cvelistv5 - CVE-2024-43900

CVE-2024-43900

Vulnerability from cvelistv5

Published

2024-08-26 10:10

Modified

2024-12-19 09:18

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() [1]. The reason is because the module allocated a struct tuner in tuner_probe(), and then the module initialization failed, the struct tuner was released. A worker which created during module initialization accesses this struct tuner later, it caused use-after-free. The process is as follows: task-6504 worker_thread tuner_probe <= alloc dvb_frontend [2] ... request_firmware_nowait <= create a worker ... tuner_remove <= free dvb_frontend ... request_firmware_work_func <= the firmware is ready load_firmware_cb <= but now the dvb_frontend has been freed To fix the issue, check the dvd_frontend in load_firmware_cb(), if it is null, report a warning and just return. [1]: ================================================================== BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0 Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504 Call trace: load_firmware_cb+0x1310/0x17a0 request_firmware_work_func+0x128/0x220 process_one_work+0x770/0x1824 worker_thread+0x488/0xea0 kthread+0x300/0x430 ret_from_fork+0x10/0x20 Allocated by task 6504: kzalloc tuner_probe+0xb0/0x1430 i2c_device_probe+0x92c/0xaf0 really_probe+0x678/0xcd0 driver_probe_device+0x280/0x370 __device_attach_driver+0x220/0x330 bus_for_each_drv+0x134/0x1c0 __device_attach+0x1f4/0x410 device_initial_probe+0x20/0x30 bus_probe_device+0x184/0x200 device_add+0x924/0x12c0 device_register+0x24/0x30 i2c_new_device+0x4e0/0xc44 v4l2_i2c_new_subdev_board+0xbc/0x290 v4l2_i2c_new_subdev+0xc8/0x104 em28xx_v4l2_init+0x1dd0/0x3770 Freed by task 6504: kfree+0x238/0x4e4 tuner_remove+0x144/0x1c0 i2c_device_remove+0xc8/0x290 __device_release_driver+0x314/0x5fc device_release_driver+0x30/0x44 bus_remove_device+0x244/0x490 device_del+0x350/0x900 device_unregister+0x28/0xd0 i2c_unregister_device+0x174/0x1d0 v4l2_device_unregister+0x224/0x380 em28xx_v4l2_init+0x1d90/0x3770 The buggy address belongs to the object at ffff8000d7ca2000 which belongs to the cache kmalloc-2k of size 2048 The buggy address is located 776 bytes inside of 2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800) The buggy address belongs to the page: page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0 flags: 0x7ff800000000100(slab) raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== [2] Actually, it is allocated for struct tuner, and dvb_frontend is inside.

References

URL	Tags
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b	Patch
416baaa9-dc9f-4396-8d5f-8c081fb06d67	https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e	Patch

Impacted products

Vendor

Product

Version

▼

Linux

Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Version: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-43900",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:28:53.298476Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-12T17:32:57.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/tuners/xc2028.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ef517bdfc01818419f7bd426969a0c86b14f3e0e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "850304152d367f104d21c77cfbcc05806504218b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "68594cec291ff9523b9feb3f43fd853dcddd1f60",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/tuners/xc2028.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.105",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.46",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.10.*",
              "status": "unaffected",
              "version": "6.10.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.11",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504           worker_thread\ntuner_probe                             \u003c= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait                 \u003c= create a worker\n...\ntuner_remove                            \u003c= free dvb_frontend\n...\n                    request_firmware_work_func  \u003c= the firmware is ready\n                    load_firmware_cb    \u003c= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n    ==================================================================\n     BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n     Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n     Call trace:\n      load_firmware_cb+0x1310/0x17a0\n      request_firmware_work_func+0x128/0x220\n      process_one_work+0x770/0x1824\n      worker_thread+0x488/0xea0\n      kthread+0x300/0x430\n      ret_from_fork+0x10/0x20\n\n     Allocated by task 6504:\n      kzalloc\n      tuner_probe+0xb0/0x1430\n      i2c_device_probe+0x92c/0xaf0\n      really_probe+0x678/0xcd0\n      driver_probe_device+0x280/0x370\n      __device_attach_driver+0x220/0x330\n      bus_for_each_drv+0x134/0x1c0\n      __device_attach+0x1f4/0x410\n      device_initial_probe+0x20/0x30\n      bus_probe_device+0x184/0x200\n      device_add+0x924/0x12c0\n      device_register+0x24/0x30\n      i2c_new_device+0x4e0/0xc44\n      v4l2_i2c_new_subdev_board+0xbc/0x290\n      v4l2_i2c_new_subdev+0xc8/0x104\n      em28xx_v4l2_init+0x1dd0/0x3770\n\n     Freed by task 6504:\n      kfree+0x238/0x4e4\n      tuner_remove+0x144/0x1c0\n      i2c_device_remove+0xc8/0x290\n      __device_release_driver+0x314/0x5fc\n      device_release_driver+0x30/0x44\n      bus_remove_device+0x244/0x490\n      device_del+0x350/0x900\n      device_unregister+0x28/0xd0\n      i2c_unregister_device+0x174/0x1d0\n      v4l2_device_unregister+0x224/0x380\n      em28xx_v4l2_init+0x1d90/0x3770\n\n     The buggy address belongs to the object at ffff8000d7ca2000\n      which belongs to the cache kmalloc-2k of size 2048\n     The buggy address is located 776 bytes inside of\n      2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n     The buggy address belongs to the page:\n     page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n     flags: 0x7ff800000000100(slab)\n     raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n     raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n     page dumped because: kasan: bad access detected\n\n     Memory state around the buggy address:\n      ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     \u003effff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                           ^\n      ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     ==================================================================\n\n[2]\n    Actually, it is allocated for struct tuner, and dvb_frontend is inside."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-19T09:18:05.179Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e"
        },
        {
          "url": "https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b"
        },
        {
          "url": "https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5"
        },
        {
          "url": "https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60"
        }
      ],
      "title": "media: xc2028: avoid use-after-free in load_firmware_cb()",
      "x_generator": {
        "engine": "bippy-5f407fcff5a0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-43900",
    "datePublished": "2024-08-26T10:10:58.767Z",
    "dateReserved": "2024-08-17T09:11:59.291Z",
    "dateUpdated": "2024-12-19T09:18:05.179Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-43900\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2024-08-26T11:15:04.613\",\"lastModified\":\"2024-08-27T14:38:32.967\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\\n\\nsyzkaller reported use-after-free in load_firmware_cb() [1].\\nThe reason is because the module allocated a struct tuner in tuner_probe(),\\nand then the module initialization failed, the struct tuner was released.\\nA worker which created during module initialization accesses this struct\\ntuner later, it caused use-after-free.\\n\\nThe process is as follows:\\n\\ntask-6504           worker_thread\\ntuner_probe                             \u003c= alloc dvb_frontend [2]\\n...\\nrequest_firmware_nowait                 \u003c= create a worker\\n...\\ntuner_remove                            \u003c= free dvb_frontend\\n...\\n                    request_firmware_work_func  \u003c= the firmware is ready\\n                    load_firmware_cb    \u003c= but now the dvb_frontend has been freed\\n\\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\\nnull, report a warning and just return.\\n\\n[1]:\\n    ==================================================================\\n     BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\\n     Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\\n\\n     Call trace:\\n      load_firmware_cb+0x1310/0x17a0\\n      request_firmware_work_func+0x128/0x220\\n      process_one_work+0x770/0x1824\\n      worker_thread+0x488/0xea0\\n      kthread+0x300/0x430\\n      ret_from_fork+0x10/0x20\\n\\n     Allocated by task 6504:\\n      kzalloc\\n      tuner_probe+0xb0/0x1430\\n      i2c_device_probe+0x92c/0xaf0\\n      really_probe+0x678/0xcd0\\n      driver_probe_device+0x280/0x370\\n      __device_attach_driver+0x220/0x330\\n      bus_for_each_drv+0x134/0x1c0\\n      __device_attach+0x1f4/0x410\\n      device_initial_probe+0x20/0x30\\n      bus_probe_device+0x184/0x200\\n      device_add+0x924/0x12c0\\n      device_register+0x24/0x30\\n      i2c_new_device+0x4e0/0xc44\\n      v4l2_i2c_new_subdev_board+0xbc/0x290\\n      v4l2_i2c_new_subdev+0xc8/0x104\\n      em28xx_v4l2_init+0x1dd0/0x3770\\n\\n     Freed by task 6504:\\n      kfree+0x238/0x4e4\\n      tuner_remove+0x144/0x1c0\\n      i2c_device_remove+0xc8/0x290\\n      __device_release_driver+0x314/0x5fc\\n      device_release_driver+0x30/0x44\\n      bus_remove_device+0x244/0x490\\n      device_del+0x350/0x900\\n      device_unregister+0x28/0xd0\\n      i2c_unregister_device+0x174/0x1d0\\n      v4l2_device_unregister+0x224/0x380\\n      em28xx_v4l2_init+0x1d90/0x3770\\n\\n     The buggy address belongs to the object at ffff8000d7ca2000\\n      which belongs to the cache kmalloc-2k of size 2048\\n     The buggy address is located 776 bytes inside of\\n      2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\\n     The buggy address belongs to the page:\\n     page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\\n     flags: 0x7ff800000000100(slab)\\n     raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\\n     raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\\n     page dumped because: kasan: bad access detected\\n\\n     Memory state around the buggy address:\\n      ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\\n      ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\\n     \u003effff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\\n                           ^\\n      ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\\n      ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\\n     ==================================================================\\n\\n[2]\\n    Actually, it is allocated for struct tuner, and dvb_frontend is inside.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medio: xc2028: evitar el use-after-free en load_firmware_cb() syzkaller inform\u00f3 el use-after-free en load_firmware_cb() [1]. La raz\u00f3n es que el m\u00f3dulo asign\u00f3 un sintonizador de estructuras en tuner_probe(), y luego la inicializaci\u00f3n del m\u00f3dulo fall\u00f3, se liber\u00f3 el sintonizador de estructuras. Un trabajador que cre\u00f3 durante la inicializaci\u00f3n del m\u00f3dulo accede a este sintonizador de estructuras m\u00e1s tarde, lo que provoc\u00f3 un use-after-free. El proceso es el siguiente: task-6504 trabajador_thread tuner_probe \u0026lt;= alloc dvb_frontend [2]... request_firmware_nowait \u0026lt;= crear un trabajador... tuner_remove \u0026lt;= free dvb_frontend... request_firmware_work_func \u0026lt;= el firmware est\u00e1 listo load_firmware_cb \u0026lt;= pero ahora el dvb_frontend ha sido liberado. Para solucionar el problema, verifique el dvd_frontend en load_firmware_cb(), si es nulo, informe una advertencia y simplemente regrese. [1]: =============================================== ==================== ERROR: KASAN: use-after-free en load_firmware_cb+0x1310/0x17a0 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8000d7ca2308 por tarea kworker/2:3/ 6504 Rastreo de llamadas: load_firmware_cb+0x1310/0x17a0 request_firmware_work_func+0x128/0x220 Process_one_work+0x770/0x1824 Workers_thread+0x488/0xea0 kthread+0x300/0x430 ret_from_fork+0x10/0x20 Asignado por tarea 650 4: kzalloc tuner_probe+0xb0/0x1430 i2c_device_probe+0x92c/0xaf0 very_probe+0x678/0xcd0 driver_probe_device+0x280/0x370 __device_attach_driver+0x220/0x330 bus_for_each_drv+0x134/0x1c0 __device_attach+0x1f4/0x410 dispositivo_initial_probe+0x20/0x30 bus_probe_device+0x 184/0x200 dispositivo_add+0x924/0x12c0 registro_dispositivo+0x24/0x30 i2c_new_device+0x4e0/0xc44 v4l2_i2c_new_subdev_board+0xbc/0x290 v4l2_i2c_new_subdev+0xc8/0x104 em28xx_v4l2_init+0x1dd0/0x3770 Liberado por la tarea 6504: kfree+0x238/0x4e4 tuner_remove+0x144/0x1c0 vice_remove+0xc8/0x290 __device_release_driver+0x314/0x5fc dispositivo_release_driver+0x30/0x44 bus_remove_device+0x244/0x490 device_del+0x350/0x900 device_unregister+0x28/0xd0 i2c_unregister_device+0x174/0x1d0 v4l2_device_unregister+0x224/0x380 em28xx_v4l2_init+0x1d90/0x3770 La direcci\u00f3n con errores pertenece al objeto en ffff8000d7ca200 0 que pertenece al cach\u00e9 kmalloc-2k de tama\u00f1o 2048 La direcci\u00f3n del error se encuentra 776 bytes dentro de la regi\u00f3n de 2048 bytes [ffff8000d7ca2000, ffff8000d7ca2800) La direcci\u00f3n con errores pertenece a la p\u00e1gina: p\u00e1gina:ffff7fe00035f280 recuento:1 mapcount:0 mapeo:ffff8000c001f000 \u00edndice:0x0 banderas: 0x7ff800000000100(slab) : 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000 crudo: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 p\u00e1gina volcada porque: kasan: mal acceso detectado Estado de la memoria alrededor de la direcci\u00f3n del error: ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb f b fb fb fb ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb \u0026gt;ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb ffff8000d7ca2400: b fb fb fb fb fb fb fb fb fb fb fb fb fb fb ======================================== ============================ [2] En realidad, est\u00e1 asignado para el sintonizador de estructuras y dvb_frontend est\u00e1 dentro.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1.105\",\"matchCriteriaId\":\"ECB889E5-9368-4201-9049-7289757A0B8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.46\",\"matchCriteriaId\":\"FA11941E-81FB-484C-B583-881EEB488340\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.10.5\",\"matchCriteriaId\":\"D074AE50-4A5E-499C-A2FD-75FD60DEA560\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}

ghsa-8j3f-9fhh-xf4c

Vulnerability from github

Published

2024-08-26 12:31

Modified

2024-08-27 15:32

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

In the Linux kernel, the following vulnerability has been resolved:

media: xc2028: avoid use-after-free in load_firmware_cb()

syzkaller reported use-after-free in load_firmware_cb() 1. The reason is because the module allocated a struct tuner in tuner_probe(), and then the module initialization failed, the struct tuner was released. A worker which created during module initialization accesses this struct tuner later, it caused use-after-free.

The process is as follows:

task-6504 worker_thread tuner_probe <= alloc dvb_frontend [2] ... request_firmware_nowait <= create a worker ... tuner_remove <= free dvb_frontend ... request_firmware_work_func <= the firmware is ready load_firmware_cb <= but now the dvb_frontend has been freed

To fix the issue, check the dvd_frontend in load_firmware_cb(), if it is null, report a warning and just return.

 BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0
 Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504

 Call trace:
  load_firmware_cb+0x1310/0x17a0
  request_firmware_work_func+0x128/0x220
  process_one_work+0x770/0x1824
  worker_thread+0x488/0xea0
  kthread+0x300/0x430
  ret_from_fork+0x10/0x20

 Allocated by task 6504:
  kzalloc
  tuner_probe+0xb0/0x1430
  i2c_device_probe+0x92c/0xaf0
  really_probe+0x678/0xcd0
  driver_probe_device+0x280/0x370
  __device_attach_driver+0x220/0x330
  bus_for_each_drv+0x134/0x1c0
  __device_attach+0x1f4/0x410
  device_initial_probe+0x20/0x30
  bus_probe_device+0x184/0x200
  device_add+0x924/0x12c0
  device_register+0x24/0x30
  i2c_new_device+0x4e0/0xc44
  v4l2_i2c_new_subdev_board+0xbc/0x290
  v4l2_i2c_new_subdev+0xc8/0x104
  em28xx_v4l2_init+0x1dd0/0x3770

 Freed by task 6504:
  kfree+0x238/0x4e4
  tuner_remove+0x144/0x1c0
  i2c_device_remove+0xc8/0x290
  __device_release_driver+0x314/0x5fc
  device_release_driver+0x30/0x44
  bus_remove_device+0x244/0x490
  device_del+0x350/0x900
  device_unregister+0x28/0xd0
  i2c_unregister_device+0x174/0x1d0
  v4l2_device_unregister+0x224/0x380
  em28xx_v4l2_init+0x1d90/0x3770

 The buggy address belongs to the object at ffff8000d7ca2000
  which belongs to the cache kmalloc-2k of size 2048
 The buggy address is located 776 bytes inside of
  2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)
 The buggy address belongs to the page:
 page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0
 flags: 0x7ff800000000100(slab)
 raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000
 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
 page dumped because: kasan: bad access detected

 Memory state around the buggy address:
  ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
  ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 >ffff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
                       ^
  ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
  ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
 ==================================================================

[2] Actually, it is allocated for struct tuner, and dvb_frontend is inside.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-43900"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-26T11:15:04Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: xc2028: avoid use-after-free in load_firmware_cb()\n\nsyzkaller reported use-after-free in load_firmware_cb() [1].\nThe reason is because the module allocated a struct tuner in tuner_probe(),\nand then the module initialization failed, the struct tuner was released.\nA worker which created during module initialization accesses this struct\ntuner later, it caused use-after-free.\n\nThe process is as follows:\n\ntask-6504           worker_thread\ntuner_probe                             \u003c= alloc dvb_frontend [2]\n...\nrequest_firmware_nowait                 \u003c= create a worker\n...\ntuner_remove                            \u003c= free dvb_frontend\n...\n                    request_firmware_work_func  \u003c= the firmware is ready\n                    load_firmware_cb    \u003c= but now the dvb_frontend has been freed\n\nTo fix the issue, check the dvd_frontend in load_firmware_cb(), if it is\nnull, report a warning and just return.\n\n[1]:\n    ==================================================================\n     BUG: KASAN: use-after-free in load_firmware_cb+0x1310/0x17a0\n     Read of size 8 at addr ffff8000d7ca2308 by task kworker/2:3/6504\n\n     Call trace:\n      load_firmware_cb+0x1310/0x17a0\n      request_firmware_work_func+0x128/0x220\n      process_one_work+0x770/0x1824\n      worker_thread+0x488/0xea0\n      kthread+0x300/0x430\n      ret_from_fork+0x10/0x20\n\n     Allocated by task 6504:\n      kzalloc\n      tuner_probe+0xb0/0x1430\n      i2c_device_probe+0x92c/0xaf0\n      really_probe+0x678/0xcd0\n      driver_probe_device+0x280/0x370\n      __device_attach_driver+0x220/0x330\n      bus_for_each_drv+0x134/0x1c0\n      __device_attach+0x1f4/0x410\n      device_initial_probe+0x20/0x30\n      bus_probe_device+0x184/0x200\n      device_add+0x924/0x12c0\n      device_register+0x24/0x30\n      i2c_new_device+0x4e0/0xc44\n      v4l2_i2c_new_subdev_board+0xbc/0x290\n      v4l2_i2c_new_subdev+0xc8/0x104\n      em28xx_v4l2_init+0x1dd0/0x3770\n\n     Freed by task 6504:\n      kfree+0x238/0x4e4\n      tuner_remove+0x144/0x1c0\n      i2c_device_remove+0xc8/0x290\n      __device_release_driver+0x314/0x5fc\n      device_release_driver+0x30/0x44\n      bus_remove_device+0x244/0x490\n      device_del+0x350/0x900\n      device_unregister+0x28/0xd0\n      i2c_unregister_device+0x174/0x1d0\n      v4l2_device_unregister+0x224/0x380\n      em28xx_v4l2_init+0x1d90/0x3770\n\n     The buggy address belongs to the object at ffff8000d7ca2000\n      which belongs to the cache kmalloc-2k of size 2048\n     The buggy address is located 776 bytes inside of\n      2048-byte region [ffff8000d7ca2000, ffff8000d7ca2800)\n     The buggy address belongs to the page:\n     page:ffff7fe00035f280 count:1 mapcount:0 mapping:ffff8000c001f000 index:0x0\n     flags: 0x7ff800000000100(slab)\n     raw: 07ff800000000100 ffff7fe00049d880 0000000300000003 ffff8000c001f000\n     raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000\n     page dumped because: kasan: bad access detected\n\n     Memory state around the buggy address:\n      ffff8000d7ca2200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     \u003effff8000d7ca2300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n                           ^\n      ffff8000d7ca2380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n      ffff8000d7ca2400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb\n     ==================================================================\n\n[2]\n    Actually, it is allocated for struct tuner, and dvb_frontend is inside.",
  "id": "GHSA-8j3f-9fhh-xf4c",
  "modified": "2024-08-27T15:32:44Z",
  "published": "2024-08-26T12:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43900"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/208deb6d8c3cb8c3acb1f41eb31cf68ea08726d5"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/68594cec291ff9523b9feb3f43fd853dcddd1f60"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/850304152d367f104d21c77cfbcc05806504218b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

wid-sec-w-2024-1925

Vulnerability from csaf_certbund

Published

2024-08-25 22:00

Modified

2024-11-28 23:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen und um weitere, nicht beschriebene Auswirkungen zu erzielen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und um weitere, nicht beschriebene Auswirkungen zu erzielen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1925 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1925.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1925 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1925"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcements vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43896 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082610-CVE-2024-43896-10b9@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43898 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082613-CVE-2024-43898-52c2@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43899 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082614-CVE-2024-43899-2339@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43900 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082616-CVE-2024-43900-029c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43901 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082617-CVE-2024-43901-6c76@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43902 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082618-CVE-2024-43902-eb6d@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43903 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082620-CVE-2024-43903-3644@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43904 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082621-CVE-2024-43904-63a1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43905 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082623-CVE-2024-43905-008f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43906 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082624-CVE-2024-43906-27ab@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43907 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082626-CVE-2024-43907-91a1@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43908 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082627-CVE-2024-43908-4406@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43909 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082628-CVE-2024-43909-acb8@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43910 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082630-CVE-2024-43910-c6ec@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43911 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082631-CVE-2024-43911-96bb@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43912 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082632-CVE-2024-43912-801f@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43913 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082633-CVE-2024-43913-6ec7@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-43914 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082635-CVE-2024-43914-a664@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-44931 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082636-CVE-2024-44931-8212@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-44932 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082638-CVE-2024-44932-2659@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-44933 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082639-CVE-2024-44933-222c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-44934 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082641-CVE-2024-44934-a7fe@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-44935 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082642-CVE-2024-44935-3452@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-44936 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082643-CVE-2024-44936-505c@gregkh/"
      },
      {
        "category": "external",
        "summary": "Linux CVE Announcement CVE-2024-44937 vom 2024-08-25",
        "url": "https://lore.kernel.org/linux-cve-announce/2024082645-CVE-2024-44937-5c1d@gregkh/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3194-1 vom 2024-09-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019400.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3189-1 vom 2024-09-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019404.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3195-1 vom 2024-09-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019407.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3190-1 vom 2024-09-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019403.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3209-1 vom 2024-09-11",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/YNWVZVIFSX7PLBJX3I3PDZ4MIBERTN2Y/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3252-1 vom 2024-09-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019436.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3251-1 vom 2024-09-16",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019435.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3383-1 vom 2024-09-23",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-September/019497.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3483-1 vom 2024-09-29",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/2HO244EHQ65DPDJ2NOBAXLG7QYWSCUMA/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3483-1 vom 2024-09-29",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2HO244EHQ65DPDJ2NOBAXLG7QYWSCUMA/"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5782 vom 2024-10-03",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00195.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3912 vom 2024-10-07",
        "url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00003.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3551-1 vom 2024-10-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019562.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3553-1 vom 2024-10-08",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019560.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3551-1 vom 2024-10-08",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/Q7MIMQMCXNGMVS32KLTADYTPQCKF5HWU/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3566-1 vom 2024-10-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019578.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3569-1 vom 2024-10-09",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/6GBL67LQ3MUSYQCQRQH2AZH3XWILTO5A/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3564-1 vom 2024-10-09",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/R7FS3QARF7WUPH5GFL22NW3G3SDO2C7Z/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3559-1 vom 2024-10-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019575.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3561-1 vom 2024-10-09",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/LSUY4BSWS5WR46CHS4FPBIJIRLKHRDHV/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3591-1 vom 2024-10-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019587.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3587-1 vom 2024-10-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019588.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3592-1 vom 2024-10-10",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-October/019589.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12780 vom 2024-10-14",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12780.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12782 vom 2024-10-14",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12782.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7088-1 vom 2024-10-31",
        "url": "https://ubuntu.com/security/notices/USN-7088-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7088-2 vom 2024-11-04",
        "url": "https://ubuntu.com/security/notices/USN-7088-2"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8856 vom 2024-11-05",
        "url": "https://access.redhat.com/errata/RHSA-2024:8856"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:8870 vom 2024-11-05",
        "url": "https://access.redhat.com/errata/RHSA-2024:8870"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-8856 vom 2024-11-06",
        "url": "https://linux.oracle.com/errata/ELSA-2024-8856.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7088-3 vom 2024-11-06",
        "url": "https://ubuntu.com/security/notices/USN-7088-3"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:8870 vom 2024-11-08",
        "url": "https://errata.build.resf.org/RLSA-2024:8870"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7100-1 vom 2024-11-11",
        "url": "https://ubuntu.com/security/notices/USN-7100-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:9315 vom 2024-11-12",
        "url": "https://access.redhat.com/errata/RHSA-2024:9315"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7100-2 vom 2024-11-12",
        "url": "https://ubuntu.com/security/notices/USN-7100-2"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-12815 vom 2024-11-13",
        "url": "https://linux.oracle.com/errata/ELSA-2024-12815.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3986-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/CIC23R3UQSPF2K4P2CX54TPCX5T7KWQG/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3984-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/L52VEDNTEHWEPR56WZN4KZNMEUYGCJX6/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3985-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KB6DG7QR5KXDQRV57H4IY2TB2LW42K4S/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:3983-1 vom 2024-11-13",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/QUOFKELDJYP3JMHIXPCVKVI4REVXAKTX/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7088-5 vom 2024-11-14",
        "url": "https://ubuntu.com/security/notices/USN-7088-5"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7119-1 vom 2024-11-20",
        "url": "https://ubuntu.com/security/notices/USN-7119-1"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-7123-1 vom 2024-11-20",
        "url": "https://ubuntu.com/security/notices/USN-7123-1"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5818 vom 2024-11-24",
        "url": "https://lists.debian.org/debian-security-announce/2024/msg00233.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2024:4100-1 vom 2024-11-28",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-November/019864.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-11-28T23:00:00.000+00:00",
      "generator": {
        "date": "2024-11-29T09:09:21.047+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-1925",
      "initial_release_date": "2024-08-25T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-08-25T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-09-10T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-11T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-16T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-23T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-09-29T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-10-03T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-10-07T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-10-08T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-10-09T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-10-10T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-10-14T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-10-31T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-04T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Ubuntu und Red Hat aufgenommen"
        },
        {
          "date": "2024-11-05T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-11-10T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2024-11-11T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-12T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-13T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2024-11-14T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-19T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-20T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2024-11-24T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2024-11-28T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "24"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c6.11-rc3",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.11-rc3",
                  "product_id": "T036886"
                }
              },
              {
                "category": "product_version",
                "name": "6.11-rc3",
                "product": {
                  "name": "Open Source Linux Kernel 6.11-rc3",
                  "product_id": "T036886-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.11-rc3"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.19.320",
                "product": {
                  "name": "Open Source Linux Kernel \u003c4.19.320",
                  "product_id": "T037072"
                }
              },
              {
                "category": "product_version",
                "name": "4.19.320",
                "product": {
                  "name": "Open Source Linux Kernel 4.19.320",
                  "product_id": "T037072-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:4.19.320"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.4.282",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.4.282",
                  "product_id": "T037073"
                }
              },
              {
                "category": "product_version",
                "name": "5.4.282",
                "product": {
                  "name": "Open Source Linux Kernel 5.4.282",
                  "product_id": "T037073-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.4.282"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.10.224",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.10.224",
                  "product_id": "T037074"
                }
              },
              {
                "category": "product_version",
                "name": "5.10.224",
                "product": {
                  "name": "Open Source Linux Kernel 5.10.224",
                  "product_id": "T037074-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.10.224"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c5.15.165",
                "product": {
                  "name": "Open Source Linux Kernel \u003c5.15.165",
                  "product_id": "T037075"
                }
              },
              {
                "category": "product_version",
                "name": "5.15.165",
                "product": {
                  "name": "Open Source Linux Kernel 5.15.165",
                  "product_id": "T037075-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:5.15.165"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.1.105",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.1.105",
                  "product_id": "T037076"
                }
              },
              {
                "category": "product_version",
                "name": "6.1.105",
                "product": {
                  "name": "Open Source Linux Kernel 6.1.105",
                  "product_id": "T037076-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.1.105"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.10.5",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.10.5",
                  "product_id": "T037078"
                }
              },
              {
                "category": "product_version",
                "name": "6.10.5",
                "product": {
                  "name": "Open Source Linux Kernel 6.10.5",
                  "product_id": "T037078-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.10.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c6.6.47",
                "product": {
                  "name": "Open Source Linux Kernel \u003c6.6.47",
                  "product_id": "T037088"
                }
              },
              {
                "category": "product_version",
                "name": "6.6.47",
                "product": {
                  "name": "Open Source Linux Kernel 6.6.47",
                  "product_id": "T037088-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:6.6.47"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-43896",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43896"
    },
    {
      "cve": "CVE-2024-43898",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43898"
    },
    {
      "cve": "CVE-2024-43899",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43899"
    },
    {
      "cve": "CVE-2024-43900",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43900"
    },
    {
      "cve": "CVE-2024-43901",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43901"
    },
    {
      "cve": "CVE-2024-43902",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43902"
    },
    {
      "cve": "CVE-2024-43903",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43903"
    },
    {
      "cve": "CVE-2024-43904",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43904"
    },
    {
      "cve": "CVE-2024-43905",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43905"
    },
    {
      "cve": "CVE-2024-43906",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43906"
    },
    {
      "cve": "CVE-2024-43907",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43907"
    },
    {
      "cve": "CVE-2024-43908",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43908"
    },
    {
      "cve": "CVE-2024-43909",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43909"
    },
    {
      "cve": "CVE-2024-43910",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43910"
    },
    {
      "cve": "CVE-2024-43911",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43911"
    },
    {
      "cve": "CVE-2024-43912",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43912"
    },
    {
      "cve": "CVE-2024-43913",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43913"
    },
    {
      "cve": "CVE-2024-43914",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-43914"
    },
    {
      "cve": "CVE-2024-44931",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-44931"
    },
    {
      "cve": "CVE-2024-44932",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-44932"
    },
    {
      "cve": "CVE-2024-44933",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-44933"
    },
    {
      "cve": "CVE-2024-44934",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-44934"
    },
    {
      "cve": "CVE-2024-44935",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-44935"
    },
    {
      "cve": "CVE-2024-44936",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-44936"
    },
    {
      "cve": "CVE-2024-44937",
      "notes": [
        {
          "category": "description",
          "text": "Im Linux Kernel existieren mehrere Schwachstellen in verschiedenen Komponenten und Subsystemen wie den AMD Display-Treibern, wifi und anderen. Zu den Ursachen z\u00e4hlen unter anderem NULL-Pointer Dereferenzierungen, Use-After-Free und andere Fehler in der Speicherverwaltung. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um einen Denial-of-Service-Zustand zu erzeugen und um weitere, nicht beschriebene Auswirkungen zu erzielen."
        }
      ],
      "product_status": {
        "known_affected": [
          "67646",
          "T036886",
          "T004914",
          "T037088",
          "T032255",
          "T037078",
          "T037073",
          "T037074",
          "T037075",
          "T037076",
          "2951",
          "T002207",
          "T000126",
          "T037072"
        ]
      },
      "release_date": "2024-08-25T22:00:00.000+00:00",
      "title": "CVE-2024-44937"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-43900

Vulnerability from cvelistv5

ghsa-8j3f-9fhh-xf4c

Vulnerability from github

wid-sec-w-2024-1925

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature