000ffffffff 000000000000002b 00000048ffffffff\n  000003ff9b2dbc80 200000cb7df6fcd8 0000014bffffffc0 000000cb7df6fbc8\n  Krnl Code: 0000014b75e7b5fc: a7840047            brc     8,0000014b75e7b68a\n  0000014b75e7b600: 18b2                lr      %r11,%r2\n  #0000014b75e7b602: a7f4000a            brc     15,0000014b75e7b616\n  \u003e0000014b75e7b606: eb22d00000e6        laog    %r2,%r2,0(%r13)\n  0000014b75e7b60c: a7680001            lhi     %r6,1\n  0000014b75e7b610: 187b                lr      %r7,%r11\n  0000014b75e7b612: 84960021            brxh    %r9,%r6,0000014b75e7b654\n  0000014b75e7b616: 18e9                lr      %r14,%r9\n  Call Trace:\n  [\u003c0000014b75e7b606\u003e] ap_parse_bitmap_str+0x10e/0x1f8\n  ([\u003c0000014b75e7b5dc\u003e] ap_parse_bitmap_str+0xe4/0x1f8)\n  [\u003c0000014b75e7b758\u003e] apmask_store+0x68/0x140\n  [\u003c0000014b75679196\u003e] kernfs_fop_write_iter+0x14e/0x1e8\n  [\u003c0000014b75598524\u003e] vfs_write+0x1b4/0x448\n  [\u003c0000014b7559894c\u003e] ksys_write+0x74/0x100\n  [\u003c0000014b7618a440\u003e] __do_syscall+0x268/0x328\n  [\u003c0000014b761a3558\u003e] system_call+0x70/0x98\n  INFO: lockdep is turned off.\n  Last Breaking-Event-Address:\n  [\u003c0000014b75e7b636\u003e] ap_parse_bitmap_str+0x13e/0x1f8\n  Kernel panic - not syncing: Fatal exception: panic_on_oops\n\noccured when /sys/bus/ap/a[pq]mask was updated with a relative mask value\n(like +0x10-0x12,+60,-90) with one of the numeric values exceeding INT_MAX.\n\nThe fix is simple: use unsigned long values for the internal variables. The\ncorrect checks are already in place in the function but a simple int for\nthe internal variables was used with the possibility to overflow."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:27.878Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2062e3f1f2374102f8014d7ca286b9aa527bd558"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c72af16abf2ec7520407098360bbba312289e05"
        },
        {
          "url": "https://git.kernel.org/stable/c/7360cef95aa1ea2b5efb7b5e2ed32e941664e1f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/67011123453b91ec03671d40712fa213e94a01b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/8c5f5911c1b13170d3404eb992c6a0deaa8d81ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/4c0bfb4e867c1ec6616a5049bd3618021e127056"
        },
        {
          "url": "https://git.kernel.org/stable/c/7dabe54a016defe11bb2a278cd9f1ff6db3feba6"
        },
        {
          "url": "https://git.kernel.org/stable/c/d4f9d5a99a3fd1b1c691b7a1a6f8f3f25f4116c9"
        }
      ],
      "title": "s390/ap: Fix crash in AP internal function modify_bitmap()",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38661",
    "datePublished": "2024-06-25T14:22:38.224Z",
    "dateReserved": "2024-06-24T13:53:25.560Z",
    "dateUpdated": "2024-11-05T09:31:27.878Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39461

Vulnerability from cvelistv5

Published

2024-06-25 14:25

Modified

2024-11-05 09:31

Severity ?

Summary

clk: bcm: rpi: Assign ->num before accessing ->hws

References

▼	URL	Tags
	https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c
	https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920
	https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:14.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39461",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:08.266580Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:42.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/bcm/clk-raspberrypi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9562dbe5cdbb",
              "status": "affected",
              "version": "f316cdff8d67",
              "versionType": "git"
            },
            {
              "lessThan": "cdf9c7871d58",
              "status": "affected",
              "version": "f316cdff8d67",
              "versionType": "git"
            },
            {
              "lessThan": "6dc445c19050",
              "status": "affected",
              "version": "f316cdff8d67",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/clk/bcm/clk-raspberrypi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: bcm: rpi: Assign -\u003enum before accessing -\u003ehws\n\nCommit f316cdff8d67 (\"clk: Annotate struct clk_hw_onecell_data with\n__counted_by\") annotated the hws member of \u0027struct clk_hw_onecell_data\u0027\nwith __counted_by, which informs the bounds sanitizer about the number\nof elements in hws, so that it can warn when hws is accessed out of\nbounds. As noted in that change, the __counted_by member must be\ninitialized with the number of elements before the first array access\nhappens, otherwise there will be a warning from each access prior to the\ninitialization because the number of elements is zero. This occurs in\nraspberrypi_discover_clocks() due to -\u003enum being assigned after -\u003ehws\nhas been accessed:\n\n  UBSAN: array-index-out-of-bounds in drivers/clk/bcm/clk-raspberrypi.c:374:4\n  index 3 is out of range for type \u0027struct clk_hw *[] __counted_by(num)\u0027 (aka \u0027struct clk_hw *[]\u0027)\n\nMove the -\u003enum initialization to before the first access of -\u003ehws, which\nclears up the warning."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:45.647Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9562dbe5cdbb16ac887d27ef6f179980bb99193c"
        },
        {
          "url": "https://git.kernel.org/stable/c/cdf9c7871d58d3df59d2775982e3533adb8ec920"
        },
        {
          "url": "https://git.kernel.org/stable/c/6dc445c1905096b2ed4db1a84570375b4e00cc0f"
        }
      ],
      "title": "clk: bcm: rpi: Assign -\u003enum before accessing -\u003ehws",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39461",
    "datePublished": "2024-06-25T14:25:01.453Z",
    "dateReserved": "2024-06-25T14:23:23.743Z",
    "dateUpdated": "2024-11-05T09:31:45.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-39468

Vulnerability from cvelistv5

Published

2024-06-25 14:28

Modified

2024-11-05 09:31

Severity ?

Summary

smb: client: fix deadlock in smb2_find_smb_tcon()

References

▼	URL	Tags
	https://git.kernel.org/stable/c/b055752675cd1d1db4ac9c2750db3dc3e89ea261
	https://git.kernel.org/stable/c/21f5dd36e655d25a7b45b61c1e537198b671f720
	https://git.kernel.org/stable/c/b09b556e48968317887a11243a5331a7bc00ece5
	https://git.kernel.org/stable/c/225de871ddf994f69a57f035709cad9c0ab8615a
	https://git.kernel.org/stable/c/8d0f5f1ccf675454a833a573c53830a49b7d1a47
	https://git.kernel.org/stable/c/02c418774f76a0a36a6195c9dbf8971eb4130a15

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b055752675cd1d1db4ac9c2750db3dc3e89ea261"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/21f5dd36e655d25a7b45b61c1e537198b671f720"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b09b556e48968317887a11243a5331a7bc00ece5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/225de871ddf994f69a57f035709cad9c0ab8615a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d0f5f1ccf675454a833a573c53830a49b7d1a47"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/02c418774f76a0a36a6195c9dbf8971eb4130a15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39468",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:07:58.449670Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:41.922Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/smb2transport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b055752675cd",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "21f5dd36e655",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "b09b556e4896",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "225de871ddf9",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "8d0f5f1ccf67",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            },
            {
              "lessThan": "02c418774f76",
              "status": "affected",
              "version": "1da177e4c3f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/smb2transport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix deadlock in smb2_find_smb_tcon()\n\nUnlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such\ndeadlock."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-05T09:31:53.834Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b055752675cd1d1db4ac9c2750db3dc3e89ea261"
        },
        {
          "url": "https://git.kernel.org/stable/c/21f5dd36e655d25a7b45b61c1e537198b671f720"
        },
        {
          "url": "https://git.kernel.org/stable/c/b09b556e48968317887a11243a5331a7bc00ece5"
        },
        {
          "url": "https://git.kernel.org/stable/c/225de871ddf994f69a57f035709cad9c0ab8615a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d0f5f1ccf675454a833a573c53830a49b7d1a47"
        },
        {
          "url": "https://git.kernel.org/stable/c/02c418774f76a0a36a6195c9dbf8971eb4130a15"
        }
      ],
      "title": "smb: client: fix deadlock in smb2_find_smb_tcon()",
      "x_generator": {
        "engine": "bippy-9e1c9544281a"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39468",
    "datePublished": "2024-06-25T14:28:54.897Z",
    "dateReserved": "2024-06-25T14:23:23.744Z",
    "dateUpdated": "2024-11-05T09:31:53.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-4440

Vulnerability from cvelistv5

Published

2024-06-25 14:20

Modified

2024-11-04 11:30

Severity ?

8.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

x86/xen: Drop USERGS_SYSRET64 paravirt call

References

▼	URL	Tags
	https://git.kernel.org/stable/c/1424ab4bb386df9cc590c73afa55f13e9b00dea2
	https://grsecurity.net/cve-2021-4440_linux_cna_case_study

Impacted products

▼	Vendor	Product
	Linux	Linux
	Linux	Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "1424ab4bb386",
                "status": "affected",
                "version": "cea750c99d8f",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.10.218",
                "status": "affected",
                "version": "5.10.215",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-4440",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T13:55:14.340611Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T14:00:48.356Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:30:07.494Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1424ab4bb386df9cc590c73afa55f13e9b00dea2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://grsecurity.net/cve-2021-4440_linux_cna_case_study"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/entry/entry_64.S",
            "arch/x86/include/asm/irqflags.h",
            "arch/x86/include/asm/paravirt.h",
            "arch/x86/include/asm/paravirt_types.h",
            "arch/x86/kernel/asm-offsets_64.c",
            "arch/x86/kernel/paravirt.c",
            "arch/x86/kernel/paravirt_patch.c",
            "arch/x86/xen/enlighten_pv.c",
            "arch/x86/xen/xen-asm.S",
            "arch/x86/xen/xen-ops.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1424ab4bb386",
              "status": "affected",
              "version": "cea750c99d8f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/entry/entry_64.S",
            "arch/x86/include/asm/irqflags.h",
            "arch/x86/include/asm/paravirt.h",
            "arch/x86/include/asm/paravirt_types.h",
            "arch/x86/kernel/asm-offsets_64.c",
            "arch/x86/kernel/paravirt.c",
            "arch/x86/kernel/paravirt_patch.c",
            "arch/x86/xen/enlighten_pv.c",
            "arch/x86/xen/xen-asm.S",
            "arch/x86/xen/xen-ops.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5.10.218",
              "status": "affected",
              "version": "5.10.215",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/xen: Drop USERGS_SYSRET64 paravirt call\n\ncommit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream.\n\nUSERGS_SYSRET64 is used to return from a syscall via SYSRET, but\na Xen PV guest will nevertheless use the IRET hypercall, as there\nis no sysret PV hypercall defined.\n\nSo instead of testing all the prerequisites for doing a sysret and\nthen mangling the stack for Xen PV again for doing an iret just use\nthe iret exit from the beginning.\n\nThis can easily be done via an ALTERNATIVE like it is done for the\nsysenter compat case already.\n\nIt should be noted that this drops the optimization in Xen for not\nrestoring a few registers when returning to user mode, but it seems\nas if the saved instructions in the kernel more than compensate for\nthis drop (a kernel build in a Xen PV guest was slightly faster with\nthis patch applied).\n\nWhile at it remove the stale sysret32 remnants.\n\n  [ pawan: Brad Spengler and Salvatore Bonaccorso \u003ccarnil@debian.org\u003e\n\t   reported a problem with the 5.10 backport commit edc702b4a820\n\t   (\"x86/entry_64: Add VERW just before userspace transition\").\n\n\t   When CONFIG_PARAVIRT_XXL=y, CLEAR_CPU_BUFFERS is not executed in\n\t   syscall_return_via_sysret path as USERGS_SYSRET64 is runtime\n\t   patched to:\n\n\t.cpu_usergs_sysret64    = { 0x0f, 0x01, 0xf8,\n\t\t\t\t    0x48, 0x0f, 0x07 }, // swapgs; sysretq\n\n\t   which is missing CLEAR_CPU_BUFFERS. It turns out dropping\n\t   USERGS_SYSRET64 simplifies the code, allowing CLEAR_CPU_BUFFERS\n\t   to be explicitly added to syscall_return_via_sysret path. Below\n\t   is with CONFIG_PARAVIRT_XXL=y and this patch applied:\n\n\t   syscall_return_via_sysret:\n\t   ...\n\t   \u003c+342\u003e:   swapgs\n\t   \u003c+345\u003e:   xchg   %ax,%ax\n\t   \u003c+347\u003e:   verw   -0x1a2(%rip)  \u003c------\n\t   \u003c+354\u003e:   sysretq\n  ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-04T11:30:23.940Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1424ab4bb386df9cc590c73afa55f13e9b00dea2"
        },
        {
          "url": "https://grsecurity.net/cve-2021-4440_linux_cna_case_study"
        }
      ],
      "title": "x86/xen: Drop USERGS_SYSRET64 paravirt call",
      "x_generator": {
        "engine": "bippy-c8e10e5f6187"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-4440",
    "datePublished": "2024-06-25T14:20:00.740Z",
    "dateReserved": "2024-06-25T14:16:59.867Z",
    "dateUpdated": "2024-11-04T11:30:23.940Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_certbund

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature