Action not permitted
Modal body text goes here.
wid-sec-w-2024-1528
Vulnerability from csaf_certbund
Published
2024-07-04 22:00
Modified
2024-07-04 22:00
Summary
Linux Kernel: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen im Linux-Kernel ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen oder einen unspezifischen Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1528 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1528.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1528 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1528"
},
{
"category": "external",
"summary": "Linux CVE Announce vom 2024-07-04",
"url": "http://lore.kernel.org/linux-cve-announce/2024070512-CVE-2024-39472-f977@gregkh"
},
{
"category": "external",
"summary": "Linux CVE Announce vom 2024-07-04",
"url": "http://lore.kernel.org/linux-cve-announce/2024070516-CVE-2024-39473-d28c@gregkh"
},
{
"category": "external",
"summary": "Linux CVE Announce vom 2024-07-04",
"url": "http://lore.kernel.org/linux-cve-announce/2024070518-CVE-2024-39474-97cf@gregkh"
},
{
"category": "external",
"summary": "Linux CVE Announce vom 2024-07-04",
"url": "http://lore.kernel.org/linux-cve-announce/2024070518-CVE-2024-39475-ac04@gregkh"
},
{
"category": "external",
"summary": "Linux CVE Announce vom 2024-07-04",
"url": "http://lore.kernel.org/linux-cve-announce/2024070518-CVE-2024-39476-aa2d@gregkh"
},
{
"category": "external",
"summary": "Linux CVE Announce vom 2024-07-04",
"url": "http://lore.kernel.org/linux-cve-announce/2024070519-CVE-2024-39477-5c3f@gregkh"
},
{
"category": "external",
"summary": "Linux CVE Announce vom 2024-07-04",
"url": "http://lore.kernel.org/linux-cve-announce/2024070519-CVE-2024-39478-7e1c@gregkh"
},
{
"category": "external",
"summary": "Linux CVE Announce vom 2024-07-04",
"url": "http://lore.kernel.org/linux-cve-announce/2024070519-CVE-2024-39479-5bd1@gregkh"
},
{
"category": "external",
"summary": "Linux CVE Announce vom 2024-07-04",
"url": "http://lore.kernel.org/linux-cve-announce/2024070519-CVE-2024-39480-b85a@gregkh"
},
{
"category": "external",
"summary": "Linux CVE Announce vom 2024-07-04",
"url": "http://lore.kernel.org/linux-cve-announce/2024070520-CVE-2024-39481-108f@gregkh"
},
{
"category": "external",
"summary": "Linux CVE Announce vom 2024-07-04",
"url": "http://lore.kernel.org/linux-cve-announce/2024070520-CVE-2024-39482-8ed3@gregkh"
},
{
"category": "external",
"summary": "Linux CVE Announce vom 2024-07-04",
"url": "http://lore.kernel.org/linux-cve-announce/2024070520-CVE-2024-39483-92bf@gregkh"
},
{
"category": "external",
"summary": "Linux CVE Announce vom 2024-07-04",
"url": "http://lore.kernel.org/linux-cve-announce/2024070521-CVE-2024-39484-afbf@gregkh"
},
{
"category": "external",
"summary": "Linux CVE Announce vom 2024-07-04",
"url": "http://lore.kernel.org/linux-cve-announce/2024070521-CVE-2024-39485-0f50@gregkh/"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2024-07-04T22:00:00.000+00:00",
"generator": {
"date": "2024-07-05T09:32:47.551+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2024-1528",
"initial_release_date": "2024-07-04T22:00:00.000+00:00",
"revision_history": [
{
"date": "2024-07-04T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T030205",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-39472",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Crypto, bcache oder md/raid5, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Puffer\u00fcberlauf oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T030205"
]
},
"release_date": "2024-07-04T22:00:00Z",
"title": "CVE-2024-39472"
},
{
"cve": "CVE-2024-39473",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Crypto, bcache oder md/raid5, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Puffer\u00fcberlauf oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T030205"
]
},
"release_date": "2024-07-04T22:00:00Z",
"title": "CVE-2024-39473"
},
{
"cve": "CVE-2024-39474",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Crypto, bcache oder md/raid5, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Puffer\u00fcberlauf oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T030205"
]
},
"release_date": "2024-07-04T22:00:00Z",
"title": "CVE-2024-39474"
},
{
"cve": "CVE-2024-39475",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Crypto, bcache oder md/raid5, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Puffer\u00fcberlauf oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T030205"
]
},
"release_date": "2024-07-04T22:00:00Z",
"title": "CVE-2024-39475"
},
{
"cve": "CVE-2024-39476",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Crypto, bcache oder md/raid5, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Puffer\u00fcberlauf oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T030205"
]
},
"release_date": "2024-07-04T22:00:00Z",
"title": "CVE-2024-39476"
},
{
"cve": "CVE-2024-39477",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Crypto, bcache oder md/raid5, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Puffer\u00fcberlauf oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T030205"
]
},
"release_date": "2024-07-04T22:00:00Z",
"title": "CVE-2024-39477"
},
{
"cve": "CVE-2024-39478",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Crypto, bcache oder md/raid5, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Puffer\u00fcberlauf oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T030205"
]
},
"release_date": "2024-07-04T22:00:00Z",
"title": "CVE-2024-39478"
},
{
"cve": "CVE-2024-39479",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Crypto, bcache oder md/raid5, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Puffer\u00fcberlauf oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T030205"
]
},
"release_date": "2024-07-04T22:00:00Z",
"title": "CVE-2024-39479"
},
{
"cve": "CVE-2024-39480",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Crypto, bcache oder md/raid5, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Puffer\u00fcberlauf oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T030205"
]
},
"release_date": "2024-07-04T22:00:00Z",
"title": "CVE-2024-39480"
},
{
"cve": "CVE-2024-39481",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Crypto, bcache oder md/raid5, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Puffer\u00fcberlauf oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T030205"
]
},
"release_date": "2024-07-04T22:00:00Z",
"title": "CVE-2024-39481"
},
{
"cve": "CVE-2024-39482",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Crypto, bcache oder md/raid5, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Puffer\u00fcberlauf oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T030205"
]
},
"release_date": "2024-07-04T22:00:00Z",
"title": "CVE-2024-39482"
},
{
"cve": "CVE-2024-39483",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Crypto, bcache oder md/raid5, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Puffer\u00fcberlauf oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T030205"
]
},
"release_date": "2024-07-04T22:00:00Z",
"title": "CVE-2024-39483"
},
{
"cve": "CVE-2024-39484",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Crypto, bcache oder md/raid5, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Puffer\u00fcberlauf oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T030205"
]
},
"release_date": "2024-07-04T22:00:00Z",
"title": "CVE-2024-39484"
},
{
"cve": "CVE-2024-39485",
"notes": [
{
"category": "description",
"text": "Es bestehen mehrere Schwachstellen im Linux-Kernel. Diese Fehler bestehen in verschiedenen Komponenten und Subsystemen wie Crypto, bcache oder md/raid5, unter anderem aufgrund mehrerer sicherheitsrelevanter Probleme wie einem Puffer\u00fcberlauf oder einer NULL- Pointer-Dereferenz und mehr. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen."
}
],
"product_status": {
"known_affected": [
"T030205"
]
},
"release_date": "2024-07-04T22:00:00Z",
"title": "CVE-2024-39485"
}
]
}
cve-2024-39479
Vulnerability from cvelistv5
Published
2024-07-05 06:55
Modified
2024-11-05 09:32
Severity ?
EPSS score ?
Summary
drm/i915/hwmon: Get rid of devm
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "cfa73607eb21",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "ce5a22d22db6",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThan": "5bc9de065b8b",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.34",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.10",
"status": "unaffected",
"version": "6.95",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "6.10-rc1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39479",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T14:32:43.637731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T14:38:39.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfa73607eb21a4ce1d6294a2c5733628897b48a2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ce5a22d22db691d14516c3b8fdbf69139eb2ea8f"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5bc9de065b8bb9b8dd8799ecb4592d0403b54281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/i915_hwmon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cfa73607eb21",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "ce5a22d22db6",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "5bc9de065b8b",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/i915/i915_hwmon.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/i915/hwmon: Get rid of devm\n\nWhen both hwmon and hwmon drvdata (on which hwmon depends) are device\nmanaged resources, the expectation, on device unbind, is that hwmon will be\nreleased before drvdata. However, in i915 there are two separate code\npaths, which both release either drvdata or hwmon and either can be\nreleased before the other. These code paths (for device unbind) are as\nfollows (see also the bug referenced below):\n\nCall Trace:\nrelease_nodes+0x11/0x70\ndevres_release_group+0xb2/0x110\ncomponent_unbind_all+0x8d/0xa0\ncomponent_del+0xa5/0x140\nintel_pxp_tee_component_fini+0x29/0x40 [i915]\nintel_pxp_fini+0x33/0x80 [i915]\ni915_driver_remove+0x4c/0x120 [i915]\ni915_pci_remove+0x19/0x30 [i915]\npci_device_remove+0x32/0xa0\ndevice_release_driver_internal+0x19c/0x200\nunbind_store+0x9c/0xb0\n\nand\n\nCall Trace:\nrelease_nodes+0x11/0x70\ndevres_release_all+0x8a/0xc0\ndevice_unbind_cleanup+0x9/0x70\ndevice_release_driver_internal+0x1c1/0x200\nunbind_store+0x9c/0xb0\n\nThis means that in i915, if use devm, we cannot gurantee that hwmon will\nalways be released before drvdata. Which means that we have a uaf if hwmon\nsysfs is accessed when drvdata has been released but hwmon hasn\u0027t.\n\nThe only way out of this seems to be do get rid of devm_ and release/free\neverything explicitly during device unbind.\n\nv2: Change commit message and other minor code changes\nv3: Cleanup from i915_hwmon_register on error (Armin Wolf)\nv4: Eliminate potential static analyzer warning (Rodrigo)\n Eliminate fetch_and_zero (Jani)\nv5: Restore previous logic for ddat_gt-\u003ehwmon_dev error return (Andi)"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:32:07.149Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cfa73607eb21a4ce1d6294a2c5733628897b48a2"
},
{
"url": "https://git.kernel.org/stable/c/ce5a22d22db691d14516c3b8fdbf69139eb2ea8f"
},
{
"url": "https://git.kernel.org/stable/c/5bc9de065b8bb9b8dd8799ecb4592d0403b54281"
}
],
"title": "drm/i915/hwmon: Get rid of devm",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39479",
"datePublished": "2024-07-05T06:55:08.597Z",
"dateReserved": "2024-06-25T14:23:23.746Z",
"dateUpdated": "2024-11-05T09:32:07.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39477
Vulnerability from cvelistv5
Published
2024-07-05 06:55
Modified
2024-11-05 09:32
Severity ?
EPSS score ?
Summary
mm/hugetlb: do not call vma_add_reservation upon ENOMEM
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa998f9dcb34c28448f86e8f5490f20d5eb0eac7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8daf9c702ee7f825f0de8600abff764acfedea13"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:07:38.781989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:39.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/hugetlb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "aa998f9dcb34",
"status": "affected",
"version": "df7a6d1f6405",
"versionType": "git"
},
{
"lessThan": "8daf9c702ee7",
"status": "affected",
"version": "df7a6d1f6405",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/hugetlb.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.9"
},
{
"lessThan": "6.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/hugetlb: do not call vma_add_reservation upon ENOMEM\n\nsysbot reported a splat [1] on __unmap_hugepage_range(). This is because\nvma_needs_reservation() can return -ENOMEM if\nallocate_file_region_entries() fails to allocate the file_region struct\nfor the reservation.\n\nCheck for that and do not call vma_add_reservation() if that is the case,\notherwise region_abort() and region_del() will see that we do not have any\nfile_regions.\n\nIf we detect that vma_needs_reservation() returned -ENOMEM, we clear the\nhugetlb_restore_reserve flag as if this reservation was still consumed, so\nfree_huge_folio() will not increment the resv count.\n\n[1] https://lore.kernel.org/linux-mm/0000000000004096100617c58d54@google.com/T/#ma5983bc1ab18a54910da83416b3f89f3c7ee43aa"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:32:04.825Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/aa998f9dcb34c28448f86e8f5490f20d5eb0eac7"
},
{
"url": "https://git.kernel.org/stable/c/8daf9c702ee7f825f0de8600abff764acfedea13"
}
],
"title": "mm/hugetlb: do not call vma_add_reservation upon ENOMEM",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39477",
"datePublished": "2024-07-05T06:55:07.268Z",
"dateReserved": "2024-06-25T14:23:23.746Z",
"dateUpdated": "2024-11-05T09:32:04.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39478
Vulnerability from cvelistv5
Published
2024-07-05 06:55
Modified
2024-11-05 09:32
Severity ?
EPSS score ?
Summary
crypto: starfive - Do not free stack buffer
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T14:13:27.969943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T14:13:38.169Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:16.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5944de192663f272033501dcd322b008fca72006"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d7f01649f4eaf1878472d3d3f480ae1e50d98f6c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/starfive/jh7110-rsa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5944de192663",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "d7f01649f4ea",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/starfive/jh7110-rsa.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: starfive - Do not free stack buffer\n\nRSA text data uses variable length buffer allocated in software stack.\nCalling kfree on it causes undefined behaviour in subsequent operations."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:32:05.990Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5944de192663f272033501dcd322b008fca72006"
},
{
"url": "https://git.kernel.org/stable/c/d7f01649f4eaf1878472d3d3f480ae1e50d98f6c"
}
],
"title": "crypto: starfive - Do not free stack buffer",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39478",
"datePublished": "2024-07-05T06:55:07.936Z",
"dateReserved": "2024-06-25T14:23:23.746Z",
"dateUpdated": "2024-11-05T09:32:05.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39481
Vulnerability from cvelistv5
Published
2024-07-05 06:55
Modified
2024-11-05 09:32
Severity ?
EPSS score ?
Summary
media: mc: Fix graph walk in media_pipeline_start
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T20:07:40.257709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T20:07:53.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/788fd0f11e45ae8d3a8ebbd3452a6e83f92db376"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e80d9db99b7b6c697d8d952dfd25c3425cf61499"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bee9440bc0b6b3b7432f7bfde28656262a3484a2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8a9d420149c477e7c97fbd6453704e4612bdd3fa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/mc/mc-entity.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "788fd0f11e45",
"status": "affected",
"version": "ae219872834a",
"versionType": "git"
},
{
"lessThan": "e80d9db99b7b",
"status": "affected",
"version": "ae219872834a",
"versionType": "git"
},
{
"lessThan": "bee9440bc0b6",
"status": "affected",
"version": "ae219872834a",
"versionType": "git"
},
{
"lessThan": "8a9d420149c4",
"status": "affected",
"version": "ae219872834a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/mc/mc-entity.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mc: Fix graph walk in media_pipeline_start\n\nThe graph walk tries to follow all links, even if they are not between\npads. This causes a crash with, e.g. a MEDIA_LNK_FL_ANCILLARY_LINK link.\n\nFix this by allowing the walk to proceed only for MEDIA_LNK_FL_DATA_LINK\nlinks."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:32:09.456Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/788fd0f11e45ae8d3a8ebbd3452a6e83f92db376"
},
{
"url": "https://git.kernel.org/stable/c/e80d9db99b7b6c697d8d952dfd25c3425cf61499"
},
{
"url": "https://git.kernel.org/stable/c/bee9440bc0b6b3b7432f7bfde28656262a3484a2"
},
{
"url": "https://git.kernel.org/stable/c/8a9d420149c477e7c97fbd6453704e4612bdd3fa"
}
],
"title": "media: mc: Fix graph walk in media_pipeline_start",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39481",
"datePublished": "2024-07-05T06:55:09.916Z",
"dateReserved": "2024-06-25T14:23:23.746Z",
"dateUpdated": "2024-11-05T09:32:09.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39472
Vulnerability from cvelistv5
Published
2024-07-05 06:42
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
xfs: fix log recovery buffer allocation for the legacy h_size fixup
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:07:45.783551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:41.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/xfs/xfs_log_recover.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f754591b17d0",
"status": "affected",
"version": "0c771b99d6c9",
"versionType": "git"
},
{
"lessThan": "57835c0e7152",
"status": "affected",
"version": "0c771b99d6c9",
"versionType": "git"
},
{
"lessThan": "c2389c074973",
"status": "affected",
"version": "0c771b99d6c9",
"versionType": "git"
},
{
"lessThan": "45cf976008dd",
"status": "affected",
"version": "0c771b99d6c9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/xfs/xfs_log_recover.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.10"
},
{
"lessThan": "5.10",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.165",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.105",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.46",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix log recovery buffer allocation for the legacy h_size fixup\n\nCommit a70f9fe52daa (\"xfs: detect and handle invalid iclog size set by\nmkfs\") added a fixup for incorrect h_size values used for the initial\numount record in old xfsprogs versions. Later commit 0c771b99d6c9\n(\"xfs: clean up calculation of LR header blocks\") cleaned up the log\nreover buffer calculation, but stoped using the fixed up h_size value\nto size the log recovery buffer, which can lead to an out of bounds\naccess when the incorrect h_size does not come from the old mkfs\ntool, but a fuzzer.\n\nFix this by open coding xlog_logrec_hblks and taking the fixed h_size\ninto account for this calculation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:31:58.678Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb"
},
{
"url": "https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f"
},
{
"url": "https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5"
},
{
"url": "https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a"
}
],
"title": "xfs: fix log recovery buffer allocation for the legacy h_size fixup",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39472",
"datePublished": "2024-07-05T06:42:03.495Z",
"dateReserved": "2024-06-25T14:23:23.745Z",
"dateUpdated": "2024-11-05T09:31:58.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39473
Vulnerability from cvelistv5
Published
2024-07-05 06:55
Modified
2024-11-05 09:31
Severity ?
EPSS score ?
Summary
ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39473",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-05T20:08:14.080925Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T20:08:25.422Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:14.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e3ae00ee238bce6cfa5ad935c921181c14d18fd6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9e16f17a2a0e97b43538b272e7071537a3e03368"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ffa077b2f6ad124ec3d23fbddc5e4b0ff2647af8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/soc/sof/ipc4-topology.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e3ae00ee238b",
"status": "affected",
"version": "648fea128476",
"versionType": "git"
},
{
"lessThan": "9e16f17a2a0e",
"status": "affected",
"version": "648fea128476",
"versionType": "git"
},
{
"lessThan": "ffa077b2f6ad",
"status": "affected",
"version": "648fea128476",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/soc/sof/ipc4-topology.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension\n\nIf a process module does not have base config extension then the same\nformat applies to all of it\u0027s inputs and the process-\u003ebase_config_ext is\nNULL, causing NULL dereference when specifically crafted topology and\nsequences used."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:31:59.811Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e3ae00ee238bce6cfa5ad935c921181c14d18fd6"
},
{
"url": "https://git.kernel.org/stable/c/9e16f17a2a0e97b43538b272e7071537a3e03368"
},
{
"url": "https://git.kernel.org/stable/c/ffa077b2f6ad124ec3d23fbddc5e4b0ff2647af8"
}
],
"title": "ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39473",
"datePublished": "2024-07-05T06:55:04.363Z",
"dateReserved": "2024-06-25T14:23:23.745Z",
"dateUpdated": "2024-11-05T09:31:59.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39482
Vulnerability from cvelistv5
Published
2024-07-05 06:55
Modified
2024-11-05 09:32
Severity ?
EPSS score ?
Summary
bcache: fix variable length array abuse in btree_iter
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T17:54:07.988323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T17:54:15.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2c3d7b03b658dc8bfa6112b194b67b92a87e081b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5a1922adc5798b7ec894cd3f197afb6f9591b023"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/934e1e4331859183a861f396d7dfaf33cb5afb02"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6479b9f41583b013041943c4602e1ad61cec8148"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0c31344e22dd8d6b1394c6e4c41d639015bdc671"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3a861560ccb35f2a4f0a4b8207fa7c2a35fc7f31"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/bcache/bset.c",
"drivers/md/bcache/bset.h",
"drivers/md/bcache/btree.c",
"drivers/md/bcache/super.c",
"drivers/md/bcache/sysfs.c",
"drivers/md/bcache/writeback.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "2c3d7b03b658",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "5a1922adc579",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "934e1e433185",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "6479b9f41583",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "0c31344e22dd",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "3a861560ccb3",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/bcache/bset.c",
"drivers/md/bcache/bset.h",
"drivers/md/bcache/btree.c",
"drivers/md/bcache/super.c",
"drivers/md/bcache/sysfs.c",
"drivers/md/bcache/writeback.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: fix variable length array abuse in btree_iter\n\nbtree_iter is used in two ways: either allocated on the stack with a\nfixed size MAX_BSETS, or from a mempool with a dynamic size based on the\nspecific cache set. Previously, the struct had a fixed-length array of\nsize MAX_BSETS which was indexed out-of-bounds for the dynamically-sized\niterators, which causes UBSAN to complain.\n\nThis patch uses the same approach as in bcachefs\u0027s sort_iter and splits\nthe iterator into a btree_iter with a flexible array member and a\nbtree_iter_stack which embeds a btree_iter as well as a fixed-length\ndata array."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:32:10.601Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/2c3d7b03b658dc8bfa6112b194b67b92a87e081b"
},
{
"url": "https://git.kernel.org/stable/c/5a1922adc5798b7ec894cd3f197afb6f9591b023"
},
{
"url": "https://git.kernel.org/stable/c/934e1e4331859183a861f396d7dfaf33cb5afb02"
},
{
"url": "https://git.kernel.org/stable/c/6479b9f41583b013041943c4602e1ad61cec8148"
},
{
"url": "https://git.kernel.org/stable/c/0c31344e22dd8d6b1394c6e4c41d639015bdc671"
},
{
"url": "https://git.kernel.org/stable/c/3a861560ccb35f2a4f0a4b8207fa7c2a35fc7f31"
}
],
"title": "bcache: fix variable length array abuse in btree_iter",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39482",
"datePublished": "2024-07-05T06:55:10.599Z",
"dateReserved": "2024-06-25T14:23:23.746Z",
"dateUpdated": "2024-11-05T09:32:10.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39483
Vulnerability from cvelistv5
Published
2024-07-05 06:55
Modified
2024-11-05 09:32
Severity ?
EPSS score ?
Summary
KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f79edaf7370986d73d204b36c50cc563a4c0f356"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d87cf2eba46deaff6142366127f2323de9f84d1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b4bd556467477420ee3a91fbcba73c579669edc6"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:07:35.709839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:41.168Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/svm/svm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "f79edaf73709",
"status": "affected",
"version": "fa4c027a7956",
"versionType": "git"
},
{
"lessThan": "1d87cf2eba46",
"status": "affected",
"version": "fa4c027a7956",
"versionType": "git"
},
{
"lessThan": "b4bd55646747",
"status": "affected",
"version": "fa4c027a7956",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/svm/svm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.4"
},
{
"lessThan": "6.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked\n\nWhen requesting an NMI window, WARN on vNMI support being enabled if and\nonly if NMIs are actually masked, i.e. if the vCPU is already handling an\nNMI. KVM\u0027s ABI for NMIs that arrive simultanesouly (from KVM\u0027s point of\nview) is to inject one NMI and pend the other. When using vNMI, KVM pends\nthe second NMI simply by setting V_NMI_PENDING, and lets the CPU do the\nrest (hardware automatically sets V_NMI_BLOCKING when an NMI is injected).\n\nHowever, if KVM can\u0027t immediately inject an NMI, e.g. because the vCPU is\nin an STI shadow or is running with GIF=0, then KVM will request an NMI\nwindow and trigger the WARN (but still function correctly).\n\nWhether or not the GIF=0 case makes sense is debatable, as the intent of\nKVM\u0027s behavior is to provide functionality that is as close to real\nhardware as possible. E.g. if two NMIs are sent in quick succession, the\nprobability of both NMIs arriving in an STI shadow is infinitesimally low\non real hardware, but significantly larger in a virtual environment, e.g.\nif the vCPU is preempted in the STI shadow. For GIF=0, the argument isn\u0027t\nas clear cut, because the window where two NMIs can collide is much larger\nin bare metal (though still small).\n\nThat said, KVM should not have divergent behavior for the GIF=0 case based\non whether or not vNMI support is enabled. And KVM has allowed\nsimultaneous NMIs with GIF=0 for over a decade, since commit 7460fb4a3400\n(\"KVM: Fix simultaneous NMIs\"). I.e. KVM\u0027s GIF=0 handling shouldn\u0027t be\nmodified without a *really* good reason to do so, and if KVM\u0027s behavior\nwere to be modified, it should be done irrespective of vNMI support."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:32:11.698Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/f79edaf7370986d73d204b36c50cc563a4c0f356"
},
{
"url": "https://git.kernel.org/stable/c/1d87cf2eba46deaff6142366127f2323de9f84d1"
},
{
"url": "https://git.kernel.org/stable/c/b4bd556467477420ee3a91fbcba73c579669edc6"
}
],
"title": "KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39483",
"datePublished": "2024-07-05T06:55:11.270Z",
"dateReserved": "2024-06-25T14:23:23.747Z",
"dateUpdated": "2024-11-05T09:32:11.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39476
Vulnerability from cvelistv5
Published
2024-07-05 06:55
Modified
2024-11-05 09:32
Severity ?
EPSS score ?
Summary
md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39476",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T15:14:06.487642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T15:14:14.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b32aa95843cac6b12c2c014d40fca18aef24a347"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/634ba3c97ec413cb10681c7b196db43ee461ecf4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa64464c8f4d2ab92f6d0b959a1e0767b829d787"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/098d54934814dd876963abfe751c3b1cf7fbe56a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f8d5e802d4cedd445f9a89be8c3fd2d0e99024b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cd2538e5af495b3c747e503db346470fc1ffc447"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e332a12f65d8fed8cf63bedb4e9317bb872b9ac7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/md/raid5.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "b32aa95843ca",
"status": "affected",
"version": "f3d55bd5b7b9",
"versionType": "git"
},
{
"lessThan": "634ba3c97ec4",
"status": "affected",
"version": "1c00bb624cd0",
"versionType": "git"
},
{
"lessThan": "aa64464c8f4d",
"status": "affected",
"version": "782b3e71c957",
"versionType": "git"
},
{
"lessThan": "098d54934814",
"status": "affected",
"version": "9e86dffd0b02",
"versionType": "git"
},
{
"lessThan": "3f8d5e802d4c",
"status": "affected",
"version": "5e2cf333b7bd",
"versionType": "git"
},
{
"lessThan": "cd2538e5af49",
"status": "affected",
"version": "5e2cf333b7bd",
"versionType": "git"
},
{
"lessThan": "e332a12f65d8",
"status": "affected",
"version": "5e2cf333b7bd",
"versionType": "git"
},
{
"lessThan": "151f66bb618d",
"status": "affected",
"version": "5e2cf333b7bd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/md/raid5.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.1"
},
{
"lessThan": "6.1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING\n\nXiao reported that lvm2 test lvconvert-raid-takeover.sh can hang with\nsmall possibility, the root cause is exactly the same as commit\nbed9e27baf52 (\"Revert \"md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d\"\")\n\nHowever, Dan reported another hang after that, and junxiao investigated\nthe problem and found out that this is caused by plugged bio can\u0027t issue\nfrom raid5d().\n\nCurrent implementation in raid5d() has a weird dependence:\n\n1) md_check_recovery() from raid5d() must hold \u0027reconfig_mutex\u0027 to clear\n MD_SB_CHANGE_PENDING;\n2) raid5d() handles IO in a deadloop, until all IO are issued;\n3) IO from raid5d() must wait for MD_SB_CHANGE_PENDING to be cleared;\n\nThis behaviour is introduce before v2.6, and for consequence, if other\ncontext hold \u0027reconfig_mutex\u0027, and md_check_recovery() can\u0027t update\nsuper_block, then raid5d() will waste one cpu 100% by the deadloop, until\n\u0027reconfig_mutex\u0027 is released.\n\nRefer to the implementation from raid1 and raid10, fix this problem by\nskipping issue IO if MD_SB_CHANGE_PENDING is still set after\nmd_check_recovery(), daemon thread will be woken up when \u0027reconfig_mutex\u0027\nis released. Meanwhile, the hang problem will be fixed as well."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:32:03.679Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/b32aa95843cac6b12c2c014d40fca18aef24a347"
},
{
"url": "https://git.kernel.org/stable/c/634ba3c97ec413cb10681c7b196db43ee461ecf4"
},
{
"url": "https://git.kernel.org/stable/c/aa64464c8f4d2ab92f6d0b959a1e0767b829d787"
},
{
"url": "https://git.kernel.org/stable/c/098d54934814dd876963abfe751c3b1cf7fbe56a"
},
{
"url": "https://git.kernel.org/stable/c/3f8d5e802d4cedd445f9a89be8c3fd2d0e99024b"
},
{
"url": "https://git.kernel.org/stable/c/cd2538e5af495b3c747e503db346470fc1ffc447"
},
{
"url": "https://git.kernel.org/stable/c/e332a12f65d8fed8cf63bedb4e9317bb872b9ac7"
},
{
"url": "https://git.kernel.org/stable/c/151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa"
}
],
"title": "md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39476",
"datePublished": "2024-07-05T06:55:06.559Z",
"dateReserved": "2024-06-25T14:23:23.746Z",
"dateUpdated": "2024-11-05T09:32:03.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39480
Vulnerability from cvelistv5
Published
2024-07-05 06:55
Modified
2024-11-05 09:32
Severity ?
EPSS score ?
Summary
kdb: Fix buffer overflow during tab-complete
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb824a99e148ff272a53d71d84122728b5f00992"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ddd2972d8e2dee3b33e8121669d55def59f0be8a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cfdc2fa4db57503bc6d3817240547c8ddc55fa96"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f636a40834d22e5e3fc748f060211879c056cd33"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/33d9c814652b971461d1e30bead6792851c209e7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/107e825cc448b7834b31e8b1b3cf0f57426d46d5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f694da720dcf795dc3eb97bf76d220213f76aaa7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e9730744bf3af04cda23799029342aa3cddbc454"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "fb824a99e148",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "ddd2972d8e2d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "cfdc2fa4db57",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "f636a40834d2",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "33d9c814652b",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "107e825cc448",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "f694da720dcf",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "e9730744bf3a",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.316",
"versionType": "git"
},
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.278",
"versionType": "git"
},
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.219",
"versionType": "git"
},
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.161",
"versionType": "git"
},
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.94",
"versionType": "git"
},
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.34",
"versionType": "git"
},
{
"lessThanOrEqual": "6.10",
"status": "unaffected",
"version": "6.9.5",
"versionType": "git"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "git"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39480",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T03:55:14.759316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T14:14:17.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/debug/kdb/kdb_io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fb824a99e148",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "ddd2972d8e2d",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "cfdc2fa4db57",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "f636a40834d2",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "33d9c814652b",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "107e825cc448",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "f694da720dcf",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
},
{
"lessThan": "e9730744bf3a",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/debug/kdb/kdb_io.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nkdb: Fix buffer overflow during tab-complete\n\nCurrently, when the user attempts symbol completion with the Tab key, kdb\nwill use strncpy() to insert the completed symbol into the command buffer.\nUnfortunately it passes the size of the source buffer rather than the\ndestination to strncpy() with predictably horrible results. Most obviously\nif the command buffer is already full but cp, the cursor position, is in\nthe middle of the buffer, then we will write past the end of the supplied\nbuffer.\n\nFix this by replacing the dubious strncpy() calls with memmove()/memcpy()\ncalls plus explicit boundary checks to make sure we have enough space\nbefore we start moving characters around."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:32:08.285Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fb824a99e148ff272a53d71d84122728b5f00992"
},
{
"url": "https://git.kernel.org/stable/c/ddd2972d8e2dee3b33e8121669d55def59f0be8a"
},
{
"url": "https://git.kernel.org/stable/c/cfdc2fa4db57503bc6d3817240547c8ddc55fa96"
},
{
"url": "https://git.kernel.org/stable/c/f636a40834d22e5e3fc748f060211879c056cd33"
},
{
"url": "https://git.kernel.org/stable/c/33d9c814652b971461d1e30bead6792851c209e7"
},
{
"url": "https://git.kernel.org/stable/c/107e825cc448b7834b31e8b1b3cf0f57426d46d5"
},
{
"url": "https://git.kernel.org/stable/c/f694da720dcf795dc3eb97bf76d220213f76aaa7"
},
{
"url": "https://git.kernel.org/stable/c/e9730744bf3af04cda23799029342aa3cddbc454"
}
],
"title": "kdb: Fix buffer overflow during tab-complete",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39480",
"datePublished": "2024-07-05T06:55:09.241Z",
"dateReserved": "2024-06-25T14:23:23.746Z",
"dateUpdated": "2024-11-05T09:32:08.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39485
Vulnerability from cvelistv5
Published
2024-07-05 06:55
Modified
2024-11-05 09:32
Severity ?
EPSS score ?
Summary
media: v4l: async: Properly re-initialise notifier entry in unregister
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39485",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T14:13:04.485631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T14:13:13.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.599Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/87100b09246202a91fce4a1562955c32229173bb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1aa6cd4adfc0380fa1ccc2f146848940ff882a66"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9537a8425a7a0222999d5839a0b394b1e8834b4a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/v4l2-core/v4l2-async.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "87100b092462",
"status": "affected",
"version": "b8ec754ae4c5",
"versionType": "git"
},
{
"lessThan": "1aa6cd4adfc0",
"status": "affected",
"version": "b8ec754ae4c5",
"versionType": "git"
},
{
"lessThan": "9537a8425a7a",
"status": "affected",
"version": "b8ec754ae4c5",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/v4l2-core/v4l2-async.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l: async: Properly re-initialise notifier entry in unregister\n\nThe notifier_entry of a notifier is not re-initialised after unregistering\nthe notifier. This leads to dangling pointers being left there so use\nlist_del_init() to return the notifier_entry an empty list."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:32:13.945Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/87100b09246202a91fce4a1562955c32229173bb"
},
{
"url": "https://git.kernel.org/stable/c/1aa6cd4adfc0380fa1ccc2f146848940ff882a66"
},
{
"url": "https://git.kernel.org/stable/c/9537a8425a7a0222999d5839a0b394b1e8834b4a"
}
],
"title": "media: v4l: async: Properly re-initialise notifier entry in unregister",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39485",
"datePublished": "2024-07-05T06:55:12.633Z",
"dateReserved": "2024-06-25T14:23:23.747Z",
"dateUpdated": "2024-11-05T09:32:13.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39484
Vulnerability from cvelistv5
Published
2024-07-05 06:55
Modified
2024-11-05 09:32
Severity ?
EPSS score ?
Summary
mmc: davinci: Don't strip remove function when driver is builtin
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T15:13:35.601101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T15:13:44.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ff7cfa02baabec907f6f29ea76634e6256d2ec4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aea35157bb9b825faa0432bd0f7fbea37ff39aa1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5ee241f72edc6dce5051a5f100eab6cc019d873e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7590da4c04dd4aa9c262da0231e978263861c6eb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1d5ed0efe51d36b9ae9b64f133bf41cdbf56f584"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/55c421b364482b61c4c45313a535e61ed5ae4ea3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/mmc/host/davinci_mmc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6ff7cfa02baa",
"status": "affected",
"version": "b4cff4549b7a",
"versionType": "git"
},
{
"lessThan": "aea35157bb9b",
"status": "affected",
"version": "b4cff4549b7a",
"versionType": "git"
},
{
"lessThan": "5ee241f72edc",
"status": "affected",
"version": "b4cff4549b7a",
"versionType": "git"
},
{
"lessThan": "7590da4c04dd",
"status": "affected",
"version": "b4cff4549b7a",
"versionType": "git"
},
{
"lessThan": "1d5ed0efe51d",
"status": "affected",
"version": "b4cff4549b7a",
"versionType": "git"
},
{
"lessThan": "55c421b36448",
"status": "affected",
"version": "b4cff4549b7a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/mmc/host/davinci_mmc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.33"
},
{
"lessThan": "2.6.33",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.221",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.162",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: davinci: Don\u0027t strip remove function when driver is builtin\n\nUsing __exit for the remove function results in the remove callback being\ndiscarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g.\nusing sysfs or hotplug), the driver is just removed without the cleanup\nbeing performed. This results in resource leaks. Fix it by compiling in the\nremove callback unconditionally.\n\nThis also fixes a W=1 modpost warning:\n\nWARNING: modpost: drivers/mmc/host/davinci_mmc: section mismatch in\nreference: davinci_mmcsd_driver+0x10 (section: .data) -\u003e\ndavinci_mmcsd_remove (section: .exit.text)"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:32:12.815Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6ff7cfa02baabec907f6f29ea76634e6256d2ec4"
},
{
"url": "https://git.kernel.org/stable/c/aea35157bb9b825faa0432bd0f7fbea37ff39aa1"
},
{
"url": "https://git.kernel.org/stable/c/5ee241f72edc6dce5051a5f100eab6cc019d873e"
},
{
"url": "https://git.kernel.org/stable/c/7590da4c04dd4aa9c262da0231e978263861c6eb"
},
{
"url": "https://git.kernel.org/stable/c/1d5ed0efe51d36b9ae9b64f133bf41cdbf56f584"
},
{
"url": "https://git.kernel.org/stable/c/55c421b364482b61c4c45313a535e61ed5ae4ea3"
}
],
"title": "mmc: davinci: Don\u0027t strip remove function when driver is builtin",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39484",
"datePublished": "2024-07-05T06:55:11.970Z",
"dateReserved": "2024-06-25T14:23:23.747Z",
"dateUpdated": "2024-11-05T09:32:12.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39474
Vulnerability from cvelistv5
Published
2024-07-05 06:55
Modified
2024-11-05 09:32
Severity ?
EPSS score ?
Summary
mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T17:54:33.929150Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T17:54:45.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:14.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/198a80833e3421d4c9820a4ae907120adf598c91"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c55d3564ad25ce87ab7cc6af251f9574faebd8da"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/758678b65164b2158fc1de411092191cb3c394d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8e0545c83d672750632f46e3f9ad95c48c91a0fc"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"mm/vmalloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "198a80833e34",
"status": "affected",
"version": "9376130c390a",
"versionType": "git"
},
{
"lessThan": "c55d3564ad25",
"status": "affected",
"version": "9376130c390a",
"versionType": "git"
},
{
"lessThan": "758678b65164",
"status": "affected",
"version": "9376130c390a",
"versionType": "git"
},
{
"lessThan": "8e0545c83d67",
"status": "affected",
"version": "9376130c390a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"mm/vmalloc.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.17"
},
{
"lessThan": "5.17",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.95",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL\n\ncommit a421ef303008 (\"mm: allow !GFP_KERNEL allocations for kvmalloc\")\nincludes support for __GFP_NOFAIL, but it presents a conflict with commit\ndd544141b9eb (\"vmalloc: back off when the current task is OOM-killed\"). A\npossible scenario is as follows:\n\nprocess-a\n__vmalloc_node_range(GFP_KERNEL | __GFP_NOFAIL)\n __vmalloc_area_node()\n vm_area_alloc_pages()\n\t\t--\u003e oom-killer send SIGKILL to process-a\n if (fatal_signal_pending(current)) break;\n--\u003e return NULL;\n\nTo fix this, do not check fatal_signal_pending() in vm_area_alloc_pages()\nif __GFP_NOFAIL set.\n\nThis issue occurred during OPLUS KASAN TEST. Below is part of the log\n-\u003e oom-killer sends signal to process\n[65731.222840] [ T1308] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/apps/uid_10198,task=gs.intelligence,pid=32454,uid=10198\n\n[65731.259685] [T32454] Call trace:\n[65731.259698] [T32454] dump_backtrace+0xf4/0x118\n[65731.259734] [T32454] show_stack+0x18/0x24\n[65731.259756] [T32454] dump_stack_lvl+0x60/0x7c\n[65731.259781] [T32454] dump_stack+0x18/0x38\n[65731.259800] [T32454] mrdump_common_die+0x250/0x39c [mrdump]\n[65731.259936] [T32454] ipanic_die+0x20/0x34 [mrdump]\n[65731.260019] [T32454] atomic_notifier_call_chain+0xb4/0xfc\n[65731.260047] [T32454] notify_die+0x114/0x198\n[65731.260073] [T32454] die+0xf4/0x5b4\n[65731.260098] [T32454] die_kernel_fault+0x80/0x98\n[65731.260124] [T32454] __do_kernel_fault+0x160/0x2a8\n[65731.260146] [T32454] do_bad_area+0x68/0x148\n[65731.260174] [T32454] do_mem_abort+0x151c/0x1b34\n[65731.260204] [T32454] el1_abort+0x3c/0x5c\n[65731.260227] [T32454] el1h_64_sync_handler+0x54/0x90\n[65731.260248] [T32454] el1h_64_sync+0x68/0x6c\n\n[65731.260269] [T32454] z_erofs_decompress_queue+0x7f0/0x2258\n--\u003e be-\u003edecompressed_pages = kvcalloc(be-\u003enr_pages, sizeof(struct page *), GFP_KERNEL | __GFP_NOFAIL);\n\tkernel panic by NULL pointer dereference.\n\terofs assume kvmalloc with __GFP_NOFAIL never return NULL.\n[65731.260293] [T32454] z_erofs_runqueue+0xf30/0x104c\n[65731.260314] [T32454] z_erofs_readahead+0x4f0/0x968\n[65731.260339] [T32454] read_pages+0x170/0xadc\n[65731.260364] [T32454] page_cache_ra_unbounded+0x874/0xf30\n[65731.260388] [T32454] page_cache_ra_order+0x24c/0x714\n[65731.260411] [T32454] filemap_fault+0xbf0/0x1a74\n[65731.260437] [T32454] __do_fault+0xd0/0x33c\n[65731.260462] [T32454] handle_mm_fault+0xf74/0x3fe0\n[65731.260486] [T32454] do_mem_abort+0x54c/0x1b34\n[65731.260509] [T32454] el0_da+0x44/0x94\n[65731.260531] [T32454] el0t_64_sync_handler+0x98/0xb4\n[65731.260553] [T32454] el0t_64_sync+0x198/0x19c"
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:32:01.035Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/198a80833e3421d4c9820a4ae907120adf598c91"
},
{
"url": "https://git.kernel.org/stable/c/c55d3564ad25ce87ab7cc6af251f9574faebd8da"
},
{
"url": "https://git.kernel.org/stable/c/758678b65164b2158fc1de411092191cb3c394d4"
},
{
"url": "https://git.kernel.org/stable/c/8e0545c83d672750632f46e3f9ad95c48c91a0fc"
}
],
"title": "mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39474",
"datePublished": "2024-07-05T06:55:05.178Z",
"dateReserved": "2024-06-25T14:23:23.745Z",
"dateUpdated": "2024-11-05T09:32:01.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39475
Vulnerability from cvelistv5
Published
2024-07-05 06:55
Modified
2024-11-05 09:32
Severity ?
EPSS score ?
Summary
fbdev: savage: Handle err return when savagefb_check_var failed
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:26:15.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be754cbd77eaf2932408a4e18532e4945274a5c7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/86435f39c18967cdd937d7a49ba539cdea7fb547"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/32f92b0078ebf79dbe4827288e0acb50d89d3d5b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4b2c67e30b4e1d2ae19dba8b8e8f3b5fd3cf8089"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/edaa57480b876e8203b51df7c3d14a51ea6b09e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b8385ff814ca4cb7e63789841e6ec2a14c73e1e8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f446859bfa46df0ffb34149499f48a2c2d8cd95"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6ad959b6703e2c4c5d7af03b4cfd5ff608036339"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:07:41.967965Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:41.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/savage/savagefb_driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "be754cbd77ea",
"status": "affected",
"version": "224453de8505",
"versionType": "git"
},
{
"lessThan": "86435f39c189",
"status": "affected",
"version": "84dce0f6a4cc",
"versionType": "git"
},
{
"lessThan": "32f92b0078eb",
"status": "affected",
"version": "512ee6d6041e",
"versionType": "git"
},
{
"lessThan": "4b2c67e30b4e",
"status": "affected",
"version": "8c54acf33e5a",
"versionType": "git"
},
{
"lessThan": "edaa57480b87",
"status": "affected",
"version": "070398d32c5f",
"versionType": "git"
},
{
"lessThan": "b8385ff814ca",
"status": "affected",
"version": "bc3c2e58d73b",
"versionType": "git"
},
{
"lessThan": "5f446859bfa4",
"status": "affected",
"version": "04e5eac8f3ab",
"versionType": "git"
},
{
"lessThan": "6ad959b6703e",
"status": "affected",
"version": "04e5eac8f3ab",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/video/fbdev/savage/savagefb_driver.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.8"
},
{
"lessThan": "6.8",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.94",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.34",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Handle err return when savagefb_check_var failed\n\nThe commit 04e5eac8f3ab(\"fbdev: savage: Error out if pixclock equals zero\")\nchecks the value of pixclock to avoid divide-by-zero error. However\nthe function savagefb_probe doesn\u0027t handle the error return of\nsavagefb_check_var. When pixclock is 0, it will cause divide-by-zero error."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T09:32:02.393Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/be754cbd77eaf2932408a4e18532e4945274a5c7"
},
{
"url": "https://git.kernel.org/stable/c/86435f39c18967cdd937d7a49ba539cdea7fb547"
},
{
"url": "https://git.kernel.org/stable/c/32f92b0078ebf79dbe4827288e0acb50d89d3d5b"
},
{
"url": "https://git.kernel.org/stable/c/4b2c67e30b4e1d2ae19dba8b8e8f3b5fd3cf8089"
},
{
"url": "https://git.kernel.org/stable/c/edaa57480b876e8203b51df7c3d14a51ea6b09e3"
},
{
"url": "https://git.kernel.org/stable/c/b8385ff814ca4cb7e63789841e6ec2a14c73e1e8"
},
{
"url": "https://git.kernel.org/stable/c/5f446859bfa46df0ffb34149499f48a2c2d8cd95"
},
{
"url": "https://git.kernel.org/stable/c/6ad959b6703e2c4c5d7af03b4cfd5ff608036339"
}
],
"title": "fbdev: savage: Handle err return when savagefb_check_var failed",
"x_generator": {
"engine": "bippy-9e1c9544281a"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-39475",
"datePublished": "2024-07-05T06:55:05.886Z",
"dateReserved": "2024-06-25T14:23:23.745Z",
"dateUpdated": "2024-11-05T09:32:02.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.