Common Weakness Enumeration

CWE-668

Discouraged

Exposure of Resource to Wrong Sphere

Abstraction: Class · Status: Draft

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

1251 vulnerabilities reference this CWE, most recent first.

GHSA-X749-289Q-PG9Q

Vulnerability from github – Published: 2024-07-18 12:30 – Updated: 2025-03-14 18:30
VLAI
Details

A partial fix for  CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.

Users are recommended to upgrade to version 2.4.62, which fixes this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40725"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-18T10:15:02Z",
    "severity": "MODERATE"
  },
  "details": "A partial fix for\u00a0 CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.62, which fixes this issue.",
  "id": "GHSA-x749-289q-pg9q",
  "modified": "2025-03-14T18:30:41Z",
  "published": "2024-07-18T12:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40725"
    },
    {
      "type": "WEB",
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240808-0007"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X7V9-MPXR-PG87

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-07-13 00:01
VLAI
Details

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-31547"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-22T03:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.",
  "id": "GHSA-x7v9-mpxr-pg87",
  "modified": "2022-07-13T00:01:24Z",
  "published": "2022-05-24T17:48:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31547"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d"
    },
    {
      "type": "WEB",
      "url": "https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75"
    },
    {
      "type": "WEB",
      "url": "https://phabricator.wikimedia.org/T223654"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X84C-P2G9-RQV9

Vulnerability from github – Published: 2024-04-18 21:52 – Updated: 2024-04-19 16:19
VLAI
Summary
IPv6 enabled on IPv4-only network interfaces
Details

In 26.0.0 and 26.0.1, IPv6 is not disabled on network interfaces, including those belonging to networks where --ipv6=false.

Impact

A container with an ipvlan or macvlan interface will normally be configured to share an external network link with the host machine. Because of this direct access, with IPv6 enabled:

  • Containers may be able to communicate with other hosts on the local network over link-local IPv6 addresses.
  • If router advertisements are being broadcast over the local network, containers may get SLAAC-assigned addresses.
  • The interface will be a member of IPv6 multicast groups.

This means interfaces in IPv4-only networks present an unexpectedly and unnecessarily increased attack surface.

A container with an unexpected IPv6 address can do anything a container configured with an IPv6 address can do. That is, listen for connections on its IPv6 address, open connections to other nodes on the network over IPv6, or attempt a DoS attack by flooding packets from its IPv6 address. This has CVSS score AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L (2.7).

Because the container may not be constrained by an IPv6 firewall, there is increased potential for data exfiltration from the container. This has CVSS score AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (4.7).

A remote attacker could send malicious Router Advertisements to divert traffic to itself, a black-hole, or another device. The same attack is possible today for IPv4 macvlan/ipvlan endpoints with ARP spoofing, TLS is commonly used by Internet APIs to mitigate this risk. The presence of an IPv6 route could impact the container's availability by indirectly abusing the behaviour of software which behaves poorly in a dual-stack environment. For example, it could resolve a name to a DNS AAAA record and keep trying to connect over IPv6 without ever falling back to IPv4, potentially denying service to the container. This has CVSS score AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (4.5).

Patches

The issue is patched in 26.0.2.

Workarounds

To completely disable IPv6 in a container, use --sysctl=net.ipv6.conf.all.disable_ipv6=1 in the docker create or docker run command. Or, in the service configuration of a compose file, the equivalent:

        sysctls:
            - net.ipv6.conf.all.disable_ipv6=1

References

  • sysctl configuration using docker run:
  • https://docs.docker.com/reference/cli/docker/container/run/#sysctl
  • sysctl configuration using docker compose:
  • https://docs.docker.com/compose/compose-file/compose-file-v3/#sysctls
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/docker/docker"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "26.0.0"
            },
            {
              "fixed": "26.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-32473"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-18T21:52:08Z",
    "nvd_published_at": "2024-04-18T22:15:10Z",
    "severity": "MODERATE"
  },
  "details": "In 26.0.0 and 26.0.1, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`.\n\n### Impact\n\nA container with an `ipvlan` or `macvlan` interface will normally be configured to share an external network link with the host machine. Because of this direct access, with IPv6 enabled:\n\n- Containers may be able to communicate with other hosts on the local network over link-local IPv6 addresses.\n- If router advertisements are being broadcast over the local network, containers may get SLAAC-assigned addresses.\n- The interface  will be a member of IPv6 multicast groups.\n\nThis means interfaces in IPv4-only networks present an unexpectedly and unnecessarily increased attack surface.\n\nA container with an unexpected IPv6 address can do anything a container configured with an IPv6 address can do. That is, listen for connections on its IPv6 address, open connections to other nodes on the network over IPv6, or attempt a DoS attack by flooding packets from its IPv6 address. This has CVSS score AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L (2.7).\n\nBecause the container may not be constrained by an IPv6 firewall, there is increased potential for data exfiltration from the container. This has CVSS score AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (4.7).\n\nA remote attacker could send malicious Router Advertisements to divert traffic to itself, a black-hole, or another device. The same attack is possible today for IPv4 macvlan/ipvlan endpoints with ARP spoofing, TLS is commonly used by Internet APIs to mitigate this risk. The presence of an IPv6 route could impact the container\u0027s availability by indirectly abusing the behaviour of software which behaves poorly in a dual-stack environment. For example, it could resolve a name to a DNS AAAA record and keep trying to connect over IPv6 without ever falling back to IPv4, potentially denying service to the container. This has CVSS score AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H (4.5).\n\n### Patches\n\nThe issue is patched in 26.0.2.\n\n### Workarounds\n\nTo completely disable IPv6 in a container, use `--sysctl=net.ipv6.conf.all.disable_ipv6=1` in the `docker create` or `docker run` command. Or, in the service configuration of a `compose` file, the equivalent:\n\n```\n        sysctls:\n            - net.ipv6.conf.all.disable_ipv6=1\n```\n\n### References\n\n- sysctl configuration using `docker run`:\n  - https://docs.docker.com/reference/cli/docker/container/run/#sysctl\n- sysctl configuration using `docker compose`:\n  - https://docs.docker.com/compose/compose-file/compose-file-v3/#sysctls",
  "id": "GHSA-x84c-p2g9-rqv9",
  "modified": "2024-04-19T16:19:42Z",
  "published": "2024-04-18T21:52:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/moby/moby/security/advisories/GHSA-x84c-p2g9-rqv9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32473"
    },
    {
      "type": "WEB",
      "url": "https://github.com/moby/moby/commit/7cef0d9cd1cf221d8c0b7b7aeda69552649e0642"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moby/moby"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "IPv6 enabled on IPv4-only network interfaces"
}

GHSA-X8XX-X82Q-42Q3

Vulnerability from github – Published: 2022-02-19 00:01 – Updated: 2023-08-08 20:08
VLAI
Summary
Exposure of Resource to Wrong Sphere in ezsystems/ezplatform-kernel
Details

When image files are uploaded, they are made accessible under a name similar to the original file name. There are two issues with this. Both require access to uploading images in order to exploit them, this limits the impact. The first issue is that certain injection attacks can be possible, since not all possible attack vectors are removed from the original file name.

The second issue is that direct access to the images is not access controlled. This is by design, for performance reasons, and documented as such. But it does mean that images not meant to be publicly accessible can be accessed, provided that the image path and filename is correctly deduced and/or guessed, through dictionary attacks and similar.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "ezsystems/ezplatform-kernel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.3.0"
            },
            {
              "fixed": "1.3.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-25336"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-04T21:37:29Z",
    "nvd_published_at": "2022-02-18T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "When image files are uploaded, they are made accessible under a name similar to the original file name. There are two issues with this. Both require access to uploading images in order to exploit them, this limits the impact. The first issue is that certain injection attacks can be possible, since not all possible attack vectors are removed from the original file name.\n\nThe second issue is that direct access to the images is not access controlled. This is by design, for performance reasons, and documented as such. But it does mean that images not meant to be publicly accessible can be accessed, provided that the image path and filename is correctly deduced and/or guessed, through dictionary attacks and similar.",
  "id": "GHSA-x8xx-x82q-42q3",
  "modified": "2023-08-08T20:08:33Z",
  "published": "2022-02-19T00:01:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25336"
    },
    {
      "type": "WEB",
      "url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2022-001-image-filenames-sanitization"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/ezsystems/ezplatform-kernel"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Exposure of Resource to Wrong Sphere in ezsystems/ezplatform-kernel"
}

GHSA-X92G-6C25-C2JV

Vulnerability from github – Published: 2022-07-24 00:00 – Updated: 2022-07-28 00:00
VLAI
Details

Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1128"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-07-23T00:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.",
  "id": "GHSA-x92g-6c25-c2jv",
  "modified": "2022-07-28T00:00:41Z",
  "published": "2022-07-24T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1128"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/1301920"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-25"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X944-9RCX-936C

Vulnerability from github – Published: 2022-09-09 00:00 – Updated: 2022-09-14 00:00
VLAI
Details

IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22314"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-08T16:15:00Z",
    "severity": "LOW"
  },
  "details": "IBM Planning Analytics Local 2.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 217371.",
  "id": "GHSA-x944-9rcx-936c",
  "modified": "2022-09-14T00:00:46Z",
  "published": "2022-09-09T00:00:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22314"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/217371"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6615289"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X9CP-W29R-P2QW

Vulnerability from github – Published: 2022-05-24 19:17 – Updated: 2022-07-13 00:01
VLAI
Details

Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-27001"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-10-19T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode WORM data prior to the end of the retention period.",
  "id": "GHSA-x9cp-w29r-p2qw",
  "modified": "2022-07-13T00:01:12Z",
  "published": "2022-05-24T19:17:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27001"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20211018-0001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X9G8-86PV-45JG

Vulnerability from github – Published: 2022-12-12 06:30 – Updated: 2022-12-13 18:30
VLAI
Details

Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS's scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-31596"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-12T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Under certain conditions, an attacker authenticated as a CMS administrator and with high privileges access to the Network in SAP BusinessObjects Business Intelligence Platform (Monitoring DB) - version 430, can access BOE Monitoring database to retrieve and modify (non-personal) system data which would otherwise be restricted. Also, a potential attack could be used to leave the CMS\u0027s scope and impact the database. A successful attack could have a low impact on confidentiality, a high impact on integrity, and a low impact on availability.",
  "id": "GHSA-x9g8-86pv-45jg",
  "modified": "2022-12-13T18:30:26Z",
  "published": "2022-12-12T06:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31596"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/3213507"
    },
    {
      "type": "WEB",
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X9R7-CJM2-H6CP

Vulnerability from github – Published: 2022-01-02 00:00 – Updated: 2022-08-05 00:00
VLAI
Details

Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-44717"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-01T05:15:00Z",
    "severity": "HIGH"
  },
  "details": "Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.",
  "id": "GHSA-x9r7-cjm2-h6cp",
  "modified": "2022-08-05T00:00:27Z",
  "published": "2022-01-02T00:00:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44717"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/golang-announce/c/hcmEScgc00k"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X9RP-8J88-VH76

Vulnerability from github – Published: 2024-02-27 12:31 – Updated: 2024-04-10 18:30
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

binder: fix async_free_space accounting for empty parcels

In 4.13, commit 74310e06be4d ("android: binder: Move buffer out of area shared with user space") fixed a kernel structure visibility issue. As part of that patch, sizeof(void *) was used as the buffer size for 0-length data payloads so the driver could detect abusive clients sending 0-length asynchronous transactions to a server by enforcing limits on async_free_size.

Unfortunately, on the "free" side, the accounting of async_free_space did not add the sizeof(void *) back. The result was that up to 8-bytes of async_free_space were leaked on every async transaction of 8-bytes or less. These small transactions are uncommon, so this accounting issue has gone undetected for several years.

The fix is to use "buffer_size" (the allocated buffer size) instead of "size" (the logical buffer size) when updating the async_free_space during the free operation. These are the same except for this corner case of asynchronous transactions with payloads < 8 bytes.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-46935"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-27T10:15:07Z",
    "severity": "MODERATE"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nbinder: fix async_free_space accounting for empty parcels\n\nIn 4.13, commit 74310e06be4d (\"android: binder: Move buffer out of area shared with user space\")\nfixed a kernel structure visibility issue. As part of that patch,\nsizeof(void *) was used as the buffer size for 0-length data payloads so\nthe driver could detect abusive clients sending 0-length asynchronous\ntransactions to a server by enforcing limits on async_free_size.\n\nUnfortunately, on the \"free\" side, the accounting of async_free_space\ndid not add the sizeof(void *) back. The result was that up to 8-bytes of\nasync_free_space were leaked on every async transaction of 8-bytes or\nless.  These small transactions are uncommon, so this accounting issue\nhas gone undetected for several years.\n\nThe fix is to use \"buffer_size\" (the allocated buffer size) instead of\n\"size\" (the logical buffer size) when updating the async_free_space\nduring the free operation. These are the same except for this\ncorner case of asynchronous transactions with payloads \u003c 8 bytes.",
  "id": "GHSA-x9rp-8j88-vh76",
  "modified": "2024-04-10T18:30:47Z",
  "published": "2024-02-27T12:31:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46935"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/103b16a8c51f96d5fe063022869ea906c256e5da"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/17691bada6b2f1d5f1c0f6d28cd9d0727023b0ff"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/1cb8444f3114f0bb2f6e3bcadcf09aa4a28425d4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2d2df539d05205fd83c404d5f2dff48d36f9b495"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/7c7064402609aeb6fb11be1b4ec10673ff17b593"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cfd0d84ba28c18b531648c9d4a35ecca89ad9901"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.