All the vulnerabilites related to Linux - Linux Kernel
cve-2023-0459
Vulnerability from cvelistv5
Published
2023-05-25 13:22
Modified
2024-09-26 18:39
Severity ?
EPSS score ?
Summary
Copy_from_user Spectre-V1 Gadget in Linux Kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 4b842e4e25b12951fa10dedb4bc16bc47e3b850c |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:56.155Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-0459", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T18:39:01.829060Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T18:39:17.009Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "platforms": [ "64 bit" ], "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "74e19ef0ff8061ef55957c3abd71614ef0f42f47", "status": "affected", "version": "4b842e4e25b12951fa10dedb4bc16bc47e3b850c", "versionType": "git" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit\u0026nbsp;74e19ef0ff8061ef55957c3abd71614ef0f42f47" } ], "value": "Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit\u00a074e19ef0ff8061ef55957c3abd71614ef0f42f47" } ], "impacts": [ { "capecId": "CAPEC-129", "descriptions": [ { "lang": "en", "value": "CAPEC-129 Pointer Manipulation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-763", "description": "CWE-763 Release of Invalid Pointer or Reference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-25T13:22:38.338Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/4b842e4e25b12951fa10dedb4bc16bc47e3b850c" }, { "url": "https://github.com/torvalds/linux/commit/74e19ef0ff8061ef55957c3abd71614ef0f42f47" } ], "source": { "discovery": "UNKNOWN" }, "title": "Copy_from_user Spectre-V1 Gadget in Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-0459", "datePublished": "2023-05-25T13:22:38.338Z", "dateReserved": "2023-01-24T09:43:39.956Z", "dateUpdated": "2024-09-26T18:39:17.009Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1829
Vulnerability from cvelistv5
Published
2023-04-12 11:16
Modified
2024-08-02 06:05
Severity ?
EPSS score ?
Summary
Use-after-free in tcindex (traffic control index filter) in the Linux Kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 3.8 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:05:26.153Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c710f75256bb3cf05ac7b1672c82b92c43f3d28" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#8c710f75256bb3cf05ac7b1672c82b92c43f3d28" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230601-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.2", "status": "affected", "version": "3.8", "versionType": "custom" } ] } ], "datePublic": "2023-02-16T08:27:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecan be exploited to achieve local privilege escalation\u003c/span\u003e.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure.\u0026nbsp;\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eA local attacker user can use this vulnerability to elevate its privileges to root.\u003cbr\u003e\u003c/span\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWe recommend upgrading past commit \u003c/span\u003e \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c710f75256bb3cf05ac7b1672c82b92c43f3d28\"\u003e8c710f75256bb3cf05ac7b1672c82b92c43f3d28\u003c/a\u003e.\u003c/p\u003e" } ], "value": "A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation.\u00a0The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure.\u00a0A local attacker user can use this vulnerability to elevate its privileges to root.\nWe recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-12T11:37:42.774Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c710f75256bb3cf05ac7b1672c82b92c43f3d28" }, { "url": "https://kernel.dance/#8c710f75256bb3cf05ac7b1672c82b92c43f3d28" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230601-0001/" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in tcindex (traffic control index filter) in the Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-1829", "datePublished": "2023-04-12T11:16:59.101Z", "dateReserved": "2023-04-04T10:32:43.055Z", "dateUpdated": "2024-08-02T06:05:26.153Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35001
Vulnerability from cvelistv5
Published
2023-07-05 18:35
Modified
2024-08-02 16:17
Severity ?
EPSS score ?
Summary
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: v3.13-rc1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:17:04.253Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/" }, { "tags": [ "mailing-list", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/07/05/3" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/05/3" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5453" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230824-0007/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "Linux" ], "product": "Linux Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "v3.13-rc1" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Tanguy Dubroca" } ], "datePublic": "2023-07-05T12:15:00.000Z", "descriptions": [ { "lang": "en", "value": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-05T18:35:17.785Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "issue-tracking" ], "url": "https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/" }, { "tags": [ "mailing-list" ], "url": "https://www.openwall.com/lists/oss-security/2023/07/05/3" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/05/3" }, { "url": "https://www.debian.org/security/2023/dsa-5453" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/" }, { "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230824-0007/" }, { "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability" } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2023-35001", "datePublished": "2023-07-05T18:35:17.785Z", "dateReserved": "2023-06-29T21:43:35.036Z", "dateUpdated": "2024-08-02T16:17:04.253Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0266
Vulnerability from cvelistv5
Published
2023-01-30 13:09
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 4.14 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:02:44.150Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/becf9e5d553c2389d857a3c178ce80fdb34a02e1" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055e" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "ALSA pcm", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "56b88b50565cd8b946a2d00b0c83927b7ebb055e", "status": "affected", "version": "4.14", "versionType": "git" } ] } ], "datePublic": "2023-01-13T00:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit\u0026nbsp;56b88b50565cd8b946a2d00b0c83927b7ebb055e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel.\u00a0SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit\u00a056b88b50565cd8b946a2d00b0c83927b7ebb055e\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-30T13:09:32.141Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/becf9e5d553c2389d857a3c178ce80fdb34a02e1" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4" }, { "url": "https://github.com/torvalds/linux/commit/56b88b50565cd8b946a2d00b0c83927b7ebb055e" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-0266", "datePublished": "2023-01-30T13:09:32.141Z", "dateReserved": "2023-01-13T07:58:13.390Z", "dateUpdated": "2024-08-02T05:02:44.150Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1872
Vulnerability from cvelistv5
Published
2023-04-12 15:40
Modified
2024-08-02 06:05
Severity ?
EPSS score ?
Summary
Use-after-free in Linux kernel's io_uring subsystem
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 5.7 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:05:26.723Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=08681391b84da27133deefaaddefd0acfa90c2be" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=da24142b1ef9fd5d36b76e36bab328a5b27523e8" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230601-0002/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.17", "status": "affected", "version": "5.7", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bing-Jhong Billy Jheng of Starlabs" } ], "datePublic": "2023-03-03T10:45:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation.\u003c/p\u003e\u003cp\u003eThe io_file_get_fixed function lacks the presence of ctx-\u0026gt;uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered.\u003c/p\u003e\u003cp\u003eWe recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.\u003c/p\u003e" } ], "value": "A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation.\n\nThe io_file_get_fixed function lacks the presence of ctx-\u003euring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered.\n\nWe recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-12T15:40:42.386Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=08681391b84da27133deefaaddefd0acfa90c2be" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=da24142b1ef9fd5d36b76e36bab328a5b27523e8" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230601-0002/" }, { "url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s io_uring subsystem", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-1872", "datePublished": "2023-04-12T15:40:42.386Z", "dateReserved": "2023-04-05T13:26:00.875Z", "dateUpdated": "2024-08-02T06:05:26.723Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-4696
Vulnerability from cvelistv5
Published
2023-01-11 12:33
Modified
2024-08-03 01:48
Severity ?
EPSS score ?
Summary
There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 5.7-rc1 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:48:40.470Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230223-0003/" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#75454b4bbfc7e6a4dd8338556f36ea9107ddf61a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=75454b4bbfc7e6a4dd8338556f36ea9107ddf61a" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThanOrEqual": "5.10.159", "status": "affected", "version": "5.7-rc1", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-4696", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-01T13:26:32.245783Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T13:27:43.575Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.10.159", "status": "affected", "version": "5.7-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bing-Jhong Billy Jheng of Starlabs" } ], "datePublic": "2022-12-15T05:43:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There exists a use-after-free vulnerability in the Linux kernel through io_uring and the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIORING_OP_SPLICE operation. If\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIORING_OP_SPLICE is\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emissing the IO_WQ_WORK_FILES flag, which signals that the operation won\u0027t use current-\u0026gt;nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current-\u0026gt;nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "There exists a use-after-free vulnerability in the Linux kernel through io_uring and the\u00a0IORING_OP_SPLICE operation. If\u00a0IORING_OP_SPLICE is\u00a0missing the IO_WQ_WORK_FILES flag, which signals that the operation won\u0027t use current-\u003ensproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current-\u003ensproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above\n" } ], "impacts": [ { "capecId": "CAPEC-251", "descriptions": [ { "lang": "en", "value": "CAPEC-251 Local Code Inclusion" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-763", "description": "CWE-763 Release of Invalid Pointer or Reference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-11T12:33:41.024Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://kernel.dance/#75454b4bbfc7e6a4dd8338556f36ea9107ddf61a" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y\u0026id=75454b4bbfc7e6a4dd8338556f36ea9107ddf61a" } ], "source": { "discovery": "EXTERNAL" }, "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-4696", "datePublished": "2023-01-11T12:33:41.024Z", "dateReserved": "2022-12-23T13:11:04.948Z", "dateUpdated": "2024-08-03T01:48:40.470Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-22386
Vulnerability from cvelistv5
Published
2024-02-05 07:21
Modified
2024-08-01 22:43
Severity ?
EPSS score ?
Summary
Race condition vulnerability in Linux kernel drm/exynos exynos_drm_crtc_atomic_disable
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: v4.11-rc1 < v6.6-rc1 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-22386", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-28T17:06:57.037858Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-28T17:07:05.173Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:43:34.688Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8147" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://kernel.org/", "defaultStatus": "unaffected", "modules": [ "drm", "exynos" ], "packageName": "kernel", "platforms": [ "Linux", "x86", "ARM" ], "product": "Linux kernel", "programFiles": [ "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/drivers/gpu/drm/exynos/exynos_drm_crtc.c" ], "repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "versions": [ { "lessThan": "v6.6-rc1", "status": "affected", "version": "v4.11-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA race condition was found in the Linux kernel\u0027s drm/exynos device driver in\u0026nbsp;exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edenial of service issue\u003c/span\u003e.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e" } ], "value": "A race condition was found in the Linux kernel\u0027s drm/exynos device driver in\u00a0exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n" } ], "impacts": [ { "capecId": "CAPEC-26", "descriptions": [ { "lang": "en", "value": "CAPEC-26 Leveraging Race Conditions" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-05T07:21:20.819Z", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8147" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=2e63972a2de14482d0eae1a03a73e379f1c3f44c\"\u003ehttps://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=2e63972a2de14482d0eae...\u003c/a\u003e\u003cbr\u003e" } ], "value": " https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=2e63972a2de14482d0eae... https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/ \n" } ], "source": { "discovery": "UNKNOWN" }, "title": "Race condition vulnerability in Linux kernel drm/exynos exynos_drm_crtc_atomic_disable", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2024-22386", "datePublished": "2024-02-05T07:21:20.819Z", "dateReserved": "2024-01-15T09:44:45.540Z", "dateUpdated": "2024-08-01T22:43:34.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3491
Vulnerability from cvelistv5
Published
2021-06-04 01:40
Modified
2024-09-16 22:09
Severity ?
EPSS score ?
Summary
Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass
References
▼ | URL | Tags |
---|---|---|
https://ubuntu.com/security/notices/USN-4950-1 | vendor-advisory, x_refsource_UBUNTU | |
https://ubuntu.com/security/notices/USN-4949-1 | vendor-advisory, x_refsource_UBUNTU | |
https://www.openwall.com/lists/oss-security/2021/05/11/13 | mailing-list, x_refsource_MLIST | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-589/ | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210716-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: trunk < v5.13-rc4 Version: linux-5.12.y < v5.12.4 Version: linux-5.11.y < v5.11.21 Version: linux-5.10.y < v5.10.37 Version: v5.7-rc1 < 5.7* |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:53:17.728Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-4950-1" }, { "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-4949-1" }, { "name": "[oss-security] CVE-2021-3491 - Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2021/05/11/13" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-589/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210716-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel", "vendor": "Linux", "versions": [ { "lessThan": "v5.13-rc4", "status": "affected", "version": "trunk", "versionType": "custom" }, { "lessThan": "v5.12.4", "status": "affected", "version": "linux-5.12.y", "versionType": "custom" }, { "lessThan": "v5.11.21", "status": "affected", "version": "linux-5.11.y", "versionType": "custom" }, { "lessThan": "v5.10.37", "status": "affected", "version": "linux-5.10.y", "versionType": "custom" }, { "lessThan": "5.7*", "status": "affected", "version": "v5.7-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Billy Jheng Bing-Jhong (@st424204) of STAR Labs working with Trend Micro\u0027s Zero Day Initiative" } ], "datePublic": "2021-05-11T00:00:00", "descriptions": [ { "lang": "en", "value": "The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/\u003cPID\u003e/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b (\"io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers\") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c (\"io_uring: add IORING_OP_PROVIDE_BUFFERS\") (v5.7-rc1)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-131", "description": "CWE-131 Incorrect Calculation of Buffer Size", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-16T10:06:31", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://ubuntu.com/security/notices/USN-4950-1" }, { "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://ubuntu.com/security/notices/USN-4949-1" }, { "name": "[oss-security] CVE-2021-3491 - Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://www.openwall.com/lists/oss-security/2021/05/11/13" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-589/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210716-0004/" } ], "source": { "discovery": "EXTERNAL" }, "title": "Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2021-05-11 17:00:00 +0000", "ID": "CVE-2021-3491", "STATE": "PUBLIC", "TITLE": "Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux kernel", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "trunk", "version_value": "v5.13-rc4" }, { "version_affected": "\u003c", "version_name": "linux-5.12.y", "version_value": "v5.12.4" }, { "version_affected": "\u003c", "version_name": "linux-5.11.y", "version_value": "v5.11.21" }, { "version_affected": "\u003c", "version_name": "linux-5.10.y", "version_value": "v5.10.37" }, { "version_affected": "\u003e=", "version_name": "5.7", "version_value": "v5.7-rc1" } ] } } ] }, "vendor_name": "Linux" } ] } }, "credit": [ { "lang": "eng", "value": "Billy Jheng Bing-Jhong (@st424204) of STAR Labs working with Trend Micro\u0027s Zero Day Initiative" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/\u003cPID\u003e/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b (\"io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers\") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c (\"io_uring: add IORING_OP_PROVIDE_BUFFERS\") (v5.7-rc1)." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-131 Incorrect Calculation of Buffer Size" } ] } ] }, "references": { "reference_data": [ { "name": "https://ubuntu.com/security/notices/USN-4950-1", "refsource": "UBUNTU", "url": "https://ubuntu.com/security/notices/USN-4950-1" }, { "name": "https://ubuntu.com/security/notices/USN-4949-1", "refsource": "UBUNTU", "url": "https://ubuntu.com/security/notices/USN-4949-1" }, { "name": "[oss-security] CVE-2021-3491 - Linux kernel io_uring PROVIDE_BUFFERS MAX_RW_COUNT bypass", "refsource": "MLIST", "url": "https://www.openwall.com/lists/oss-security/2021/05/11/13" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d1f82808877bb10d3deee7cf3374a4eb3fb582db" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-589/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-589/" }, { "name": "https://security.netapp.com/advisory/ntap-20210716-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210716-0004/" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2021-3491", "datePublished": "2021-06-04T01:40:20.936072Z", "dateReserved": "2021-04-09T00:00:00", "dateUpdated": "2024-09-16T22:09:25.883Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0458
Vulnerability from cvelistv5
Published
2023-04-26 18:03
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Spectre V1 Gadget in do_prlimit in the Linux Kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:56.346Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/kernel/sys.c?id=v6.1.8\u0026id2=v6.1.7" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.1.8", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "datePublic": "2023-01-21T20:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the \u0027rlim\u0027 variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit\u0026nbsp;739790605705ddcf18f21782b9c99ad7d53a8c11" } ], "value": "A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the \u0027rlim\u0027 variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit\u00a0739790605705ddcf18f21782b9c99ad7d53a8c11" } ], "impacts": [ { "capecId": "CAPEC-129", "descriptions": [ { "lang": "en", "value": "CAPEC-129 Pointer Manipulation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-26T18:03:11.815Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/diff/kernel/sys.c?id=v6.1.8\u0026id2=v6.1.7" }, { "url": "https://github.com/torvalds/linux/commit/739790605705ddcf18f21782b9c99ad7d53a8c11" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "source": { "discovery": "INTERNAL" }, "title": "Spectre V1 Gadget in do_prlimit in the Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-0458", "datePublished": "2023-04-26T18:03:11.815Z", "dateReserved": "2023-01-24T09:43:28.025Z", "dateUpdated": "2024-08-02T05:10:56.346Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1295
Vulnerability from cvelistv5
Published
2023-06-28 11:08
Modified
2024-08-02 05:41
Severity ?
EPSS score ?
Summary
Privilege escalation with IO_RING_OP_CLOSE in the Linux Kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 5.6 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:41:00.047Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9eac1904d3364254d622bf2c771c4f85cd435fc2" }, { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=788d0824269bef539fe31a785b1517882eafed93" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/9eac1904d3364254d622bf2c771c4f85cd435fc2" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/788d0824269bef539fe31a785b1517882eafed93" }, { "tags": [ "related", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230731-0006/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux Kernel", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.11", "status": "affected", "version": "5.6", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bing-Jhong Billy Jheng of Starlabs" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A time-of-check to time-of-use issue exists in io_uring subsystem\u0027s IORING_OP_CLOSE operation in the Linux kernel\u0027s versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93." } ], "value": "A time-of-check to time-of-use issue exists in io_uring subsystem\u0027s IORING_OP_CLOSE operation in the Linux kernel\u0027s versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93." } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-28T11:13:07.332Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9eac1904d3364254d622bf2c771c4f85cd435fc2" }, { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=788d0824269bef539fe31a785b1517882eafed93" }, { "url": "https://kernel.dance/9eac1904d3364254d622bf2c771c4f85cd435fc2" }, { "url": "https://kernel.dance/788d0824269bef539fe31a785b1517882eafed93" }, { "tags": [ "related" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb" }, { "url": "https://security.netapp.com/advisory/ntap-20230731-0006/" } ], "source": { "discovery": "UNKNOWN" }, "title": "Privilege escalation with IO_RING_OP_CLOSE in the Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-1295", "datePublished": "2023-06-28T11:08:54.348Z", "dateReserved": "2023-03-09T18:05:20.028Z", "dateUpdated": "2024-08-02T05:41:00.047Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42896
Vulnerability from cvelistv5
Published
2022-11-23 14:11
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
Info Leak in l2cap_core in the Linux Kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 3.0.0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.444Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#711f8c3fb3db61897080468586b970c87c61d9e4" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "711f8c3fb3db61897080468586b970c87c61d9e4", "status": "affected", "version": "3.0.0", "versionType": "custom" } ] } ], "datePublic": "2022-11-02T23:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere are use-after-free vulnerabilities in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003eWe recommend upgrading past commit\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.google.com/url?q=https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\u0026amp;sa=D\u0026amp;source=buganizer\u0026amp;usg=AOvVaw1MgsfyPTiSrqqs3LAs-ZRS\"\u003e\u003c/a\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.google.com/url?q=https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\u0026amp;sa=D\u0026amp;source=buganizer\u0026amp;usg=AOvVaw22K1DH0yRHxuiaUXy9_wmV\"\u003ehttps://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "There are use-after-free vulnerabilities in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_connect and l2cap_le_connect_req functions which may allow code execution and leaking kernel memory (respectively) remotely via Bluetooth.\u00a0A remote attacker could execute code leaking kernel memory via Bluetooth if within proximity of the victim.\n\nWe recommend upgrading past commit\u00a0 https://www.google.com/url https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 https://www.google.com/url \n\n" } ], "impacts": [ { "capecId": "CAPEC-253", "descriptions": [ { "lang": "en", "value": "CAPEC-253 Remote Code Inclusion" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-23T14:13:44.351Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4" }, { "url": "https://kernel.dance/#711f8c3fb3db61897080468586b970c87c61d9e4" } ], "source": { "discovery": "EXTERNAL" }, "title": "Info Leak in l2cap_core in the Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-42896", "datePublished": "2022-11-23T14:11:56.811Z", "dateReserved": "2022-10-12T18:30:19.769Z", "dateUpdated": "2024-08-03T13:19:05.444Z", "requesterUserId": "ed9b5bb2-2df1-4aa3-9791-5fb260d88e62", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-11478
Vulnerability from cvelistv5
Published
2019-06-18 23:34
Modified
2024-09-16 23:45
Severity ?
EPSS score ?
Summary
SACK can cause extensive memory use via fragmented resend queue
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: 4.4 < 4.4.182 Version: 4.9 < 4.9.182 Version: 4.14 < 4.14.127 Version: 4.19 < 4.19.52 Version: 5.1 < 5.1.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:55:40.767Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#905115", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/905115" }, { "name": "RHSA-2019:1594", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "name": "RHSA-2019:1602", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "name": "RHSA-2019:1699", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "name": "20190722 [SECURITY] [DSA 4484-1] linux security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred" ], "url": "https://seclists.org/bugtraq/2019/Jul/30" }, { "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K26618426" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel", "vendor": "Linux", "versions": [ { "lessThan": "4.4.182", "status": "affected", "version": "4.4", "versionType": "custom" }, { "lessThan": "4.9.182", "status": "affected", "version": "4.9", "versionType": "custom" }, { "lessThan": "4.14.127", "status": "affected", "version": "4.14", "versionType": "custom" }, { "lessThan": "4.19.52", "status": "affected", "version": "4.19", "versionType": "custom" }, { "lessThan": "5.1.11", "status": "affected", "version": "5.1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Jonathan Looney from Netflix" } ], "datePublic": "2019-06-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-20T21:14:56", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "name": "VU#905115", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://www.kb.cert.org/vuls/id/905115" }, { "name": "RHSA-2019:1594", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "name": "RHSA-2019:1602", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "name": "RHSA-2019:1699", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "name": "20190722 [SECURITY] [DSA 4484-1] linux security update", "tags": [ "mailing-list", "x_refsource_BUGTRAQ" ], "url": "https://seclists.org/bugtraq/2019/Jul/30" }, { "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "tags": [ "x_refsource_MISC" ], "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K26618426" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html" } ], "source": { "advisory": "https://usn.ubuntu.com/4017-1", "defect": [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831638" ], "discovery": "UNKNOWN" }, "title": "SACK can cause extensive memory use via fragmented resend queue", "x_generator": { "engine": "Vulnogram 0.0.7" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", "ID": "CVE-2019-11478", "STATE": "PUBLIC", "TITLE": "SACK can cause extensive memory use via fragmented resend queue" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux kernel", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "4.4", "version_value": "4.4.182" }, { "version_affected": "\u003c", "version_name": "4.9", "version_value": "4.9.182" }, { "version_affected": "\u003c", "version_name": "4.14", "version_value": "4.14.127" }, { "version_affected": "\u003c", "version_name": "4.19", "version_value": "4.19.52" }, { "version_affected": "\u003c", "version_name": "5.1", "version_value": "5.1.11" } ] } } ] }, "vendor_name": "Linux" } ] } }, "credit": [ { "lang": "eng", "value": "Jonathan Looney from Netflix" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e." } ] }, "generator": { "engine": "Vulnogram 0.0.7" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-770 Allocation of Resources Without Limits or Throttling" } ] } ] }, "references": { "reference_data": [ { "name": "VU#905115", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/905115" }, { "name": "RHSA-2019:1594", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "name": "RHSA-2019:1602", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "name": "RHSA-2019:1699", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "name": "20190722 [SECURITY] [DSA 4484-1] linux security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jul/30" }, { "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" }, { "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", "refsource": "MISC", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", "refsource": "MISC", "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "name": "https://access.redhat.com/security/vulnerabilities/tcpsack", "refsource": "MISC", "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", "refsource": "CONFIRM", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_28", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "name": "https://security.netapp.com/advisory/ntap-20190625-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e" }, { "name": "https://support.f5.com/csp/article/K26618426", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K26618426" }, { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007" }, { "name": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html" } ] }, "source": { "advisory": "https://usn.ubuntu.com/4017-1", "defect": [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831638" ], "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2019-11478", "datePublished": "2019-06-18T23:34:51.077803Z", "dateReserved": "2019-04-23T00:00:00", "dateUpdated": "2024-09-16T23:45:54.779Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0045
Vulnerability from cvelistv5
Published
2023-04-25 22:44
Modified
2024-08-02 04:54
Severity ?
EPSS score ?
Summary
Incorrect indirect branch prediction barrier in the Linux Kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 9137bb27e60e |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T04:54:32.575Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230714-0001/" }, { "tags": [ "x_transferred" ], "url": "https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "a664ec9158eeddd75121d39c9a0758016097fa96", "status": "affected", "version": "9137bb27e60e", "versionType": "git" } ] } ], "datePublic": "2023-01-02T23:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set \u0026nbsp;function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. \u0026nbsp;The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eWe recommend upgrading past commit\u0026nbsp;a664ec9158eeddd75121d39c9a0758016097fa96\u003cbr\u003e\u003cbr\u003e" } ], "value": "The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set \u00a0function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. \u00a0The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\n\nWe recommend upgrading past commit\u00a0a664ec9158eeddd75121d39c9a0758016097fa96\n\n" } ], "impacts": [ { "capecId": "CAPEC-131", "descriptions": [ { "lang": "en", "value": "CAPEC-131 Resource Leak Exposure" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-610", "description": "CWE-610 Externally Controlled Reference to a Resource in Another Sphere", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-25T22:44:57.262Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://git.kernel.org/tip/a664ec9158eeddd75121d39c9a0758016097fa96" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230714-0001/" }, { "url": "https://github.com/google/security-research/security/advisories/GHSA-9x5g-vmxf-4qj8" } ], "source": { "discovery": "EXTERNAL" }, "title": "Incorrect indirect branch prediction barrier in the Linux Kernel ", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-0045", "datePublished": "2023-04-25T22:44:57.262Z", "dateReserved": "2023-01-04T10:07:20.469Z", "dateUpdated": "2024-08-02T04:54:32.575Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1281
Vulnerability from cvelistv5
Published
2023-03-22 13:18
Modified
2024-08-02 05:40
Severity ?
EPSS score ?
Summary
UAF in Linux kernel's tcindex (traffic control index filter) implementation
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 4.14 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:40:59.846Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee059170b1f7e94e55fa6cadee544e176a6e59c2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/04/11/3" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230427-0004/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "6.2", "status": "affected", "version": "4.14", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "valis" } ], "datePublic": "2023-02-09T15:37:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when \u0027tcf_exts_exec()\u0027 is called with the destroyed tcf_ext.\u003c/span\u003e\u0026nbsp;\u003cspan style=\"background-color: var(--wht);\"\u003eA local attacker user can use this vulnerability to elevate its privileges to root.\u003cbr\u003e\u003c/span\u003e\u003cp\u003eThis issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.\u003c/p\u003e" } ], "value": "Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation.\u00a0The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when \u0027tcf_exts_exec()\u0027 is called with the destroyed tcf_ext.\u00a0A local attacker user can use this vulnerability to elevate its privileges to root.\nThis issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-03-22T13:18:55.460Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee059170b1f7e94e55fa6cadee544e176a6e59c2" }, { "url": "http://www.openwall.com/lists/oss-security/2023/04/11/3" }, { "url": "https://security.netapp.com/advisory/ntap-20230427-0004/" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "UAF in Linux kernel\u0027s tcindex (traffic control index filter) implementation", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-1281", "datePublished": "2023-03-22T13:18:55.460Z", "dateReserved": "2023-03-08T20:18:23.204Z", "dateUpdated": "2024-08-02T05:40:59.846Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-24857
Vulnerability from cvelistv5
Published
2024-02-05 07:31
Modified
2024-08-01 23:28
Severity ?
EPSS score ?
Summary
Race condition vulnerability in Linux kernel bluetooth in conn_info_{min,max}_age_set()
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: v4.0-rc1 < v6.8-rc2 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-24857", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-21T19:29:31.571479Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:43:34.885Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:28:12.866Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8155" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "bluetooth" ], "packageName": "kernel", "platforms": [ "Linux", "x86", "ARM" ], "product": "Linux kernel", "programFiles": [ "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/hci_debugfs.c" ], "repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "versions": [ { "lessThan": "v6.8-rc2", "status": "affected", "version": "v4.0-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.\u003c/p\u003e\n\n\n" } ], "value": "A race condition was found in the Linux kernel\u0027s net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.\n\n\n\n\n" } ], "impacts": [ { "capecId": "CAPEC-26", "descriptions": [ { "lang": "en", "value": "CAPEC-26 Leveraging Race Conditions" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-05T07:31:31.308Z", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8155" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://lore.kernel.org/lkml/20231222162310.6461-1-2045gemini@gmail.com/T/\"\u003ehttps://lore.kernel.org/lkml/20231222162310.6461-1-2045gemini@gmail.com/T/\u003c/a\u003e\u003cbr\u003e" } ], "value": " https://lore.kernel.org/lkml/20231222162310.6461-1-2045gemini@gmail.com/T/ https://lore.kernel.org/lkml/20231222162310.6461-1-2045gemini@gmail.com/T/ \n" } ], "source": { "discovery": "UNKNOWN" }, "title": "Race condition vulnerability in Linux kernel bluetooth in conn_info_{min,max}_age_set()", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2024-24857", "datePublished": "2024-02-05T07:31:31.308Z", "dateReserved": "2024-02-01T09:11:56.214Z", "dateUpdated": "2024-08-01T23:28:12.866Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-23307
Vulnerability from cvelistv5
Published
2024-01-25 06:59
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
Integer overflow in raid5_cache_count in Linux kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: v4.1-rc1 < v6.8-rc1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T22:59:32.237Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7975" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://mirrors.openanolis.cn/anolis/", "defaultStatus": "unaffected", "modules": [ "md", "raid", "raid5" ], "packageName": "kernel", "platforms": [ "Linux", "x86", "ARM" ], "product": "Linux kernel", "programFiles": [ "https://gitee.com/anolis/cloud-kernel/blob/devel-4.19/drivers/md/raid5.c" ], "repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "versions": [ { "lessThan": "v6.8-rc1", "status": "affected", "version": "v4.1-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Gui-Dong Han \u003c2045gemini@gmail.com\u003e" } ], "datePublic": "2024-01-19T02:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow." } ], "value": "Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow." } ], "impacts": [ { "capecId": "CAPEC-92", "descriptions": [ { "lang": "en", "value": "CAPEC-92 Forced Integer Overflow" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T06:59:37.190Z", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7975" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://patchwork.kernel.org/project/linux-raid/patch/20240112071017.16313-1-2045gemini@gmail.com/\"\u003ehttps://patchwork.kernel.org/project/linux-raid/patch/20240112071017.16313-1-2045gemini@gmail.com/\u003c/a\u003e" } ], "value": " https://patchwork.kernel.org/project/linux-raid/patch/20240112071017.16313-1-2045gemini@gmail.com/ https://patchwork.kernel.org/project/linux-raid/patch/20240112071017.16313-1-2045gemini@gmail.com/ " } ], "source": { "discovery": "INTERNAL" }, "title": "Integer overflow in raid5_cache_count in Linux kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2024-23307", "datePublished": "2024-01-25T06:59:37.190Z", "dateReserved": "2024-01-15T09:44:45.516Z", "dateUpdated": "2024-08-01T22:59:32.237Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2235
Vulnerability from cvelistv5
Published
2023-05-01 12:51
Modified
2024-08-02 06:19
Severity ?
EPSS score ?
Summary
Use-after-free in Linux kernel's Performance Events subsystem
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 5.13 < 6.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:19:13.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230609-0002/" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd0815f632c24878e325821943edccc7fde947a2" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/fd0815f632c24878e325821943edccc7fde947a2" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.3", "status": "affected", "version": "5.13", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Budimir Markovic" } ], "datePublic": "2023-03-15T20:49:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.\u003c/p\u003e\u003cp\u003eThe perf_group_detach function did not check the event\u0027s siblings\u0027 attach_state before calling add_event_to_groups(), but\u0026nbsp;remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.\u003c/p\u003e\u003cp\u003eWe recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.\u003c/p\u003e" } ], "value": "A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.\n\nThe perf_group_detach function did not check the event\u0027s siblings\u0027 attach_state before calling add_event_to_groups(), but\u00a0remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.\n\nWe recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-28T20:02:44.896Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd0815f632c24878e325821943edccc7fde947a2" }, { "url": "https://kernel.dance/fd0815f632c24878e325821943edccc7fde947a2" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s Performance Events subsystem", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-2235", "datePublished": "2023-05-01T12:51:25.433Z", "dateReserved": "2023-04-21T17:43:15.944Z", "dateUpdated": "2024-08-02T06:19:13.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3489
Vulnerability from cvelistv5
Published
2021-06-04 01:40
Modified
2024-09-16 20:21
Severity ?
EPSS score ?
Summary
Linux kernel eBPF RINGBUF map oversized allocation
References
▼ | URL | Tags |
---|---|---|
https://www.openwall.com/lists/oss-security/2021/05/11/10 | mailing-list, x_refsource_MLIST | |
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-590/ | x_refsource_MISC | |
https://ubuntu.com/security/notices/USN-4950-1 | vendor-advisory, x_refsource_UBUNTU | |
https://ubuntu.com/security/notices/USN-4949-1 | vendor-advisory, x_refsource_UBUNTU | |
https://security.netapp.com/advisory/ntap-20210716-0004/ | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: trunk < v5.13-rc4 Version: linux-5.12.y < v5.12.4 Version: linux-5.11.y < v5.11.21 Version: linux-5.10.y < v5.10.37 Version: v5.8 < 5.8* |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:53:17.828Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[oss-security] CVE-2021-3489 - Linux kernel eBPF RINGBUF map oversized allocation", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2021/05/11/10" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-590/" }, { "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-4950-1" }, { "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-4949-1" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210716-0004/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel", "vendor": "Linux", "versions": [ { "lessThan": "v5.13-rc4", "status": "affected", "version": "trunk", "versionType": "custom" }, { "lessThan": "v5.12.4", "status": "affected", "version": "linux-5.12.y", "versionType": "custom" }, { "lessThan": "v5.11.21", "status": "affected", "version": "linux-5.11.y", "versionType": "custom" }, { "lessThan": "v5.10.37", "status": "affected", "version": "linux-5.10.y", "versionType": "custom" }, { "lessThan": "5.8*", "status": "affected", "version": "v5.8", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Ryota Shiga (@Ga_ryo_) of Flatt Security working with Trend Micro\u0027s Zero Day Initiative" } ], "datePublic": "2021-05-11T00:00:00", "descriptions": [ { "lang": "en", "value": "The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (\"bpf, ringbuf: Deny reserve of buffers larger than ringbuf\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (\"bpf: Implement BPF ring buffer and verifier support for it\") (v5.8-rc1)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-16T10:06:26", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "name": "[oss-security] CVE-2021-3489 - Linux kernel eBPF RINGBUF map oversized allocation", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://www.openwall.com/lists/oss-security/2021/05/11/10" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-590/" }, { "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://ubuntu.com/security/notices/USN-4950-1" }, { "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://ubuntu.com/security/notices/USN-4949-1" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210716-0004/" } ], "source": { "discovery": "EXTERNAL" }, "title": "Linux kernel eBPF RINGBUF map oversized allocation", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2021-05-11 17:00 +0000", "ID": "CVE-2021-3489", "STATE": "PUBLIC", "TITLE": "Linux kernel eBPF RINGBUF map oversized allocation" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux kernel", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "trunk", "version_value": "v5.13-rc4" }, { "version_affected": "\u003c", "version_name": "linux-5.12.y", "version_value": "v5.12.4" }, { "version_affected": "\u003c", "version_name": "linux-5.11.y", "version_value": "v5.11.21" }, { "version_affected": "\u003c", "version_name": "linux-5.10.y", "version_value": "v5.10.37" }, { "version_affected": "\u003e=", "version_name": "5.8", "version_value": "v5.8" } ] } } ] }, "vendor_name": "Linux" } ] } }, "credit": [ { "lang": "eng", "value": "Ryota Shiga (@Ga_ryo_) of Flatt Security working with Trend Micro\u0027s Zero Day Initiative" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (\"bpf, ringbuf: Deny reserve of buffers larger than ringbuf\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (\"bpf: Implement BPF ring buffer and verifier support for it\") (v5.8-rc1)." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer" } ] }, { "description": [ { "lang": "eng", "value": "CWE-787 Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "[oss-security] CVE-2021-3489 - Linux kernel eBPF RINGBUF map oversized allocation", "refsource": "MLIST", "url": "https://www.openwall.com/lists/oss-security/2021/05/11/10" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-590/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-590/" }, { "name": "https://ubuntu.com/security/notices/USN-4950-1", "refsource": "UBUNTU", "url": "https://ubuntu.com/security/notices/USN-4950-1" }, { "name": "https://ubuntu.com/security/notices/USN-4949-1", "refsource": "UBUNTU", "url": "https://ubuntu.com/security/notices/USN-4949-1" }, { "name": "https://security.netapp.com/advisory/ntap-20210716-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210716-0004/" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2021-3489", "datePublished": "2021-06-04T01:40:19.351991Z", "dateReserved": "2021-04-09T00:00:00", "dateUpdated": "2024-09-16T20:21:42.116Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-2196
Vulnerability from cvelistv5
Published
2023-01-09 10:59
Modified
2024-08-03 00:32
Severity ?
EPSS score ?
Summary
Speculative execution attacks in KVM VMX
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 0 Version: 0 < 6.2 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T00:32:08.645Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230223-0002/" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#2e7eab81425a" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e7eab81425ad6c875f2ed47c0ce01e78afc38a5" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-2196", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-01T15:07:47.721131Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T15:08:01.626Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "KVM", "product": "Linux Kernel", "repo": "https://git.kernel.org/", "vendor": "Linux", "versions": [ { "lessThan": "2e7eab81425a", "status": "affected", "version": "0", "versionType": "git" }, { "lessThan": "6.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "datePublic": "2022-10-18T22:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eL2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn\u0027t need retpolines or IBPB\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eafter running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit\u0026nbsp;2e7eab81425a\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks.\u00a0L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn\u0027t need retpolines or IBPB\u00a0after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit\u00a02e7eab81425a\n" } ], "impacts": [ { "capecId": "CAPEC-30", "descriptions": [ { "lang": "en", "value": "CAPEC-30 Hijacking a Privileged Thread of Execution" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1188", "description": "CWE-1188 Insecure Default Initialization of Resource", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-09T10:59:53.099Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://kernel.dance/#2e7eab81425a" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e7eab81425ad6c875f2ed47c0ce01e78afc38a5" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" } ], "source": { "discovery": "INTERNAL" }, "title": "Speculative execution attacks in KVM VMX", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-2196", "datePublished": "2023-01-09T10:59:53.099Z", "dateReserved": "2022-06-24T13:29:09.969Z", "dateUpdated": "2024-08-03T00:32:08.645Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-24855
Vulnerability from cvelistv5
Published
2024-02-05 07:25
Modified
2024-08-01 23:28
Severity ?
EPSS score ?
Summary
Race condition vulnerability in Linux kernel scsi device driver lpfc_unregister_fcf_rescan()
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: v2.6.34-rc2 < v6.5-rc2 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-24855", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-06T16:37:53.304176Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:34.582Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:28:12.898Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8149" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://kernel.org/", "defaultStatus": "unaffected", "modules": [ "scsi" ], "packageName": "kernel", "platforms": [ "Linux", "x86", "ARM" ], "product": "Linux kernel", "programFiles": [ "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/drivers/scsi/lpfc/lpfc_hbadisc.c" ], "repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "versions": [ { "lessThan": "v6.5-rc2", "status": "affected", "version": "v2.6.34-rc2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\u003c/p\u003e\n\u003cp\u003e\u003c/p\u003e" } ], "value": "A race condition was found in the Linux kernel\u0027s scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n\n\n" } ], "impacts": [ { "capecId": "CAPEC-26", "descriptions": [ { "lang": "en", "value": "CAPEC-26 Leveraging Race Conditions" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-05T07:25:41.568Z", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8149" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/torvalds/linux/commit/0e881c0a4b614\"\u003ehttps://github.com/torvalds/linux/commit/0e881c0a4b614\u003c/a\u003e\u003cbr\u003e" } ], "value": " https://github.com/torvalds/linux/commit/0e881c0a4b614 https://github.com/torvalds/linux/commit/0e881c0a4b614 \n" } ], "source": { "discovery": "UNKNOWN" }, "title": "Race condition vulnerability in Linux kernel scsi device driver lpfc_unregister_fcf_rescan()", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2024-24855", "datePublished": "2024-02-05T07:25:41.568Z", "dateReserved": "2024-02-01T09:11:56.213Z", "dateUpdated": "2024-08-01T23:28:12.898Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-24864
Vulnerability from cvelistv5
Published
2024-02-05 07:36
Modified
2024-08-01 23:28
Severity ?
EPSS score ?
Summary
Race condition vulnerability in Linux kernel media/dvb-core in dvbdmx_write()
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: v2.6.12-rc2 < v6.8-rc2 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-24864", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-05T14:37:17.751005Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:24.554Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:28:12.940Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8178" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "media", "dvd-core" ], "packageName": "kernel", "platforms": [ "Linux", "x86", "ARM" ], "product": "Linux kernel", "programFiles": [ "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/drivers/media/dvb-core/dvb_demux.c" ], "repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "versions": [ { "lessThan": "v6.8-rc2", "status": "affected", "version": "v2.6.12-rc2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s media/dvb-core in dvbdmx_write()\u0026nbsp;function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\u003c/p\u003e\n\n\n" } ], "value": "A race condition was found in the Linux kernel\u0027s media/dvb-core in dvbdmx_write()\u00a0function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n\n\n" } ], "impacts": [ { "capecId": "CAPEC-26", "descriptions": [ { "lang": "en", "value": "CAPEC-26 Leveraging Race Conditions" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-05T07:36:04.281Z", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8178" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cu\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://patchwork.kernel.org/project/linux-media/patch/20230626024429.994136-1-islituo@gmail.com/\"\u003ehttps://patchwork.kernel.org/project/linux-media/patch/20230626024429.994136-1-islituo@gmail.com/\u003c/a\u003e\u003cbr\u003e\u003c/u\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://lore.kernel.org/all/20230626024429.994136-1-islituo@gmail.com/\"\u003ehttps://lore.kernel.org/all/20230626024429.994136-1-islituo@gmail.com/\u003c/a\u003e\u003cbr\u003e" } ], "value": " https://patchwork.kernel.org/project/linux-media/patch/20230626024429.994136-1-islituo@gmail.com/ https://patchwork.kernel.org/project/linux-media/patch/20230626024429.994136-1-islituo@gmail.com/ \n https://lore.kernel.org/all/20230626024429.994136-1-islituo@gmail.com/ https://lore.kernel.org/all/20230626024429.994136-1-islituo@gmail.com/ \n" } ], "source": { "discovery": "UNKNOWN" }, "title": "Race condition vulnerability in Linux kernel media/dvb-core in dvbdmx_write()", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2024-24864", "datePublished": "2024-02-05T07:36:04.281Z", "dateReserved": "2024-02-01T09:11:56.216Z", "dateUpdated": "2024-08-01T23:28:12.940Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2163
Vulnerability from cvelistv5
Published
2023-09-20 05:02
Modified
2024-08-09 19:05
Severity ?
EPSS score ?
Summary
Incorrect Verifier Branch Pruning Logic Leads To Arbitrary Read/Write In Linux Kernel and Lateral Privilege Escalation
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Patch: 0 Version: 0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-09T19:05:37.091Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "technical-description" ], "url": "https://bughunters.google.com/blog/6303226026131456/a-deep-dive-into-cve-2023-2163-how-we-found-and-fixed-an-ebpf-linux-kernel-vulnerability" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed" } ], "title": "CVE Program Container", "x_generator": { "engine": "ADPogram 0.0.1" } } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Linux Kernel", "vendor": "Linux", "versions": [ { "lessThan": "5.4", "status": "unaffected", "version": "0", "versionType": "custom" }, { "lessThan": "71b547f561247897a0a14f3082730156c0533fed", "status": "affected", "version": "0", "versionType": "git" } ] } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIncorrect verifier pruning\u0026nbsp;\u003c/span\u003ein BPF in Linux Kernel\u0026nbsp;\u0026gt;=5.4\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eleads to unsafe\u003c/span\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ecode paths being incorrectly marked as safe, resulting in\u003c/span\u003e\u0026nbsp;arbitrary read/write in\u003cbr\u003ekernel memory, lateral privilege escalation, and container escape.\u003cbr\u003e" } ], "value": "Incorrect verifier pruning\u00a0in BPF in Linux Kernel\u00a0\u003e=5.4\u00a0leads to unsafe\ncode paths being incorrectly marked as safe, resulting in\u00a0arbitrary read/write in\nkernel memory, lateral privilege escalation, and container escape." } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-682", "description": "CWE-682 Incorrect Calculation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-21T03:43:35.053Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed" } ], "source": { "discovery": "UNKNOWN" }, "title": "Incorrect Verifier Branch Pruning Logic Leads To Arbitrary Read/Write In Linux Kernel and Lateral Privilege Escalation", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-2163", "datePublished": "2023-09-20T05:02:38.155Z", "dateReserved": "2023-04-18T18:22:35.441Z", "dateUpdated": "2024-08-09T19:05:37.091Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0240
Vulnerability from cvelistv5
Published
2023-01-30 13:17
Modified
2024-08-02 05:02
Severity ?
EPSS score ?
Summary
Use after free in io_uring in the Linux Kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 5.10 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:02:43.942Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230316-0001/" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring?h=linux-5.10.y\u0026id=788d0824269bef539fe31a785b1517882eafed93" }, { "tags": [ "x_transferred" ], "url": "https://github.com/gregkh/linux/commit/1e6fa5216a0e59ef02e8b6b40d553238a3b81d49" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:linux:linux_kernel:5.10:-:*:*:*:*:*:*" ], "defaultStatus": "unaffected", "product": "linux_kernel", "vendor": "linux", "versions": [ { "lessThanOrEqual": "5.10.161", "status": "affected", "version": "5.10", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-0240", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-01T18:22:24.961145Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T18:38:39.043Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "io_uring", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.10.161", "status": "affected", "version": "5.10", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bing-Jhong Billy Jheng of Starlabs" } ], "datePublic": "2022-12-22T14:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "There is a logic error in io_uring\u0027s implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation.\u003cbr\u003e\u003cbr\u003eIn the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161." } ], "value": "There is a logic error in io_uring\u0027s implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation.\n\nIn the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161." } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-01-30T13:17:09.182Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring?h=linux-5.10.y\u0026id=788d0824269bef539fe31a785b1517882eafed93" }, { "url": "https://github.com/gregkh/linux/commit/1e6fa5216a0e59ef02e8b6b40d553238a3b81d49" }, { "url": "https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use after free in io_uring in the Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-0240", "datePublished": "2023-01-30T13:17:09.182Z", "dateReserved": "2023-01-12T13:04:00.937Z", "dateUpdated": "2024-08-02T05:02:43.942Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-0461
Vulnerability from cvelistv5
Published
2023-02-28 14:23
Modified
2024-08-02 05:10
Severity ?
EPSS score ?
Summary
Use-after-free vulnerability in the Linux Kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T05:10:56.165Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "url": "https://security.netapp.com/advisory/ntap-20230331-0006/" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#2c02d41d71f90a5168391b6a5f2954112ba2307c" }, { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2c02d41d71f90a5168391b6a5f2954112ba2307c" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-0461", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-01T15:55:09.289052Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T15:55:22.180Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "2c02d41d71f90a5168391b6a5f2954112ba2307c", "status": "affected", "version": "0", "versionType": "git" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "slipper" } ], "datePublic": "2023-01-02T23:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThere is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag \u003ccode\u003eCONFIG_TLS\u003c/code\u003e\u0026nbsp;or \u003ccode\u003eCONFIG_XFRM_ESPINTCP\u003c/code\u003e\u0026nbsp;has to be configured, but the operation does not require any privilege.\u003c/p\u003e\u003cp\u003eThere is a use-after-free bug of \u003ccode\u003eicsk_ulp_data\u003c/code\u003e\u0026nbsp;of a \u003ccode\u003estruct inet_connection_sock\u003c/code\u003e.\u003c/p\u003e\u003cp\u003eWhen \u003ccode\u003eCONFIG_TLS\u003c/code\u003e\u0026nbsp;is enabled, user can install a tls context (\u003ccode\u003estruct tls_context\u003c/code\u003e) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.\u003c/p\u003e\u003cp\u003eThe \u003ccode\u003esetsockopt\u003c/code\u003e\u0026nbsp;\u003ccode\u003eTCP_ULP\u003c/code\u003e\u0026nbsp;operation does not require any privilege.\u003c/p\u003eWe recommend upgrading past commit\u0026nbsp;2c02d41d71f90a5168391b6a5f2954112ba2307c" } ], "value": "There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS\u00a0or CONFIG_XFRM_ESPINTCP\u00a0has to be configured, but the operation does not require any privilege.\n\nThere is a use-after-free bug of icsk_ulp_data\u00a0of a struct inet_connection_sock.\n\nWhen CONFIG_TLS\u00a0is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.\n\nThe setsockopt\u00a0TCP_ULP\u00a0operation does not require any privilege.\n\nWe recommend upgrading past commit\u00a02c02d41d71f90a5168391b6a5f2954112ba2307c" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-28T14:23:02.224Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://kernel.dance/#2c02d41d71f90a5168391b6a5f2954112ba2307c" }, { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2c02d41d71f90a5168391b6a5f2954112ba2307c" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free vulnerability in the Linux Kernel ", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-0461", "datePublished": "2023-02-28T14:23:02.224Z", "dateReserved": "2023-01-24T09:47:24.966Z", "dateUpdated": "2024-08-02T05:10:56.165Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-11477
Vulnerability from cvelistv5
Published
2019-06-18 23:34
Modified
2024-09-17 02:21
Severity ?
EPSS score ?
Summary
Integer overflow in TCP_SKB_CB(skb)->tcp_gso_segs
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: 4.4 < 4.4.182 Version: 4.9 < 4.9.182 Version: 4.14 < 4.14.127 Version: 4.19 < 4.19.52 Version: 5.1 < 5.1.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:55:40.213Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#905115", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/905115" }, { "name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3" }, { "name": "RHSA-2019:1594", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "name": "RHSA-2019:1602", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "name": "RHSA-2019:1699", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K78234183" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel", "vendor": "Linux", "versions": [ { "lessThan": "4.4.182", "status": "affected", "version": "4.4", "versionType": "custom" }, { "lessThan": "4.9.182", "status": "affected", "version": "4.9", "versionType": "custom" }, { "lessThan": "4.14.127", "status": "affected", "version": "4.14", "versionType": "custom" }, { "lessThan": "4.19.52", "status": "affected", "version": "4.19", "versionType": "custom" }, { "lessThan": "5.1.11", "status": "affected", "version": "5.1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Jonathan Looney from Netflix" } ], "datePublic": "2019-06-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-20T21:14:56", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "name": "VU#905115", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://www.kb.cert.org/vuls/id/905115" }, { "name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3" }, { "name": "RHSA-2019:1594", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "name": "RHSA-2019:1602", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "name": "RHSA-2019:1699", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "tags": [ "x_refsource_MISC" ], "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K78234183" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" } ], "source": { "advisory": "https://usn.ubuntu.com/4017-1", "defect": [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637" ], "discovery": "UNKNOWN" }, "title": "Integer overflow in TCP_SKB_CB(skb)-\u003etcp_gso_segs", "x_generator": { "engine": "Vulnogram 0.0.7" }, "x_legacyV4Record": { "CVE_data_meta": { "AKA": "SACK Panic", "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", "ID": "CVE-2019-11477", "STATE": "PUBLIC", "TITLE": "Integer overflow in TCP_SKB_CB(skb)-\u003etcp_gso_segs" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux kernel", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "4.4", "version_value": "4.4.182" }, { "version_affected": "\u003c", "version_name": "4.9", "version_value": "4.9.182" }, { "version_affected": "\u003c", "version_name": "4.14", "version_value": "4.14.127" }, { "version_affected": "\u003c", "version_name": "4.19", "version_value": "4.19.52" }, { "version_affected": "\u003c", "version_name": "5.1", "version_value": "5.1.11" } ] } } ] }, "vendor_name": "Linux" } ] } }, "credit": [ { "lang": "eng", "value": "Jonathan Looney from Netflix" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff." } ] }, "generator": { "engine": "Vulnogram 0.0.7" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-190 Integer Overflow or Wraparound" } ] } ] }, "references": { "reference_data": [ { "name": "VU#905115", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/905115" }, { "name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3" }, { "name": "RHSA-2019:1594", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "name": "RHSA-2019:1602", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "name": "RHSA-2019:1699", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" }, { "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff" }, { "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", "refsource": "MISC", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", "refsource": "MISC", "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "name": "https://access.redhat.com/security/vulnerabilities/tcpsack", "refsource": "MISC", "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "name": "https://support.f5.com/csp/article/K78234183", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K78234183" }, { "name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", "refsource": "CONFIRM", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_28", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "name": "https://security.netapp.com/advisory/ntap-20190625-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" } ] }, "source": { "advisory": "https://usn.ubuntu.com/4017-1", "defect": [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637" ], "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2019-11477", "datePublished": "2019-06-18T23:34:51.026970Z", "dateReserved": "2019-04-23T00:00:00", "dateUpdated": "2024-09-17T02:21:15.995Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-3390
Vulnerability from cvelistv5
Published
2023-06-28 20:02
Modified
2024-08-02 06:55
Severity ?
EPSS score ?
Summary
Use-after-free in Linux kernel's netfilter subsystem
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 3.16 < 6.4 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:55:03.302Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5448" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5461" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230818-0004/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.4", "status": "affected", "version": "3.16", "versionType": "custom" } ] } ], "datePublic": "2023-06-08T19:49:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA use-after-free vulnerability was found in the Linux kernel\u0027s netfilter subsystem in net/netfilter/nf_tables_api.c.\u003cbr\u003e\u003cbr\u003eMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eWe recommend upgrading past commit\u0026nbsp;1240eb93f0616b21c675416516ff3d74798fdc97." } ], "value": "A use-after-free vulnerability was found in the Linux kernel\u0027s netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit\u00a01240eb93f0616b21c675416516ff3d74798fdc97." } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-28T20:02:07.389Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97" }, { "url": "https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97" }, { "url": "https://www.debian.org/security/2023/dsa-5448" }, { "url": "https://www.debian.org/security/2023/dsa-5461" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "url": "https://security.netapp.com/advisory/ntap-20230818-0004/" }, { "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s netfilter subsystem", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-3390", "datePublished": "2023-06-28T20:02:07.389Z", "dateReserved": "2023-06-23T13:45:16.519Z", "dateUpdated": "2024-08-02T06:55:03.302Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-22099
Vulnerability from cvelistv5
Published
2024-01-25 07:02
Modified
2024-08-01 22:35
Severity ?
EPSS score ?
Summary
NULL pointer deference in rfcomm_check_security in Linux kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: v2.6.12-rc2 < v6.8-rc1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T22:35:34.715Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7956" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://mirrors.openanolis.cn/anolis/", "defaultStatus": "unaffected", "modules": [ "net", "bluetooth" ], "packageName": "kernel", "platforms": [ "Linux", "x86", "ARM" ], "product": "Linux kernel", "programFiles": [ "https://gitee.com/anolis/cloud-kernel/blob/release-5.10/net/bluetooth/rfcomm/core.c" ], "repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "versions": [ { "lessThan": "v6.8-rc1", "status": "affected", "version": "v2.6.12-rc2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Yuxuan-Hu \u003c20373622@buaa.edu.cn\u003e" } ], "datePublic": "2024-01-19T03:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003e/net/bluetooth/rfcomm/core.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects Linux kernel: v2.6.12-rc2.\u003c/p\u003e" } ], "value": "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.\n\nThis issue affects Linux kernel: v2.6.12-rc2.\n\n" } ], "impacts": [ { "capecId": "CAPEC-100", "descriptions": [ { "lang": "en", "value": "CAPEC-100 Overflow Buffers" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T07:02:59.928Z", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7956" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=6ec00b0737fe\"\u003ehttps://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=6ec00b0737fe\u003c/a\u003e\u003cbr\u003e" } ], "value": " https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=6ec00b0737fe https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/ \n" } ], "source": { "advisory": "Not yet", "discovery": "INTERNAL" }, "title": "NULL pointer deference in rfcomm_check_security in Linux kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2024-22099", "datePublished": "2024-01-25T07:02:59.928Z", "dateReserved": "2024-01-15T09:44:45.533Z", "dateUpdated": "2024-08-01T22:35:34.715Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2018-5390
Vulnerability from cvelistv5
Published
2018-08-06 20:00
Modified
2024-08-05 05:33
Severity ?
EPSS score ?
Summary
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 4.9 < 4.9* |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T05:33:44.409Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:2785", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2785" }, { "name": "VU#962459", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/962459" }, { "name": "USN-3741-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3741-2/" }, { "name": "RHSA-2018:2776", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2776" }, { "name": "RHSA-2018:2933", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2933" }, { "name": "RHSA-2018:2403", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2403" }, { "name": "RHSA-2018:2395", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2395" }, { "name": "USN-3763-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3763-1/" }, { "name": "RHSA-2018:2384", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2384" }, { "name": "USN-3741-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3741-1/" }, { "name": "RHSA-2018:2402", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2402" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "USN-3742-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3742-2/" }, { "name": "1041434", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041434" }, { "name": "USN-3732-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3732-2/" }, { "name": "104976", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/104976" }, { "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html" }, { "name": "1041424", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041424" }, { "name": "USN-3742-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3742-1/" }, { "name": "RHSA-2018:2924", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2924" }, { "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp" }, { "name": "RHSA-2018:2789", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2789" }, { "name": "DSA-4266", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4266" }, { "name": "RHSA-2018:2645", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2645" }, { "name": "USN-3732-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/3732-1/" }, { "name": "RHSA-2018:2791", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2791" }, { "name": "RHSA-2018:2790", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2790" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20180815-0003/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/support/security/Synology_SA_18_41" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K95343321" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux Kernel", "vendor": "Linux", "versions": [ { "lessThan": "4.9*", "status": "affected", "version": "4.9", "versionType": "custom" } ] } ], "datePublic": "2018-07-23T00:00:00", "descriptions": [ { "lang": "en", "value": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-07-15T02:22:59", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc" }, "references": [ { "name": "RHSA-2018:2785", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2785" }, { "name": "VU#962459", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://www.kb.cert.org/vuls/id/962459" }, { "name": "USN-3741-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3741-2/" }, { "name": "RHSA-2018:2776", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2776" }, { "name": "RHSA-2018:2933", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2933" }, { "name": "RHSA-2018:2403", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2403" }, { "name": "RHSA-2018:2395", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2395" }, { "name": "USN-3763-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3763-1/" }, { "name": "RHSA-2018:2384", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2384" }, { "name": "USN-3741-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3741-1/" }, { "name": "RHSA-2018:2402", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2402" }, { "name": "RHSA-2018:2948", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "USN-3742-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3742-2/" }, { "name": "1041434", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041434" }, { "name": "USN-3732-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3732-2/" }, { "name": "104976", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/104976" }, { "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html" }, { "name": "1041424", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041424" }, { "name": "USN-3742-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3742-1/" }, { "name": "RHSA-2018:2924", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2924" }, { "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp" }, { "name": "RHSA-2018:2789", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2789" }, { "name": "DSA-4266", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4266" }, { "name": "RHSA-2018:2645", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2645" }, { "name": "USN-3732-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/3732-1/" }, { "name": "RHSA-2018:2791", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2791" }, { "name": "RHSA-2018:2790", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2790" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20180815-0003/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/support/security/Synology_SA_18_41" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K95343321" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en" } ], "source": { "discovery": "UNKNOWN" }, "title": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cert@cert.org", "ID": "CVE-2018-5390", "STATE": "PUBLIC", "TITLE": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux Kernel", "version": { "version_data": [ { "affected": "\u003e=", "version_affected": "\u003e=", "version_name": "4.9", "version_value": "4.9" } ] } } ] }, "vendor_name": "Linux" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-400" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2018:2785", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2785" }, { "name": "VU#962459", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/962459" }, { "name": "USN-3741-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3741-2/" }, { "name": "RHSA-2018:2776", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2776" }, { "name": "RHSA-2018:2933", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2933" }, { "name": "RHSA-2018:2403", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2403" }, { "name": "RHSA-2018:2395", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2395" }, { "name": "USN-3763-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3763-1/" }, { "name": "RHSA-2018:2384", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2384" }, { "name": "USN-3741-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3741-1/" }, { "name": "RHSA-2018:2402", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2402" }, { "name": "RHSA-2018:2948", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2948" }, { "name": "USN-3742-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3742-2/" }, { "name": "1041434", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041434" }, { "name": "USN-3732-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3732-2/" }, { "name": "104976", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104976" }, { "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html" }, { "name": "1041424", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041424" }, { "name": "USN-3742-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3742-1/" }, { "name": "RHSA-2018:2924", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2924" }, { "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp" }, { "name": "RHSA-2018:2789", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2789" }, { "name": "DSA-4266", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4266" }, { "name": "RHSA-2018:2645", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2645" }, { "name": "USN-3732-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/3732-1/" }, { "name": "RHSA-2018:2791", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2791" }, { "name": "RHSA-2018:2790", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2790" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "name": "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource": "CONFIRM", "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "refsource": "CONFIRM", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" }, { "name": "https://security.netapp.com/advisory/ntap-20180815-0003/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20180815-0003/" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt" }, { "name": "https://www.synology.com/support/security/Synology_SA_18_41", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_18_41" }, { "name": "https://support.f5.com/csp/article/K95343321", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K95343321" }, { "name": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack", "refsource": "CONFIRM", "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e", "refsource": "CONFIRM", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e" }, { "name": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf" }, { "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en" } ] }, "source": { "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2018-5390", "datePublished": "2018-08-06T20:00:00", "dateReserved": "2018-01-12T00:00:00", "dateUpdated": "2024-08-05T05:33:44.409Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-24859
Vulnerability from cvelistv5
Published
2024-02-05 07:28
Modified
2024-08-01 23:28
Severity ?
EPSS score ?
Summary
Race condition vulnerability in Linux kernel bluetooth sniff_{min,max}_interval_set()
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: v4.0-rc1 < v6.8-rc2 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-24859", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-05T15:33:58.445018Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:25.429Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:28:12.892Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8153" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "bluetooth" ], "packageName": "kernel", "platforms": [ "Linux", "x86", "ARM" ], "product": "Linux kernel", "programFiles": [ "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/hci_debugfs.c" ], "repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "versions": [ { "lessThan": "v6.8-rc2", "status": "affected", "version": "v4.0-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.\u003cbr\u003e\u003c/p\u003e\n\n\n\n\n" } ], "value": "A race condition was found in the Linux kernel\u0027s net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.\n\n\n\n\n\n\n\n" } ], "impacts": [ { "capecId": "CAPEC-26", "descriptions": [ { "lang": "en", "value": "CAPEC-26 Leveraging Race Conditions" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-05T07:28:06.115Z", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8153" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://lore.kernel.org/lkml/20231222162931.6553-1-2045gemini@gmail.com/\"\u003ehttps://lore.kernel.org/lkml/20231222162931.6553-1-2045gemini@gmail.com/\u003c/a\u003e\u003cbr\u003e" } ], "value": " https://lore.kernel.org/lkml/20231222162931.6553-1-2045gemini@gmail.com/ https://lore.kernel.org/lkml/20231222162931.6553-1-2045gemini@gmail.com/ \n" } ], "source": { "discovery": "UNKNOWN" }, "title": "Race condition vulnerability in Linux kernel bluetooth sniff_{min,max}_interval_set()", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2024-24859", "datePublished": "2024-02-05T07:28:06.115Z", "dateReserved": "2024-02-01T09:11:56.214Z", "dateUpdated": "2024-08-01T23:28:12.892Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3490
Vulnerability from cvelistv5
Published
2021-06-04 01:40
Modified
2024-09-16 22:29
Severity ?
EPSS score ?
Summary
Linux kernel eBPF bitwise ops ALU32 bounds tracking
References
▼ | URL | Tags |
---|---|---|
https://ubuntu.com/security/notices/USN-4950-1 | vendor-advisory, x_refsource_UBUNTU | |
https://ubuntu.com/security/notices/USN-4949-1 | vendor-advisory, x_refsource_UBUNTU | |
https://www.openwall.com/lists/oss-security/2021/05/11/11 | mailing-list, x_refsource_MLIST | |
https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e | x_refsource_MISC | |
https://www.zerodayinitiative.com/advisories/ZDI-21-606/ | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210716-0004/ | x_refsource_CONFIRM | |
http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: trunk < v5.13-rc4 Version: linux-5.12.y < v5.12.4 Version: linux-5.11.y < v5.11.21 Version: linux-5.10.y < v5.10.37 Version: v5.7-rc1 < 5.7* |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:53:17.879Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-4950-1" }, { "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://ubuntu.com/security/notices/USN-4949-1" }, { "name": "[oss-security] CVE-2021-3490 - Linux kernel eBPF bitwise ops ALU32 bounds tracking", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2021/05/11/11" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-606/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210716-0004/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel", "vendor": "Linux", "versions": [ { "lessThan": "v5.13-rc4", "status": "affected", "version": "trunk", "versionType": "custom" }, { "lessThan": "v5.12.4", "status": "affected", "version": "linux-5.12.y", "versionType": "custom" }, { "lessThan": "v5.11.21", "status": "affected", "version": "linux-5.11.y", "versionType": "custom" }, { "lessThan": "v5.10.37", "status": "affected", "version": "linux-5.10.y", "versionType": "custom" }, { "lessThan": "5.7*", "status": "affected", "version": "v5.7-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Manfred Paul (@_manfp) of the RedRocket CTF team (@redrocket_ctf) working with Trend Micro\u0027s Zero Day Initiative" } ], "datePublic": "2021-05-11T00:00:00", "descriptions": [ { "lang": "en", "value": "The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e (\"bpf: Fix alu32 const subreg bound tracking on bitwise operations\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 (\"bpf: Verifier, do explicit ALU32 bounds tracking\") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 (\"bpf:Fix a verifier failure with xor\") ( 5.10-rc1)." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-09-01T17:06:42", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://ubuntu.com/security/notices/USN-4950-1" }, { "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://ubuntu.com/security/notices/USN-4949-1" }, { "name": "[oss-security] CVE-2021-3490 - Linux kernel eBPF bitwise ops ALU32 bounds tracking", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://www.openwall.com/lists/oss-security/2021/05/11/11" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-606/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210716-0004/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html" } ], "source": { "discovery": "EXTERNAL" }, "title": "Linux kernel eBPF bitwise ops ALU32 bounds tracking", "x_generator": { "engine": "Vulnogram 0.0.9" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2021-05-11 17:00:00 +0000", "ID": "CVE-2021-3490", "STATE": "PUBLIC", "TITLE": "Linux kernel eBPF bitwise ops ALU32 bounds tracking" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux kernel", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "trunk", "version_value": "v5.13-rc4" }, { "version_affected": "\u003c", "version_name": "linux-5.12.y", "version_value": "v5.12.4" }, { "version_affected": "\u003c", "version_name": "linux-5.11.y", "version_value": "v5.11.21" }, { "version_affected": "\u003c", "version_name": "linux-5.10.y", "version_value": "v5.10.37" }, { "version_affected": "\u003e=", "version_name": "5.7", "version_value": "v5.7-rc1" } ] } } ] }, "vendor_name": "Linux" } ] } }, "credit": [ { "lang": "eng", "value": "Manfred Paul (@_manfp) of the RedRocket CTF team (@redrocket_ctf) working with Trend Micro\u0027s Zero Day Initiative" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e (\"bpf: Fix alu32 const subreg bound tracking on bitwise operations\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 (\"bpf: Verifier, do explicit ALU32 bounds tracking\") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 (\"bpf:Fix a verifier failure with xor\") ( 5.10-rc1)." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787 Out-of-bounds Write" } ] }, { "description": [ { "lang": "eng", "value": "CWE-20 Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://ubuntu.com/security/notices/USN-4950-1", "refsource": "UBUNTU", "url": "https://ubuntu.com/security/notices/USN-4950-1" }, { "name": "https://ubuntu.com/security/notices/USN-4949-1", "refsource": "UBUNTU", "url": "https://ubuntu.com/security/notices/USN-4949-1" }, { "name": "[oss-security] CVE-2021-3490 - Linux kernel eBPF bitwise ops ALU32 bounds tracking", "refsource": "MLIST", "url": "https://www.openwall.com/lists/oss-security/2021/05/11/11" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=049c4e13714ecbca567b4d5f6d563f05d431c80e" }, { "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-606/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-606/" }, { "name": "https://security.netapp.com/advisory/ntap-20210716-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210716-0004/" }, { "name": "http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/164015/Linux-eBPF-ALU32-32-bit-Invalid-Bounds-Tracking-Local-Privilege-Escalation.html" } ] }, "source": { "discovery": "EXTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2021-3490", "datePublished": "2021-06-04T01:40:20.129090Z", "dateReserved": "2021-04-09T00:00:00", "dateUpdated": "2024-09-16T22:29:57.625Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-24860
Vulnerability from cvelistv5
Published
2024-02-05 07:27
Modified
2024-08-01 23:28
Severity ?
EPSS score ?
Summary
Race condition vulnerability in Linux kernel bluetooth driver in {min,max}_key_size_set()
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: v5.6-rc1 < v6.8-rc1 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-24860", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-05T14:05:40.448336Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:19.546Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:28:12.994Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8151" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://kernel.org/", "defaultStatus": "unaffected", "modules": [ "bluetooth" ], "packageName": "kernel", "platforms": [ "Linux", "x86", "ARM" ], "product": "Linux kernel", "programFiles": [ "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/hci_debugfs.c" ], "repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "versions": [ { "lessThan": "v6.8-rc1", "status": "affected", "version": "v5.6-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\u003c/p\u003e\n\n\n" } ], "value": "A race condition was found in the Linux kernel\u0027s bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n\n\n" } ], "impacts": [ { "capecId": "CAPEC-26", "descriptions": [ { "lang": "en", "value": "CAPEC-26 Leveraging Race Conditions" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-05T07:27:31.042Z", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8151" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/torvalds/linux/commit/da9065caa594d\"\u003ehttps://github.com/torvalds/linux/commit/da9065caa594d\u003c/a\u003e\u003cbr\u003e" } ], "value": " https://github.com/torvalds/linux/commit/da9065caa594d https://github.com/torvalds/linux/commit/da9065caa594d \n" } ], "source": { "discovery": "UNKNOWN" }, "title": "Race condition vulnerability in Linux kernel bluetooth driver in {min,max}_key_size_set()", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2024-24860", "datePublished": "2024-02-05T07:27:31.042Z", "dateReserved": "2024-02-01T09:11:56.214Z", "dateUpdated": "2024-08-01T23:28:12.994Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-3910
Vulnerability from cvelistv5
Published
2022-11-22 12:12
Modified
2024-08-03 01:20
Severity ?
EPSS score ?
Summary
Use after free in IO_uring in the Linux Kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 5.18.0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T01:20:58.856Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#fc7222c3a9f56271fba02aabbfbae999042f1679" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.19.10", "status": "affected", "version": "5.18.0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bing-Jhong Billy Jheng of Starlabs" } ], "datePublic": "2022-05-16T22:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation.\u003cbr\u003eWhen io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately.\u003cbr\u003e\u003cbr\u003eWe recommend upgrading past commit \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679\"\u003ehttps://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679\u003c/a\u003e\u003cbr\u003e" } ], "value": "Use After Free vulnerability in Linux Kernel allows Privilege Escalation. An improper Update of Reference Count in io_uring leads to Use-After-Free and Local Privilege Escalation.\nWhen io_msg_ring was invoked with a fixed file, it called io_fput_file() which improperly decreased its reference count (leading to Use-After-Free and Local Privilege Escalation). Fixed files are permanently registered to the ring, and should not be put separately.\n\nWe recommend upgrading past commit https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679 \n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-22T12:26:26.702Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/fc7222c3a9f56271fba02aabbfbae999042f1679" }, { "url": "https://kernel.dance/#fc7222c3a9f56271fba02aabbfbae999042f1679" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use after free in IO_uring in the Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-3910", "datePublished": "2022-11-22T12:12:16.700Z", "dateReserved": "2022-11-09T12:57:22.704Z", "dateUpdated": "2024-08-03T01:20:58.856Z", "requesterUserId": "ed9b5bb2-2df1-4aa3-9791-5fb260d88e62", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-21803
Vulnerability from cvelistv5
Published
2024-01-30 07:15
Modified
2024-08-01 22:27
Severity ?
EPSS score ?
Summary
Possible UAF in bt_accept_poll in Linux kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: v2.6.12-rc2 < v6.8-rc1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T22:27:36.292Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8081" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://kernel.org/", "defaultStatus": "unaffected", "modules": [ "bluetooth" ], "packageName": "kernel", "platforms": [ "Linux", "x86", "ARM" ], "product": "Linux kernel", "programFiles": [ "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.c" ], "repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "versions": [ { "lessThan": "v6.8-rc1", "status": "affected", "version": "v2.6.12-rc2", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "\u80e1\u5b87\u8f69 \u003cyuxuanhu@buaa.edu.cn\u003e" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003ehttps://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.\u003c/p\u003e" } ], "value": "Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C.\n\nThis issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1.\n\n" } ], "impacts": [ { "capecId": "CAPEC-549", "descriptions": [ { "lang": "en", "value": "CAPEC-549 Local Execution of Code" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-30T07:15:33.276Z", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8081" } ], "source": { "discovery": "INTERNAL" }, "title": "Possible UAF in bt_accept_poll in Linux kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2024-21803", "datePublished": "2024-01-30T07:15:33.276Z", "dateReserved": "2024-01-15T09:44:45.561Z", "dateUpdated": "2024-08-01T22:27:36.292Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-24858
Vulnerability from cvelistv5
Published
2024-02-05 07:30
Modified
2024-08-01 23:28
Severity ?
EPSS score ?
Summary
Race condition vulnerability in Linux kernel net/bluetooth in {conn,adv}_{min,max}_interval_set()
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: v4.0-rc1 < v6.8-rc2 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-24858", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-06T18:47:37.158239Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:21:10.209Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:28:13.187Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8154" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "modules": [ "bluetooth" ], "packageName": "kernel", "platforms": [ "Linux", "x86", "ARM" ], "product": "Linux kernel", "programFiles": [ "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/hci_debugfs.c" ], "repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "versions": [ { "lessThan": "v6.8-rc2", "status": "affected", "version": "v4.0-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.\u003c/p\u003e\n\n\n" } ], "value": "A race condition was found in the Linux kernel\u0027s net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.\n\n\n\n\n" } ], "impacts": [ { "capecId": "CAPEC-26", "descriptions": [ { "lang": "en", "value": "CAPEC-26 Leveraging Race Conditions" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-05T07:30:55.483Z", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8154" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://lore.kernel.org/lkml/20231222161317.6255-1-2045gemini@gmail.com/\"\u003ehttps://lore.kernel.org/lkml/20231222161317.6255-1-2045gemini@gmail.com/\u003c/a\u003e\u003cbr\u003e" } ], "value": " https://lore.kernel.org/lkml/20231222161317.6255-1-2045gemini@gmail.com/ https://lore.kernel.org/lkml/20231222161317.6255-1-2045gemini@gmail.com/ \n" } ], "source": { "discovery": "UNKNOWN" }, "title": "Race condition vulnerability in Linux kernel net/bluetooth in {conn,adv}_{min,max}_interval_set()", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2024-24858", "datePublished": "2024-02-05T07:30:55.483Z", "dateReserved": "2024-02-01T09:11:56.214Z", "dateUpdated": "2024-08-01T23:28:13.187Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-24861
Vulnerability from cvelistv5
Published
2024-02-05 07:26
Modified
2024-08-01 23:28
Severity ?
EPSS score ?
Summary
Race condition vulnerability in Linux kernel media/xc4000 xc4000_get_frequency()
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: v3.1-rc1 < v6.8-rc1 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-24861", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-22T18:11:41.377364Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:43:39.200Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:28:12.999Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8150" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://kernel.org/", "defaultStatus": "unaffected", "modules": [ "media", "xc4000" ], "packageName": "kernel", "platforms": [ "Linux", "x86", "ARM" ], "product": "Linux kernel", "programFiles": [ "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/drivers/media/tuners/xc4000.c" ], "repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "versions": [ { "lessThan": "v6.8-rc1", "status": "affected", "version": "v3.1-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.\u003c/p\u003e\n\n\n" } ], "value": "A race condition was found in the Linux kernel\u0027s media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.\n\n\n\n\n" } ], "impacts": [ { "capecId": "CAPEC-26", "descriptions": [ { "lang": "en", "value": "CAPEC-26 Leveraging Race Conditions" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-05T07:26:43.824Z", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8150" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/\"\u003ehttps://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/\u003c/a\u003e\u003cbr\u003e" } ], "value": " https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/ https://lore.kernel.org/lkml/20231222055030.5237-1-2045gemini@gmail.com/ \n" } ], "source": { "discovery": "UNKNOWN" }, "title": "Race condition vulnerability in Linux kernel media/xc4000 xc4000_get_frequency()", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2024-24861", "datePublished": "2024-02-05T07:26:43.824Z", "dateReserved": "2024-02-01T09:11:56.214Z", "dateUpdated": "2024-08-01T23:28:12.999Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-23586
Vulnerability from cvelistv5
Published
2023-02-17 12:25
Modified
2024-08-02 10:35
Severity ?
EPSS score ?
Summary
Use after free in io_uring in the Linux Kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 5.6 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T10:35:33.335Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring?h=linux-5.10.y\u0026id=788d0824269bef539fe31a785b1517882eafed93" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "5.10.161", "status": "affected", "version": "5.6", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Bing-Jhong Billy Jheng of Starlabs" } ], "datePublic": "2022-12-22T14:30:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDue to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process.\u0026nbsp;timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring\u0027s io_worker threads, thus it is possible to insert a time namespace\u0027s vvar page to process\u0027s memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process\u0027 memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring?h=linux-5.10.y\u0026amp;id=788d0824269bef539fe31a785b1517882eafed93\"\u003e788d0824269bef539fe31a785b1517882eafed93\u003c/a\u003e\u003c/span\u003e\u003cbr\u003e" } ], "value": "Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process.\u00a0timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring\u0027s io_worker threads, thus it is possible to insert a time namespace\u0027s vvar page to process\u0027s memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process\u0027 memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit\u00a0 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring \n" } ], "impacts": [ { "capecId": "CAPEC-30", "descriptions": [ { "lang": "en", "value": "CAPEC-30 Hijacking a Privileged Thread of Execution" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-02-17T12:25:35.255Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uring?h=linux-5.10.y\u0026id=788d0824269bef539fe31a785b1517882eafed93" }, { "url": "https://kernel.dance/#788d0824269bef539fe31a785b1517882eafed93" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use after free in io_uring in the Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-23586", "datePublished": "2023-02-17T12:25:35.000Z", "dateReserved": "2023-01-13T13:15:22.698Z", "dateUpdated": "2024-08-02T10:35:33.335Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-1998
Vulnerability from cvelistv5
Published
2023-04-21 14:51
Modified
2024-08-02 06:05
Severity ?
EPSS score ?
Summary
Spectre v2 SMT mitigations problem in Linux kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 0 < 6.3 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:05:27.106Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crx" }, { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/6921ed9049bc7457f66c1596c5b78aec0dae4a9d" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://git.kernel.org/", "defaultStatus": "unaffected", "modules": [ "x86/speculation" ], "packageName": "kernel", "platforms": [ "Linux" ], "product": "Linux Kernel", "repo": "https://git.kernel.org/", "vendor": "Linux", "versions": [ { "lessThan": "6.3", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "datePublic": "2023-04-13T16:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eThe Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.\u003c/p\u003e\u003cp\u003eThis happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.\u003c/p\u003e\u003cbr\u003e" } ], "value": "The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.\n\nThis happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.\n\n\n" } ], "impacts": [ { "capecId": "CAPEC-663", "descriptions": [ { "lang": "en", "value": "CAPEC-663 Exploitation of Transient Instruction Execution" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1303", "description": "CWE-1303 Non-Transparent Sharing of Microarchitectural Resources", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-04-21T14:51:52.907Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crx" }, { "url": "https://github.com/torvalds/linux/commit/6921ed9049bc7457f66c1596c5b78aec0dae4a9d" }, { "url": "https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html" } ], "source": { "discovery": "UNKNOWN" }, "title": "Spectre v2 SMT mitigations problem in Linux kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-1998", "datePublished": "2023-04-21T14:51:52.907Z", "dateReserved": "2023-04-12T09:38:13.899Z", "dateUpdated": "2024-08-02T06:05:27.106Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-2236
Vulnerability from cvelistv5
Published
2023-05-01 12:50
Modified
2024-08-02 06:19
Severity ?
EPSS score ?
Summary
Use-after-free in Linux kernel's Performance Events subsystem
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 5.19 < 6.1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T06:19:13.600Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "patch", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d94c04c0db024922e886c9fd429659f22f48ea4" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/9d94c04c0db024922e886c9fd429659f22f48ea4" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20230601-0010/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThan": "6.1", "status": "affected", "version": "5.19", "versionType": "custom" } ] } ], "datePublic": "2022-11-25T13:54:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003eA use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\u003c/p\u003e\u003cp\u003eBoth\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eio_install_fixed_file\u003c/span\u003e\u0026nbsp;and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability.\u003c/p\u003e\u003cp\u003eWe recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.\u003c/p\u003e" } ], "value": "A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nBoth\u00a0io_install_fixed_file\u00a0and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.\n\n" } ], "impacts": [ { "capecId": "CAPEC-233", "descriptions": [ { "lang": "en", "value": "CAPEC-233 Privilege Escalation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-01T12:50:47.742Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "tags": [ "patch" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9d94c04c0db024922e886c9fd429659f22f48ea4" }, { "url": "https://kernel.dance/9d94c04c0db024922e886c9fd429659f22f48ea4" }, { "url": "https://security.netapp.com/advisory/ntap-20230601-0010/" } ], "source": { "discovery": "EXTERNAL" }, "title": "Use-after-free in Linux kernel\u0027s Performance Events subsystem", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2023-2236", "datePublished": "2023-05-01T12:50:47.742Z", "dateReserved": "2023-04-21T17:43:28.315Z", "dateUpdated": "2024-08-02T06:19:13.600Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-23196
Vulnerability from cvelistv5
Published
2024-02-05 07:22
Modified
2024-08-01 22:59
Severity ?
EPSS score ?
Summary
Race condition vulnerability in Linux kernel sound/hda snd_hdac_regmap_sync
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: v5.6-rc1 < v6.5-rc1 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-23196", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-02-05T17:02:43.219098Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-05T17:22:53.499Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:59:32.092Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8148" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://kernel.org/", "defaultStatus": "unaffected", "modules": [ "sound/hda" ], "packageName": "kernel", "platforms": [ "Linux", "x86", "ARM" ], "product": "Linux kernel", "programFiles": [ "https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/sound/hda/hdac_regmap.c" ], "repo": "https://gitee.com/anolis/cloud-kernel.git", "vendor": "Linux", "versions": [ { "lessThan": "v6.5-rc1", "status": "affected", "version": "v5.6-rc1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e" }, { "lang": "en", "type": "reporter", "user": "00000000-0000-4000-9000-000000000000", "value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cp\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA race condition was found in the Linux kernel\u0027s \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003esound/hda \u003c/span\u003e device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edenial of service issue\u003c/span\u003e.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e" } ], "value": "A race condition was found in the Linux kernel\u0027s sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n" } ], "impacts": [ { "capecId": "CAPEC-26", "descriptions": [ { "lang": "en", "value": "CAPEC-26 Leveraging Race Conditions" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-02-05T07:22:39.907Z", "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "shortName": "Anolis" }, "references": [ { "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8148" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/torvalds/linux/commit/1f4a08fed450d\"\u003ehttps://github.com/torvalds/linux/commit/1f4a08fed450d\u003c/a\u003e\u003cbr\u003e" } ], "value": " https://github.com/torvalds/linux/commit/1f4a08fed450d https://github.com/torvalds/linux/commit/1f4a08fed450d \n" } ], "source": { "discovery": "UNKNOWN" }, "title": "Race condition vulnerability in Linux kernel sound/hda snd_hdac_regmap_sync", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e", "assignerShortName": "Anolis", "cveId": "CVE-2024-23196", "datePublished": "2024-02-05T07:22:39.907Z", "dateReserved": "2024-01-15T09:44:45.550Z", "dateUpdated": "2024-08-01T22:59:32.092Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-31248
Vulnerability from cvelistv5
Published
2023-07-05 18:33
Modified
2024-08-02 14:53
Severity ?
EPSS score ?
Summary
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: v5.9-rc1 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:53:31.000Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "issue-tracking", "x_transferred" ], "url": "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/" }, { "tags": [ "mailing-list", "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2023/07/05/2" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2023/07/05/2" }, { "tags": [ "x_transferred" ], "url": "https://www.debian.org/security/2023/dsa-5453" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html" }, { "tags": [ "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20240201-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "Linux" ], "product": "Linux Kernel", "vendor": "Linux", "versions": [ { "status": "affected", "version": "v5.9-rc1" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Mingi Cho" } ], "datePublic": "2023-07-05T12:12:00.000Z", "descriptions": [ { "lang": "en", "value": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace" } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-05T18:33:59.665Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "tags": [ "issue-tracking" ], "url": "https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/" }, { "tags": [ "mailing-list" ], "url": "https://www.openwall.com/lists/oss-security/2023/07/05/2" }, { "url": "http://www.openwall.com/lists/oss-security/2023/07/05/2" }, { "url": "https://www.debian.org/security/2023/dsa-5453" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPHI46ROSSLVAV4R5LJWJYU747JGOS6D/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGZC5XOANA75OJ4XARBBXYSLDKUIJI5E/" }, { "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html" }, { "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00001.html" }, { "url": "http://packetstormsecurity.com/files/174577/Kernel-Live-Patch-Security-Notice-LSN-0097-1.html" }, { "url": "https://security.netapp.com/advisory/ntap-20240201-0001/" } ], "title": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability" } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2023-31248", "datePublished": "2023-07-05T18:33:59.665Z", "dateReserved": "2023-06-29T21:43:35.029Z", "dateUpdated": "2024-08-02T14:53:31.000Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2019-11479
Vulnerability from cvelistv5
Published
2019-06-18 23:34
Modified
2024-09-16 23:22
Severity ?
EPSS score ?
Summary
Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux kernel |
Version: 4.4 < 4.4.182 Version: 4.9 < 4.9.182 Version: 4.14 < 4.14.127 Version: 4.19 < 4.19.52 Version: 5.1 < 5.1.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T22:55:40.780Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "108818", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/108818" }, { "name": "VU#905115", "tags": [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/905115" }, { "name": "RHSA-2019:1594", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "name": "RHSA-2019:1602", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "USN-4041-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4041-2/" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "name": "RHSA-2019:1699", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "name": "USN-4041-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred" ], "url": "https://usn.ubuntu.com/4041-1/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K35421172" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.f5.com/csp/article/K35421172?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Linux kernel", "vendor": "Linux", "versions": [ { "lessThan": "4.4.182", "status": "affected", "version": "4.4", "versionType": "custom" }, { "lessThan": "4.9.182", "status": "affected", "version": "4.9", "versionType": "custom" }, { "lessThan": "4.14.127", "status": "affected", "version": "4.14", "versionType": "custom" }, { "lessThan": "4.19.52", "status": "affected", "version": "4.19", "versionType": "custom" }, { "lessThan": "5.1.11", "status": "affected", "version": "5.1", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "value": "Jonathan Looney from Netflix" } ], "datePublic": "2019-06-17T00:00:00", "descriptions": [ { "lang": "en", "value": "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-405", "description": "CWE-405 Asymmetric Resource Consumption (Amplification)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-10-20T21:14:56", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical" }, "references": [ { "name": "108818", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/108818" }, { "name": "VU#905115", "tags": [ "third-party-advisory", "x_refsource_CERT-VN" ], "url": "https://www.kb.cert.org/vuls/id/905115" }, { "name": "RHSA-2019:1594", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "name": "RHSA-2019:1602", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "USN-4041-2", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4041-2/" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "name": "RHSA-2019:1699", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "name": "USN-4041-1", "tags": [ "vendor-advisory", "x_refsource_UBUNTU" ], "url": "https://usn.ubuntu.com/4041-1/" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_MISC" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "tags": [ "x_refsource_MISC" ], "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "tags": [ "x_refsource_MISC" ], "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K35421172" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.f5.com/csp/article/K35421172?utm_source=f5support\u0026amp%3Butm_medium=RSS" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-06" } ], "source": { "defect": [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1832286" ], "discovery": "UNKNOWN" }, "x_generator": { "engine": "Vulnogram 0.0.7" }, "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", "ID": "CVE-2019-11479", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux kernel", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "4.4", "version_value": "4.4.182" }, { "version_affected": "\u003c", "version_name": "4.9", "version_value": "4.9.182" }, { "version_affected": "\u003c", "version_name": "4.14", "version_value": "4.14.127" }, { "version_affected": "\u003c", "version_name": "4.19", "version_value": "4.19.52" }, { "version_affected": "\u003c", "version_name": "5.1", "version_value": "5.1.11" } ] } } ] }, "vendor_name": "Linux" } ] } }, "credit": [ { "lang": "eng", "value": "Jonathan Looney from Netflix" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363." } ] }, "generator": { "engine": "Vulnogram 0.0.7" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-405 Asymmetric Resource Consumption (Amplification)" } ] } ] }, "references": { "reference_data": [ { "name": "108818", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108818" }, { "name": "VU#905115", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/905115" }, { "name": "RHSA-2019:1594", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "name": "RHSA-2019:1602", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "USN-4041-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4041-2/" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "name": "RHSA-2019:1699", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "name": "USN-4041-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4041-1/" }, { "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", "refsource": "MISC", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", "refsource": "MISC", "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "name": "https://access.redhat.com/security/vulnerabilities/tcpsack", "refsource": "MISC", "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", "refsource": "CONFIRM", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_28", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "name": "https://security.netapp.com/advisory/ntap-20190625-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=5f3e2bf008c2221478101ee72f5cb4654b9fc363" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=967c05aee439e6e5d7d805e195b3a20ef5c433d6" }, { "name": "https://support.f5.com/csp/article/K35421172", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K35421172" }, { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0008" }, { "name": "https://support.f5.com/csp/article/K35421172?utm_source=f5support\u0026amp;utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K35421172?utm_source=f5support\u0026amp;utm_medium=RSS" }, { "name": "https://www.us-cert.gov/ics/advisories/icsma-20-170-06", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-06" } ] }, "source": { "defect": [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1832286" ], "discovery": "UNKNOWN" } } } }, "cveMetadata": { "assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2019-11479", "datePublished": "2019-06-18T23:34:51.124134Z", "dateReserved": "2019-04-23T00:00:00", "dateUpdated": "2024-09-16T23:22:00.170Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-42895
Vulnerability from cvelistv5
Published
2022-11-23 14:11
Modified
2024-08-03 13:19
Severity ?
EPSS score ?
Summary
Info Leak in l2cap_core in the Linux Kernel
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Linux | Linux Kernel |
Version: 3.0.0 < |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T13:19:05.390Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e" }, { "tags": [ "x_transferred" ], "url": "https://kernel.dance/#b1a2cd50c0357f243b7435a732b4e62ba3157a2e" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "packageName": "kernel", "product": "Linux Kernel", "repo": "https://git.kernel.org", "vendor": "Linux", "versions": [ { "lessThanOrEqual": "b1a2cd50c0357f243b7435a732b4e62ba3157a2e", "status": "affected", "version": "3.0.0", "versionType": "custom" } ] } ], "datePublic": "2022-11-02T23:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is an infoleak vulnerability in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.\u003c/span\u003e\u003cbr\u003eWe recommend upgrading past commit\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.google.com/url?q=https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\u0026amp;sa=D\u0026amp;source=buganizer\u0026amp;usg=AOvVaw1MgsfyPTiSrqqs3LAs-ZRS\"\u003ehttps://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e" } ], "value": "There is an infoleak vulnerability in the Linux kernel\u0027s net/bluetooth/l2cap_core.c\u0027s l2cap_parse_conf_req function which can be used to leak kernel pointers remotely.\nWe recommend upgrading past commit\u00a0 https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e https://www.google.com/url \n\n" } ], "impacts": [ { "capecId": "CAPEC-410", "descriptions": [ { "lang": "en", "value": "CAPEC-410 Information Elicitation" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-824", "description": "CWE-824 Access of Uninitialized Pointer", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-11-23T14:14:27.857Z", "orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google" }, "references": [ { "url": "https://github.com/torvalds/linux/commit/b1a2cd50c0357f243b7435a732b4e62ba3157a2e" }, { "url": "https://kernel.dance/#b1a2cd50c0357f243b7435a732b4e62ba3157a2e" } ], "source": { "discovery": "EXTERNAL" }, "title": "Info Leak in l2cap_core in the Linux Kernel", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "cveId": "CVE-2022-42895", "datePublished": "2022-11-23T14:11:33.340Z", "dateReserved": "2022-10-12T18:30:19.769Z", "dateUpdated": "2024-08-03T13:19:05.390Z", "requesterUserId": "ed9b5bb2-2df1-4aa3-9791-5fb260d88e62", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }