Vulnerability-Lookup

CERTFR-2024-AVI-0632

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
SUSE	N/A	SUSE Linux Enterprise Desktop 15 SP6
SUSE	N/A	Basesystem Module 15-SP6
SUSE	N/A	Public Cloud Module 15-SP6
SUSE	N/A	SUSE Linux Enterprise Live Patching 15-SP6
SUSE	N/A	Legacy Module 15-SP6
SUSE	N/A	SUSE Linux Enterprise Real Time 15 SP6
SUSE	N/A	openSUSE Leap 15.6
SUSE	N/A	SUSE Linux Enterprise Workstation Extension 15 SP6
SUSE	N/A	SUSE Linux Enterprise High Availability Extension 15 SP6
SUSE	N/A	SUSE Linux Enterprise Server for SAP Applications 15 SP6
SUSE	N/A	Development Tools Module 15-SP6
SUSE	N/A	SUSE Linux Enterprise Server 15 SP6

References

Title

Publication Time

Tags

Bulletin de sécurité SUSE SUSE-SU-2024:2575-1	2024-07-22	vendor-advisory
Bulletin de sécurité SUSE SUSE-SU-2024:2585-1	2024-07-22	vendor-advisory
Bulletin de sécurité SUSE SUSE-SU-2024:2571-1	2024-07-22	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SUSE Linux Enterprise Desktop 15 SP6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "Basesystem Module 15-SP6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "Public Cloud Module 15-SP6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Live Patching 15-SP6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "Legacy Module 15-SP6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Real Time 15 SP6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "openSUSE Leap 15.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Workstation Extension 15 SP6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise High Availability Extension 15 SP6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "Development Tools Module 15-SP6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "SUSE Linux Enterprise Server 15 SP6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-26625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26625"
    },
    {
      "name": "CVE-2023-52622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52622"
    },
    {
      "name": "CVE-2024-26814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26814"
    },
    {
      "name": "CVE-2024-26750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26750"
    },
    {
      "name": "CVE-2024-26813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26813"
    },
    {
      "name": "CVE-2024-26676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26676"
    },
    {
      "name": "CVE-2024-26780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26780"
    },
    {
      "name": "CVE-2024-26845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26845"
    },
    {
      "name": "CVE-2024-26889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26889"
    },
    {
      "name": "CVE-2024-26920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26920"
    },
    {
      "name": "CVE-2023-38417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38417"
    },
    {
      "name": "CVE-2023-47210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47210"
    },
    {
      "name": "CVE-2024-35848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35848"
    },
    {
      "name": "CVE-2024-36017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
    },
    {
      "name": "CVE-2024-36904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36904"
    },
    {
      "name": "CVE-2024-36916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36916"
    },
    {
      "name": "CVE-2024-36919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36919"
    },
    {
      "name": "CVE-2024-36934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36934"
    },
    {
      "name": "CVE-2024-36957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36957"
    },
    {
      "name": "CVE-2023-52656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52656"
    },
    {
      "name": "CVE-2023-52699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52699"
    },
    {
      "name": "CVE-2023-52753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52753"
    },
    {
      "name": "CVE-2023-52754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52754"
    },
    {
      "name": "CVE-2023-52757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52757"
    },
    {
      "name": "CVE-2023-52759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52759"
    },
    {
      "name": "CVE-2023-52763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52763"
    },
    {
      "name": "CVE-2023-52764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52764"
    },
    {
      "name": "CVE-2023-52766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52766"
    },
    {
      "name": "CVE-2023-52773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52773"
    },
    {
      "name": "CVE-2023-52774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52774"
    },
    {
      "name": "CVE-2023-52777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52777"
    },
    {
      "name": "CVE-2023-52781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52781"
    },
    {
      "name": "CVE-2023-52788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52788"
    },
    {
      "name": "CVE-2023-52789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52789"
    },
    {
      "name": "CVE-2023-52791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52791"
    },
    {
      "name": "CVE-2023-52795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52795"
    },
    {
      "name": "CVE-2023-52796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52796"
    },
    {
      "name": "CVE-2023-52798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52798"
    },
    {
      "name": "CVE-2023-52799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52799"
    },
    {
      "name": "CVE-2023-52800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52800"
    },
    {
      "name": "CVE-2023-52803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52803"
    },
    {
      "name": "CVE-2023-52804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52804"
    },
    {
      "name": "CVE-2023-52805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52805"
    },
    {
      "name": "CVE-2023-52806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52806"
    },
    {
      "name": "CVE-2023-52807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52807"
    },
    {
      "name": "CVE-2023-52808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52808"
    },
    {
      "name": "CVE-2023-52809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52809"
    },
    {
      "name": "CVE-2023-52810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52810"
    },
    {
      "name": "CVE-2023-52811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52811"
    },
    {
      "name": "CVE-2023-52814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52814"
    },
    {
      "name": "CVE-2023-52815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52815"
    },
    {
      "name": "CVE-2023-52816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52816"
    },
    {
      "name": "CVE-2023-52817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52817"
    },
    {
      "name": "CVE-2023-52818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52818"
    },
    {
      "name": "CVE-2023-52819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52819"
    },
    {
      "name": "CVE-2023-52821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52821"
    },
    {
      "name": "CVE-2023-52825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52825"
    },
    {
      "name": "CVE-2023-52826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52826"
    },
    {
      "name": "CVE-2023-52832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52832"
    },
    {
      "name": "CVE-2023-52833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52833"
    },
    {
      "name": "CVE-2023-52834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52834"
    },
    {
      "name": "CVE-2023-52838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52838"
    },
    {
      "name": "CVE-2023-52840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52840"
    },
    {
      "name": "CVE-2023-52841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52841"
    },
    {
      "name": "CVE-2023-52844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52844"
    },
    {
      "name": "CVE-2023-52847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52847"
    },
    {
      "name": "CVE-2023-52851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52851"
    },
    {
      "name": "CVE-2023-52853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52853"
    },
    {
      "name": "CVE-2023-52854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52854"
    },
    {
      "name": "CVE-2023-52855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52855"
    },
    {
      "name": "CVE-2023-52856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52856"
    },
    {
      "name": "CVE-2023-52858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52858"
    },
    {
      "name": "CVE-2023-52861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52861"
    },
    {
      "name": "CVE-2023-52864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
    },
    {
      "name": "CVE-2023-52865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52865"
    },
    {
      "name": "CVE-2023-52867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52867"
    },
    {
      "name": "CVE-2023-52868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52868"
    },
    {
      "name": "CVE-2023-52870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52870"
    },
    {
      "name": "CVE-2023-52871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52871"
    },
    {
      "name": "CVE-2023-52872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52872"
    },
    {
      "name": "CVE-2023-52873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52873"
    },
    {
      "name": "CVE-2023-52875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52875"
    },
    {
      "name": "CVE-2023-52876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52876"
    },
    {
      "name": "CVE-2023-52877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52877"
    },
    {
      "name": "CVE-2023-52878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52878"
    },
    {
      "name": "CVE-2023-52880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52880"
    },
    {
      "name": "CVE-2024-0090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0090"
    },
    {
      "name": "CVE-2024-0091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0091"
    },
    {
      "name": "CVE-2024-0092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0092"
    },
    {
      "name": "CVE-2024-26758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26758"
    },
    {
      "name": "CVE-2024-27419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27419"
    },
    {
      "name": "CVE-2024-35976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35976"
    },
    {
      "name": "CVE-2024-35998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35998"
    },
    {
      "name": "CVE-2024-36924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36924"
    },
    {
      "name": "CVE-2024-36926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36926"
    },
    {
      "name": "CVE-2024-36938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36938"
    },
    {
      "name": "CVE-2024-36952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36952"
    },
    {
      "name": "CVE-2023-52672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52672"
    },
    {
      "name": "CVE-2024-27414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27414"
    },
    {
      "name": "CVE-2024-35807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35807"
    },
    {
      "name": "CVE-2024-35884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35884"
    },
    {
      "name": "CVE-2024-35886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35886"
    },
    {
      "name": "CVE-2024-35896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35896"
    },
    {
      "name": "CVE-2024-35898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35898"
    },
    {
      "name": "CVE-2024-35900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35900"
    },
    {
      "name": "CVE-2024-35925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35925"
    },
    {
      "name": "CVE-2024-35962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35962"
    },
    {
      "name": "CVE-2024-36005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
    },
    {
      "name": "CVE-2024-36008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36008"
    },
    {
      "name": "CVE-2024-36960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36960"
    },
    {
      "name": "CVE-2024-36964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36964"
    },
    {
      "name": "CVE-2024-36971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
    },
    {
      "name": "CVE-2024-37353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37353"
    },
    {
      "name": "CVE-2024-38381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38381"
    },
    {
      "name": "CVE-2024-38549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38549"
    },
    {
      "name": "CVE-2024-38552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38552"
    },
    {
      "name": "CVE-2024-38559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38559"
    },
    {
      "name": "CVE-2024-38560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38560"
    },
    {
      "name": "CVE-2024-38565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38565"
    },
    {
      "name": "CVE-2024-38567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38567"
    },
    {
      "name": "CVE-2024-38578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38578"
    },
    {
      "name": "CVE-2024-38579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38579"
    },
    {
      "name": "CVE-2024-38582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38582"
    },
    {
      "name": "CVE-2024-38583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38583"
    },
    {
      "name": "CVE-2024-38587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38587"
    },
    {
      "name": "CVE-2024-38599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38599"
    },
    {
      "name": "CVE-2024-38601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38601"
    },
    {
      "name": "CVE-2024-38618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38618"
    },
    {
      "name": "CVE-2024-38621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38621"
    },
    {
      "name": "CVE-2024-38627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38627"
    },
    {
      "name": "CVE-2024-38633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38633"
    },
    {
      "name": "CVE-2024-38634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38634"
    },
    {
      "name": "CVE-2024-38780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38780"
    },
    {
      "name": "CVE-2024-35827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35827"
    },
    {
      "name": "CVE-2024-35831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35831"
    },
    {
      "name": "CVE-2024-35843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35843"
    },
    {
      "name": "CVE-2023-52813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52813"
    },
    {
      "name": "CVE-2023-52835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52835"
    },
    {
      "name": "CVE-2023-52881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52881"
    },
    {
      "name": "CVE-2021-47432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47432"
    },
    {
      "name": "CVE-2022-48772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48772"
    },
    {
      "name": "CVE-2023-52735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52735"
    },
    {
      "name": "CVE-2023-52762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52762"
    },
    {
      "name": "CVE-2023-52784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52784"
    },
    {
      "name": "CVE-2023-52787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52787"
    },
    {
      "name": "CVE-2023-52837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52837"
    },
    {
      "name": "CVE-2023-52843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52843"
    },
    {
      "name": "CVE-2023-52845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52845"
    },
    {
      "name": "CVE-2023-52846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52846"
    },
    {
      "name": "CVE-2023-52869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52869"
    },
    {
      "name": "CVE-2023-52884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52884"
    },
    {
      "name": "CVE-2024-33619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33619"
    },
    {
      "name": "CVE-2024-35247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35247"
    },
    {
      "name": "CVE-2024-35857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35857"
    },
    {
      "name": "CVE-2024-35979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35979"
    },
    {
      "name": "CVE-2024-36477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36477"
    },
    {
      "name": "CVE-2024-36478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36478"
    },
    {
      "name": "CVE-2024-36479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36479"
    },
    {
      "name": "CVE-2024-36899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36899"
    },
    {
      "name": "CVE-2024-36900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36900"
    },
    {
      "name": "CVE-2024-36915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36915"
    },
    {
      "name": "CVE-2024-36917",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36917"
    },
    {
      "name": "CVE-2024-36923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36923"
    },
    {
      "name": "CVE-2024-36937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36937"
    },
    {
      "name": "CVE-2024-36945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36945"
    },
    {
      "name": "CVE-2024-36965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36965"
    },
    {
      "name": "CVE-2024-36967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36967"
    },
    {
      "name": "CVE-2024-36969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36969"
    },
    {
      "name": "CVE-2024-36975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36975"
    },
    {
      "name": "CVE-2024-36978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36978"
    },
    {
      "name": "CVE-2024-37021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37021"
    },
    {
      "name": "CVE-2024-37078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37078"
    },
    {
      "name": "CVE-2024-37354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37354"
    },
    {
      "name": "CVE-2024-38388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38388"
    },
    {
      "name": "CVE-2024-38390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38390"
    },
    {
      "name": "CVE-2024-38540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
    },
    {
      "name": "CVE-2024-38541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
    },
    {
      "name": "CVE-2024-38544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38544"
    },
    {
      "name": "CVE-2024-38545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38545"
    },
    {
      "name": "CVE-2024-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38546"
    },
    {
      "name": "CVE-2024-38547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38547"
    },
    {
      "name": "CVE-2024-38548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38548"
    },
    {
      "name": "CVE-2024-38550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38550"
    },
    {
      "name": "CVE-2024-38553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38553"
    },
    {
      "name": "CVE-2024-38555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38555"
    },
    {
      "name": "CVE-2024-38556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38556"
    },
    {
      "name": "CVE-2024-38557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38557"
    },
    {
      "name": "CVE-2024-38564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38564"
    },
    {
      "name": "CVE-2024-38568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38568"
    },
    {
      "name": "CVE-2024-38571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38571"
    },
    {
      "name": "CVE-2024-38573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38573"
    },
    {
      "name": "CVE-2024-38580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38580"
    },
    {
      "name": "CVE-2024-38581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38581"
    },
    {
      "name": "CVE-2024-38590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38590"
    },
    {
      "name": "CVE-2024-38591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38591"
    },
    {
      "name": "CVE-2024-38594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38594"
    },
    {
      "name": "CVE-2024-38597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38597"
    },
    {
      "name": "CVE-2024-38600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38600"
    },
    {
      "name": "CVE-2024-38603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38603"
    },
    {
      "name": "CVE-2024-38605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38605"
    },
    {
      "name": "CVE-2024-38608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38608"
    },
    {
      "name": "CVE-2024-38616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38616"
    },
    {
      "name": "CVE-2024-38619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38619"
    },
    {
      "name": "CVE-2024-38630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38630"
    },
    {
      "name": "CVE-2024-38635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38635"
    },
    {
      "name": "CVE-2024-38661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38661"
    },
    {
      "name": "CVE-2024-39301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39301"
    },
    {
      "name": "CVE-2024-39469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39469"
    },
    {
      "name": "CVE-2024-39471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39471"
    },
    {
      "name": "CVE-2024-38610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38610"
    },
    {
      "name": "CVE-2024-35880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35880"
    },
    {
      "name": "CVE-2024-35892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35892"
    },
    {
      "name": "CVE-2024-35926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35926"
    },
    {
      "name": "CVE-2024-35957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35957"
    },
    {
      "name": "CVE-2024-35970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35970"
    },
    {
      "name": "CVE-2024-36024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36024"
    },
    {
      "name": "CVE-2024-38543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38543"
    },
    {
      "name": "CVE-2024-38663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38663"
    },
    {
      "name": "CVE-2024-36973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36973"
    },
    {
      "name": "CVE-2024-38615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38615"
    },
    {
      "name": "CVE-2024-39371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39371"
    },
    {
      "name": "CVE-2023-52749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52749"
    },
    {
      "name": "CVE-2023-52750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52750"
    },
    {
      "name": "CVE-2023-52765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52765"
    },
    {
      "name": "CVE-2023-52767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52767"
    },
    {
      "name": "CVE-2023-52768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52768"
    },
    {
      "name": "CVE-2023-52769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52769"
    },
    {
      "name": "CVE-2023-52776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52776"
    },
    {
      "name": "CVE-2023-52780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52780"
    },
    {
      "name": "CVE-2023-52782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52782"
    },
    {
      "name": "CVE-2023-52783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52783"
    },
    {
      "name": "CVE-2023-52786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52786"
    },
    {
      "name": "CVE-2023-52792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52792"
    },
    {
      "name": "CVE-2023-52794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52794"
    },
    {
      "name": "CVE-2023-52801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52801"
    },
    {
      "name": "CVE-2023-52812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52812"
    },
    {
      "name": "CVE-2023-52827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52827"
    },
    {
      "name": "CVE-2023-52829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52829"
    },
    {
      "name": "CVE-2023-52836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52836"
    },
    {
      "name": "CVE-2023-52842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52842"
    },
    {
      "name": "CVE-2023-52849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52849"
    },
    {
      "name": "CVE-2023-52850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52850"
    },
    {
      "name": "CVE-2023-52857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52857"
    },
    {
      "name": "CVE-2023-52862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52862"
    },
    {
      "name": "CVE-2023-52863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52863"
    },
    {
      "name": "CVE-2023-52866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52866"
    },
    {
      "name": "CVE-2023-52874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52874"
    },
    {
      "name": "CVE-2023-52879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52879"
    },
    {
      "name": "CVE-2023-52883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52883"
    },
    {
      "name": "CVE-2024-26482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26482"
    },
    {
      "name": "CVE-2024-26767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26767"
    },
    {
      "name": "CVE-2024-34777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34777"
    },
    {
      "name": "CVE-2024-36010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36010"
    },
    {
      "name": "CVE-2024-36281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36281"
    },
    {
      "name": "CVE-2024-36882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36882"
    },
    {
      "name": "CVE-2024-36887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36887"
    },
    {
      "name": "CVE-2024-36903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36903"
    },
    {
      "name": "CVE-2024-36935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36935"
    },
    {
      "name": "CVE-2024-36962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36962"
    },
    {
      "name": "CVE-2024-36972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36972"
    },
    {
      "name": "CVE-2024-36977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36977"
    },
    {
      "name": "CVE-2024-38384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38384"
    },
    {
      "name": "CVE-2024-38385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38385"
    },
    {
      "name": "CVE-2024-38391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38391"
    },
    {
      "name": "CVE-2024-38539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38539"
    },
    {
      "name": "CVE-2024-38551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38551"
    },
    {
      "name": "CVE-2024-38554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38554"
    },
    {
      "name": "CVE-2024-38562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38562"
    },
    {
      "name": "CVE-2024-38566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38566"
    },
    {
      "name": "CVE-2024-38569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38569"
    },
    {
      "name": "CVE-2024-38570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38570"
    },
    {
      "name": "CVE-2024-38572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38572"
    },
    {
      "name": "CVE-2024-38575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38575"
    },
    {
      "name": "CVE-2024-38588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38588"
    },
    {
      "name": "CVE-2024-38592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38592"
    },
    {
      "name": "CVE-2024-38595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38595"
    },
    {
      "name": "CVE-2024-38602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38602"
    },
    {
      "name": "CVE-2024-38611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38611"
    },
    {
      "name": "CVE-2024-38617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38617"
    },
    {
      "name": "CVE-2024-38622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38622"
    },
    {
      "name": "CVE-2024-38628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38628"
    },
    {
      "name": "CVE-2024-38629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38629"
    },
    {
      "name": "CVE-2024-38636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38636"
    },
    {
      "name": "CVE-2024-38664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38664"
    },
    {
      "name": "CVE-2024-39277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39277"
    },
    {
      "name": "CVE-2024-39291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39291"
    },
    {
      "name": "CVE-2024-39296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39296"
    },
    {
      "name": "CVE-2024-39362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39362"
    },
    {
      "name": "CVE-2024-39463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39463"
    },
    {
      "name": "CVE-2024-39466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39466"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0632",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-07-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la politique de s\u00e9curit\u00e9 et un d\u00e9ni de service.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
  "vendor_advisories": [
    {
      "published_at": "2024-07-22",
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:2575-1",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242575-1"
    },
    {
      "published_at": "2024-07-22",
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:2585-1",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242585-1"
    },
    {
      "published_at": "2024-07-22",
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2024:2571-1",
      "url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242571-1"
    }
  ]
}

CVE-2021-47432 (GCVE-0-2021-47432)

Vulnerability from cvelistv5 – Published: 2024-05-21 15:30 – Updated: 2026-05-11 13:54

Title

lib/generic-radix-tree.c: Don't overflow in peek()

Summary

In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek() When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflows related to the radix tree code. Oops.

Severity

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

4 references

URL	Tags
https://git.kernel.org/stable/c/784d01f9bbc282abb…
https://git.kernel.org/stable/c/ec298b958cb0c40d7…
https://git.kernel.org/stable/c/aa7f1827953100cdd…
https://git.kernel.org/stable/c/9492261ff2460252c…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: ba20ba2e3743bac786dff777954c11930256075e , < 784d01f9bbc282abb0c5ade5beb98a87f50343ac (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < ec298b958cb0c40d70c68079da933c8f31c5134c (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < aa7f1827953100cdde0795289a80c6c077bfe437 (git) Affected: ba20ba2e3743bac786dff777954c11930256075e , < 9492261ff2460252cf2d8de89cdf854c7e2b28a0 (git)
Linux	Linux	Affected: 5.1 Unaffected: 0 , < 5.1 (semver) Unaffected: 6.1.64 , ≤ 6.1.* (semver) Unaffected: 6.5.13 , ≤ 6.5.* (semver) Unaffected: 6.6.3 , ≤ 6.6.* (semver) Unaffected: 6.7 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-47432",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T17:47:48.909736Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T15:31:57.716Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:39:59.326Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/generic-radix-tree.h",
            "lib/generic-radix-tree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "784d01f9bbc282abb0c5ade5beb98a87f50343ac",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            },
            {
              "lessThan": "ec298b958cb0c40d70c68079da933c8f31c5134c",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            },
            {
              "lessThan": "aa7f1827953100cdde0795289a80c6c077bfe437",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            },
            {
              "lessThan": "9492261ff2460252cf2d8de89cdf854c7e2b28a0",
              "status": "affected",
              "version": "ba20ba2e3743bac786dff777954c11930256075e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/generic-radix-tree.h",
            "lib/generic-radix-tree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.64",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.13",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.3",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib/generic-radix-tree.c: Don\u0027t overflow in peek()\n\nWhen we started spreading new inode numbers throughout most of the 64\nbit inode space, that triggered some corner case bugs, in particular\nsome integer overflows related to the radix tree code. Oops."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T13:54:35.380Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437"
        },
        {
          "url": "https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0"
        }
      ],
      "title": "lib/generic-radix-tree.c: Don\u0027t overflow in peek()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47432",
    "datePublished": "2024-05-21T15:30:36.904Z",
    "dateReserved": "2024-05-21T14:58:30.829Z",
    "dateUpdated": "2026-05-11T13:54:35.380Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-48772 (GCVE-0-2022-48772)

Vulnerability from cvelistv5 – Published: 2024-06-25 14:22 – Updated: 2026-05-11 18:46

Title

media: lgdt3306a: Add a check against null-pointer-def

Summary

In the Linux kernel, the following vulnerability has been resolved: media: lgdt3306a: Add a check against null-pointer-def The driver should check whether the client provides the platform_data. The following log reveals it: [ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40 [ 29.610730] Read of size 40 at addr 0000000000000000 by task bash/414 [ 29.612820] Call Trace: [ 29.613030] <TASK> [ 29.613201] dump_stack_lvl+0x56/0x6f [ 29.613496] ? kmemdup+0x30/0x40 [ 29.613754] print_report.cold+0x494/0x6b7 [ 29.614082] ? kmemdup+0x30/0x40 [ 29.614340] kasan_report+0x8a/0x190 [ 29.614628] ? kmemdup+0x30/0x40 [ 29.614888] kasan_check_range+0x14d/0x1d0 [ 29.615213] memcpy+0x20/0x60 [ 29.615454] kmemdup+0x30/0x40 [ 29.615700] lgdt3306a_probe+0x52/0x310 [ 29.616339] i2c_device_probe+0x951/0xa90

Severity

No CVSS data available.

Assigner

Linux

References

7 references

URL	Tags
https://git.kernel.org/stable/c/8915dcd29a82096ac…
https://git.kernel.org/stable/c/b479fd59a1f4a342b…
https://git.kernel.org/stable/c/526238d32c3acc3d5…
https://git.kernel.org/stable/c/d082757b8359201c3…
https://git.kernel.org/stable/c/7d12e918f2994c883…
https://git.kernel.org/stable/c/8e1e00718d0d9dd83…
https://git.kernel.org/stable/c/c1115ddbda9c930fb…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 4f75189024f4186a7ff9d56f4a8cb690774412ec , < 8915dcd29a82096acacf54364a8425363782aea0 (git) Affected: 4f75189024f4186a7ff9d56f4a8cb690774412ec , < b479fd59a1f4a342b69fce34f222d93bf791dca4 (git) Affected: 4f75189024f4186a7ff9d56f4a8cb690774412ec , < 526238d32c3acc3d597fd8c9a34652bfe9086cea (git) Affected: 4f75189024f4186a7ff9d56f4a8cb690774412ec , < d082757b8359201c3864323cea4b91ea30a1e676 (git) Affected: 4f75189024f4186a7ff9d56f4a8cb690774412ec , < 7d12e918f2994c883f41f22552a61b9310fa1e87 (git) Affected: 4f75189024f4186a7ff9d56f4a8cb690774412ec , < 8e1e00718d0d9dd83337300572561e30b9c0d115 (git) Affected: 4f75189024f4186a7ff9d56f4a8cb690774412ec , < c1115ddbda9c930fba0fdd062e7a8873ebaf898d (git)
Linux	Linux	Affected: 4.11 Unaffected: 0 , < 4.11 (semver) Unaffected: 5.4.278 , ≤ 5.4.* (semver) Unaffected: 5.10.219 , ≤ 5.10.* (semver) Unaffected: 5.15.161 , ≤ 5.15.* (semver) Unaffected: 6.1.94 , ≤ 6.1.* (semver) Unaffected: 6.6.34 , ≤ 6.6.* (semver) Unaffected: 6.9.5 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48772",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-10T16:35:41.584253Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T16:36:24.637Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:25:01.596Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8915dcd29a82096acacf54364a8425363782aea0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b479fd59a1f4a342b69fce34f222d93bf791dca4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/526238d32c3acc3d597fd8c9a34652bfe9086cea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d082757b8359201c3864323cea4b91ea30a1e676"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d12e918f2994c883f41f22552a61b9310fa1e87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8e1e00718d0d9dd83337300572561e30b9c0d115"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c1115ddbda9c930fba0fdd062e7a8873ebaf898d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-frontends/lgdt3306a.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8915dcd29a82096acacf54364a8425363782aea0",
              "status": "affected",
              "version": "4f75189024f4186a7ff9d56f4a8cb690774412ec",
              "versionType": "git"
            },
            {
              "lessThan": "b479fd59a1f4a342b69fce34f222d93bf791dca4",
              "status": "affected",
              "version": "4f75189024f4186a7ff9d56f4a8cb690774412ec",
              "versionType": "git"
            },
            {
              "lessThan": "526238d32c3acc3d597fd8c9a34652bfe9086cea",
              "status": "affected",
              "version": "4f75189024f4186a7ff9d56f4a8cb690774412ec",
              "versionType": "git"
            },
            {
              "lessThan": "d082757b8359201c3864323cea4b91ea30a1e676",
              "status": "affected",
              "version": "4f75189024f4186a7ff9d56f4a8cb690774412ec",
              "versionType": "git"
            },
            {
              "lessThan": "7d12e918f2994c883f41f22552a61b9310fa1e87",
              "status": "affected",
              "version": "4f75189024f4186a7ff9d56f4a8cb690774412ec",
              "versionType": "git"
            },
            {
              "lessThan": "8e1e00718d0d9dd83337300572561e30b9c0d115",
              "status": "affected",
              "version": "4f75189024f4186a7ff9d56f4a8cb690774412ec",
              "versionType": "git"
            },
            {
              "lessThan": "c1115ddbda9c930fba0fdd062e7a8873ebaf898d",
              "status": "affected",
              "version": "4f75189024f4186a7ff9d56f4a8cb690774412ec",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/dvb-frontends/lgdt3306a.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.94",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.34",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.5",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: lgdt3306a: Add a check against null-pointer-def\n\nThe driver should check whether the client provides the platform_data.\n\nThe following log reveals it:\n\n[   29.610324] BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40\n[   29.610730] Read of size 40 at addr 0000000000000000 by task bash/414\n[   29.612820] Call Trace:\n[   29.613030]  \u003cTASK\u003e\n[   29.613201]  dump_stack_lvl+0x56/0x6f\n[   29.613496]  ? kmemdup+0x30/0x40\n[   29.613754]  print_report.cold+0x494/0x6b7\n[   29.614082]  ? kmemdup+0x30/0x40\n[   29.614340]  kasan_report+0x8a/0x190\n[   29.614628]  ? kmemdup+0x30/0x40\n[   29.614888]  kasan_check_range+0x14d/0x1d0\n[   29.615213]  memcpy+0x20/0x60\n[   29.615454]  kmemdup+0x30/0x40\n[   29.615700]  lgdt3306a_probe+0x52/0x310\n[   29.616339]  i2c_device_probe+0x951/0xa90"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T18:46:38.238Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8915dcd29a82096acacf54364a8425363782aea0"
        },
        {
          "url": "https://git.kernel.org/stable/c/b479fd59a1f4a342b69fce34f222d93bf791dca4"
        },
        {
          "url": "https://git.kernel.org/stable/c/526238d32c3acc3d597fd8c9a34652bfe9086cea"
        },
        {
          "url": "https://git.kernel.org/stable/c/d082757b8359201c3864323cea4b91ea30a1e676"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d12e918f2994c883f41f22552a61b9310fa1e87"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e1e00718d0d9dd83337300572561e30b9c0d115"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1115ddbda9c930fba0fdd062e7a8873ebaf898d"
        }
      ],
      "title": "media: lgdt3306a: Add a check against null-pointer-def",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48772",
    "datePublished": "2024-06-25T14:22:34.892Z",
    "dateReserved": "2024-06-20T11:09:39.061Z",
    "dateUpdated": "2026-05-11T18:46:38.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-38417 (GCVE-0-2023-38417)

Vulnerability from cvelistv5 – Published: 2024-05-16 20:47 – Updated: 2024-08-02 17:39

Summary

Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Severity

4.3 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

denial of service
CWE-20 - Improper input validation

Assigner

intel

References

1 reference

URL	Tags
https://www.intel.com/content/www/us/en/security-…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) PROSet/Wireless WiFi software	Affected: before version 23.20

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-38417",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T16:45:23.815464Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:28:07.165Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T17:39:13.440Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) PROSet/Wireless WiFi software",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 23.20"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service",
              "lang": "en"
            },
            {
              "cweId": "CWE-20",
              "description": "Improper input validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-16T20:47:16.918Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2023-38417",
    "datePublished": "2024-05-16T20:47:16.918Z",
    "dateReserved": "2023-10-25T03:00:09.616Z",
    "dateUpdated": "2024-08-02T17:39:13.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-47210 (GCVE-0-2023-47210)

Vulnerability from cvelistv5 – Published: 2024-05-16 20:47 – Updated: 2024-08-02 21:01

Summary

Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Severity

4.7 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE

denial of service
CWE-20 - Improper input validation

Assigner

intel

References

1 reference

URL	Tags
https://www.intel.com/content/www/us/en/security-…

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) PROSet/Wireless WiFi software for linux	Affected: before version 23.20

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:intel:killer_wi-fi_6_ax1650:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "killer_wi-fi_6_ax1650",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "23.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:intel:wi-fi_6_ax200:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wi-fi_6_ax200",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "23.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:intel:wi-fi_6_ax201:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wi-fi_6_ax201",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "23.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:intel:wi-fi_7_be200:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wi-fi_7_be200",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "23.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:intel:wireless-ac_9260:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wireless-ac_9260",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "23.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:intel:wireless-ac_9560:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wireless-ac_9560",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "23.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:intel:wi-fi_7_be202:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wi-fi_7_be202",
            "vendor": "intel",
            "versions": [
              {
                "lessThan": "23.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-47210",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-22T15:28:43.567811Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-20",
                "description": "CWE-20 Improper Input Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T12:45:41.855Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T21:01:22.830Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Intel(R) PROSet/Wireless WiFi software for linux",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "before version 23.20"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "denial of service",
              "lang": "en"
            },
            {
              "cweId": "CWE-20",
              "description": "Improper input validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-16T20:47:15.546Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html",
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01039.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2023-47210",
    "datePublished": "2024-05-16T20:47:15.546Z",
    "dateReserved": "2023-11-03T03:00:20.843Z",
    "dateUpdated": "2024-08-02T21:01:22.830Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52622 (GCVE-0-2023-52622)

Vulnerability from cvelistv5 – Published: 2024-03-26 17:19 – Updated: 2026-05-11 19:30

Title

ext4: avoid online resizing failures due to oversized flex bg

Summary

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_size, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G the following WARN_ON is triggered: ================================================================== WARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550 Modules linked in: sg(E) CPU: 0 PID: 427 Comm: resize2fs Tainted: G E 6.6.0-rc5+ #314 RIP: 0010:__alloc_pages+0x411/0x550 Call Trace: <TASK> __kmalloc_large_node+0xa2/0x200 __kmalloc+0x16e/0x290 ext4_resize_fs+0x481/0xd80 __ext4_ioctl+0x1616/0x1d90 ext4_ioctl+0x12/0x20 __x64_sys_ioctl+0xf0/0x150 do_syscall_64+0x3b/0x90 ================================================================== This is because flexbg_size is too large and the size of the new_group_data array to be allocated exceeds MAX_ORDER. Currently, the minimum value of MAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding maximum number of groups that can be allocated is: (PAGE_SIZE << MAX_ORDER) / sizeof(struct ext4_new_group_data) ≈ 21845 And the value that is down-aligned to the power of 2 is 16384. Therefore, this value is defined as MAX_RESIZE_BG, and the number of groups added each time does not exceed this value during resizing, and is added multiple times to complete the online resizing. The difference is that the metadata in a flex_bg may be more dispersed.

Severity

No CVSS data available.

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/cd1f93ca97a913698…
https://git.kernel.org/stable/c/b183fe8702e78bba3…
https://git.kernel.org/stable/c/cfbbb3199e71b63fc…
https://git.kernel.org/stable/c/d76c8d7ffe163c6bf…
https://git.kernel.org/stable/c/6d2cbf517dcabc093…
https://git.kernel.org/stable/c/8b1413dbfe49646ed…
https://git.kernel.org/stable/c/dc3e0f55bec4410f3…
https://git.kernel.org/stable/c/5d1935ac02ca5aee3…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 28c7bac0091687e6116ebd6c179e154ae4053c90 , < cd1f93ca97a9136989f3bd2bf90696732a2ed644 (git) Affected: 28c7bac0091687e6116ebd6c179e154ae4053c90 , < b183fe8702e78bba3dcef8e7193cab6898abee07 (git) Affected: 28c7bac0091687e6116ebd6c179e154ae4053c90 , < cfbbb3199e71b63fc26cee0ebff327c47128a1e8 (git) Affected: 28c7bac0091687e6116ebd6c179e154ae4053c90 , < d76c8d7ffe163c6bf2f1ef680b0539c2b3902b90 (git) Affected: 28c7bac0091687e6116ebd6c179e154ae4053c90 , < 6d2cbf517dcabc093159cf138ad5712c9c7fa954 (git) Affected: 28c7bac0091687e6116ebd6c179e154ae4053c90 , < 8b1413dbfe49646eda2c00c0f1144ee9d3368e0c (git) Affected: 28c7bac0091687e6116ebd6c179e154ae4053c90 , < dc3e0f55bec4410f3d74352c4a7c79f518088ee2 (git) Affected: 28c7bac0091687e6116ebd6c179e154ae4053c90 , < 5d1935ac02ca5aee364a449a35e2977ea84509b0 (git)
Linux	Linux	Affected: 3.3 Unaffected: 0 , < 3.3 (semver) Unaffected: 4.19.307 , ≤ 4.19.* (semver) Unaffected: 5.4.269 , ≤ 5.4.* (semver) Unaffected: 5.10.210 , ≤ 5.10.* (semver) Unaffected: 5.15.149 , ≤ 5.15.* (semver) Unaffected: 6.1.77 , ≤ 6.1.* (semver) Unaffected: 6.6.16 , ≤ 6.6.* (semver) Unaffected: 6.7.4 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52622",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-09T19:32:18.763669Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-09T19:32:30.135Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd1f93ca97a9136989f3bd2bf90696732a2ed644"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b183fe8702e78bba3dcef8e7193cab6898abee07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cfbbb3199e71b63fc26cee0ebff327c47128a1e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d76c8d7ffe163c6bf2f1ef680b0539c2b3902b90"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d2cbf517dcabc093159cf138ad5712c9c7fa954"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b1413dbfe49646eda2c00c0f1144ee9d3368e0c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dc3e0f55bec4410f3d74352c4a7c79f518088ee2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5d1935ac02ca5aee364a449a35e2977ea84509b0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/resize.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cd1f93ca97a9136989f3bd2bf90696732a2ed644",
              "status": "affected",
              "version": "28c7bac0091687e6116ebd6c179e154ae4053c90",
              "versionType": "git"
            },
            {
              "lessThan": "b183fe8702e78bba3dcef8e7193cab6898abee07",
              "status": "affected",
              "version": "28c7bac0091687e6116ebd6c179e154ae4053c90",
              "versionType": "git"
            },
            {
              "lessThan": "cfbbb3199e71b63fc26cee0ebff327c47128a1e8",
              "status": "affected",
              "version": "28c7bac0091687e6116ebd6c179e154ae4053c90",
              "versionType": "git"
            },
            {
              "lessThan": "d76c8d7ffe163c6bf2f1ef680b0539c2b3902b90",
              "status": "affected",
              "version": "28c7bac0091687e6116ebd6c179e154ae4053c90",
              "versionType": "git"
            },
            {
              "lessThan": "6d2cbf517dcabc093159cf138ad5712c9c7fa954",
              "status": "affected",
              "version": "28c7bac0091687e6116ebd6c179e154ae4053c90",
              "versionType": "git"
            },
            {
              "lessThan": "8b1413dbfe49646eda2c00c0f1144ee9d3368e0c",
              "status": "affected",
              "version": "28c7bac0091687e6116ebd6c179e154ae4053c90",
              "versionType": "git"
            },
            {
              "lessThan": "dc3e0f55bec4410f3d74352c4a7c79f518088ee2",
              "status": "affected",
              "version": "28c7bac0091687e6116ebd6c179e154ae4053c90",
              "versionType": "git"
            },
            {
              "lessThan": "5d1935ac02ca5aee364a449a35e2977ea84509b0",
              "status": "affected",
              "version": "28c7bac0091687e6116ebd6c179e154ae4053c90",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ext4/resize.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.3"
            },
            {
              "lessThan": "3.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.307",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.269",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.77",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.307",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.269",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.77",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.16",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.4",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: avoid online resizing failures due to oversized flex bg\n\nWhen we online resize an ext4 filesystem with a oversized flexbg_size,\n\n     mkfs.ext4 -F -G 67108864 $dev -b 4096 100M\n     mount $dev $dir\n     resize2fs $dev 16G\n\nthe following WARN_ON is triggered:\n==================================================================\nWARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550\nModules linked in: sg(E)\nCPU: 0 PID: 427 Comm: resize2fs Tainted: G  E  6.6.0-rc5+ #314\nRIP: 0010:__alloc_pages+0x411/0x550\nCall Trace:\n \u003cTASK\u003e\n __kmalloc_large_node+0xa2/0x200\n __kmalloc+0x16e/0x290\n ext4_resize_fs+0x481/0xd80\n __ext4_ioctl+0x1616/0x1d90\n ext4_ioctl+0x12/0x20\n __x64_sys_ioctl+0xf0/0x150\n do_syscall_64+0x3b/0x90\n==================================================================\n\nThis is because flexbg_size is too large and the size of the new_group_data\narray to be allocated exceeds MAX_ORDER. Currently, the minimum value of\nMAX_ORDER is 8, the minimum value of PAGE_SIZE is 4096, the corresponding\nmaximum number of groups that can be allocated is:\n\n (PAGE_SIZE \u003c\u003c MAX_ORDER) / sizeof(struct ext4_new_group_data) \u2248 21845\n\nAnd the value that is down-aligned to the power of 2 is 16384. Therefore,\nthis value is defined as MAX_RESIZE_BG, and the number of groups added\neach time does not exceed this value during resizing, and is added multiple\ntimes to complete the online resizing. The difference is that the metadata\nin a flex_bg may be more dispersed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:30:32.665Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cd1f93ca97a9136989f3bd2bf90696732a2ed644"
        },
        {
          "url": "https://git.kernel.org/stable/c/b183fe8702e78bba3dcef8e7193cab6898abee07"
        },
        {
          "url": "https://git.kernel.org/stable/c/cfbbb3199e71b63fc26cee0ebff327c47128a1e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/d76c8d7ffe163c6bf2f1ef680b0539c2b3902b90"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d2cbf517dcabc093159cf138ad5712c9c7fa954"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b1413dbfe49646eda2c00c0f1144ee9d3368e0c"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc3e0f55bec4410f3d74352c4a7c79f518088ee2"
        },
        {
          "url": "https://git.kernel.org/stable/c/5d1935ac02ca5aee364a449a35e2977ea84509b0"
        }
      ],
      "title": "ext4: avoid online resizing failures due to oversized flex bg",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52622",
    "datePublished": "2024-03-26T17:19:23.838Z",
    "dateReserved": "2024-03-06T09:52:12.090Z",
    "dateUpdated": "2026-05-11T19:30:32.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52656 (GCVE-0-2023-52656)

Vulnerability from cvelistv5 – Published: 2024-05-13 13:12 – Updated: 2026-05-11 19:31

Title

io_uring: drop any code related to SCM_RIGHTS

Summary

In the Linux kernel, the following vulnerability has been resolved: io_uring: drop any code related to SCM_RIGHTS This is dead code after we dropped support for passing io_uring fds over SCM_RIGHTS, get rid of it.

Severity

No CVSS data available.

Assigner

Linux

References

7 references

URL	Tags
https://git.kernel.org/stable/c/cfb24022bb2c31f1f…
https://git.kernel.org/stable/c/a6771f343af90a25f…
https://git.kernel.org/stable/c/d909d381c31523934…
https://git.kernel.org/stable/c/a3812a47a32022ca7…
https://git.kernel.org/stable/c/6fc19b3d8a45ff0e5…
https://git.kernel.org/stable/c/88c49d9c896143cdc…
https://git.kernel.org/stable/c/6e5e6d274956305f1…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < cfb24022bb2c31f1f555dc6bc3cc5e2547446fb3 (git) Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < a6771f343af90a25f3a14911634562bb5621df02 (git) Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < d909d381c3152393421403be4b6435f17a2378b4 (git) Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < a3812a47a32022ca76bf46ddacdd823dc2aabf8b (git) Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < 6fc19b3d8a45ff0e5d50ec8184cee1d5eac1a8ba (git) Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < 88c49d9c896143cdc0f77197c4dcf24140375e89 (git) Affected: 2b188cc1bb857a9d4701ae59aa7768b5124e262e , < 6e5e6d274956305f1fc0340522b38f5f5be74bdb (git)
Linux	Linux	Affected: 5.1 Unaffected: 0 , < 5.1 (semver) Unaffected: 5.4.273 , ≤ 5.4.* (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:03:21.313Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cfb24022bb2c31f1f555dc6bc3cc5e2547446fb3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a6771f343af90a25f3a14911634562bb5621df02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d909d381c3152393421403be4b6435f17a2378b4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a3812a47a32022ca76bf46ddacdd823dc2aabf8b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/88c49d9c896143cdc0f77197c4dcf24140375e89"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e5e6d274956305f1fc0340522b38f5f5be74bdb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52656",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:43:19.379716Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:26.050Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/io_uring_types.h",
            "io_uring/filetable.c",
            "io_uring/io_uring.c",
            "io_uring/rsrc.c",
            "io_uring/rsrc.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cfb24022bb2c31f1f555dc6bc3cc5e2547446fb3",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "a6771f343af90a25f3a14911634562bb5621df02",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "d909d381c3152393421403be4b6435f17a2378b4",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "a3812a47a32022ca76bf46ddacdd823dc2aabf8b",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "6fc19b3d8a45ff0e5d50ec8184cee1d5eac1a8ba",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "88c49d9c896143cdc0f77197c4dcf24140375e89",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            },
            {
              "lessThan": "6e5e6d274956305f1fc0340522b38f5f5be74bdb",
              "status": "affected",
              "version": "2b188cc1bb857a9d4701ae59aa7768b5124e262e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/io_uring_types.h",
            "io_uring/filetable.c",
            "io_uring/io_uring.c",
            "io_uring/rsrc.c",
            "io_uring/rsrc.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.273",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.214",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.153",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.273",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.214",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.153",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.83",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.23",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.11",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring: drop any code related to SCM_RIGHTS\n\nThis is dead code after we dropped support for passing io_uring fds\nover SCM_RIGHTS, get rid of it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:31:10.338Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cfb24022bb2c31f1f555dc6bc3cc5e2547446fb3"
        },
        {
          "url": "https://git.kernel.org/stable/c/a6771f343af90a25f3a14911634562bb5621df02"
        },
        {
          "url": "https://git.kernel.org/stable/c/d909d381c3152393421403be4b6435f17a2378b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/a3812a47a32022ca76bf46ddacdd823dc2aabf8b"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fc19b3d8a45ff0e5d50ec8184cee1d5eac1a8ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/88c49d9c896143cdc0f77197c4dcf24140375e89"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e5e6d274956305f1fc0340522b38f5f5be74bdb"
        }
      ],
      "title": "io_uring: drop any code related to SCM_RIGHTS",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52656",
    "datePublished": "2024-05-13T13:12:35.333Z",
    "dateReserved": "2024-03-06T09:52:12.099Z",
    "dateUpdated": "2026-05-11T19:31:10.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52672 (GCVE-0-2023-52672)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:02 – Updated: 2026-05-11 19:31

Title

pipe: wakeup wr_wait after setting max_usage

Summary

In the Linux kernel, the following vulnerability has been resolved: pipe: wakeup wr_wait after setting max_usage Commit c73be61cede5 ("pipe: Add general notification queue support") a regression was introduced that would lock up resized pipes under certain conditions. See the reproducer in [1]. The commit resizing the pipe ring size was moved to a different function, doing that moved the wakeup for pipe->wr_wait before actually raising pipe->max_usage. If a pipe was full before the resize occured it would result in the wakeup never actually triggering pipe_write. Set @max_usage and @nr_accounted before waking writers if this isn't a watch queue. [Christian Brauner <brauner@kernel.org>: rewrite to account for watch queues]

Severity

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

Linux

References

6 references

URL	Tags
https://git.kernel.org/stable/c/162ae0e78bdabf84e…
https://git.kernel.org/stable/c/3efbd114b91525bb0…
https://git.kernel.org/stable/c/b87a1229d8668fbc7…
https://git.kernel.org/stable/c/68e51bdb1194f11d3…
https://git.kernel.org/stable/c/6fb70694f8d1ac34e…
https://git.kernel.org/stable/c/e95aada4cb93d42e2…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: c73be61cede5882f9605a852414db559c0ebedfd , < 162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8 (git) Affected: c73be61cede5882f9605a852414db559c0ebedfd , < 3efbd114b91525bb095b8ae046382197d92126b9 (git) Affected: c73be61cede5882f9605a852414db559c0ebedfd , < b87a1229d8668fbc78ebd9ca0fc797a76001c60f (git) Affected: c73be61cede5882f9605a852414db559c0ebedfd , < 68e51bdb1194f11d3452525b99c98aff6f837b24 (git) Affected: c73be61cede5882f9605a852414db559c0ebedfd , < 6fb70694f8d1ac34e45246b0ac988f025e1e5b55 (git) Affected: c73be61cede5882f9605a852414db559c0ebedfd , < e95aada4cb93d42e25c30a0ef9eb2923d9711d4a (git)
Linux	Linux	Affected: 5.8 Unaffected: 0 , < 5.8 (semver) Unaffected: 5.10.210 , ≤ 5.10.* (semver) Unaffected: 5.15.149 , ≤ 5.15.* (semver) Unaffected: 6.1.76 , ≤ 6.1.* (semver) Unaffected: 6.6.15 , ≤ 6.6.* (semver) Unaffected: 6.7.3 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "162ae0e78bda",
                "status": "affected",
                "version": "c73be61cede5",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "3efbd114b915",
                "status": "affected",
                "version": "c73be61cede5",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "b87a1229d866",
                "status": "affected",
                "version": "c73be61cede5",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "68e51bdb1194",
                "status": "affected",
                "version": "c73be61cede5",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6fb70694f8d1",
                "status": "affected",
                "version": "c73be61cede5",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "e95aada4cb93",
                "status": "affected",
                "version": "c73be61cede5",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "5.8"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.8",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.11",
                "status": "unaffected",
                "version": "5.10.210",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.16",
                "status": "unaffected",
                "version": "5.15.149",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.2",
                "status": "unaffected",
                "version": "6.1.76",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.7",
                "status": "unaffected",
                "version": "6.6.15",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.8",
                "status": "unaffected",
                "version": "6.7.3",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.8"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52672",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-18T16:59:59.118362Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-18T18:06:58.324Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:35.017Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3efbd114b91525bb095b8ae046382197d92126b9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b87a1229d8668fbc78ebd9ca0fc797a76001c60f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68e51bdb1194f11d3452525b99c98aff6f837b24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6fb70694f8d1ac34e45246b0ac988f025e1e5b55"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e95aada4cb93d42e25c30a0ef9eb2923d9711d4a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/pipe.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8",
              "status": "affected",
              "version": "c73be61cede5882f9605a852414db559c0ebedfd",
              "versionType": "git"
            },
            {
              "lessThan": "3efbd114b91525bb095b8ae046382197d92126b9",
              "status": "affected",
              "version": "c73be61cede5882f9605a852414db559c0ebedfd",
              "versionType": "git"
            },
            {
              "lessThan": "b87a1229d8668fbc78ebd9ca0fc797a76001c60f",
              "status": "affected",
              "version": "c73be61cede5882f9605a852414db559c0ebedfd",
              "versionType": "git"
            },
            {
              "lessThan": "68e51bdb1194f11d3452525b99c98aff6f837b24",
              "status": "affected",
              "version": "c73be61cede5882f9605a852414db559c0ebedfd",
              "versionType": "git"
            },
            {
              "lessThan": "6fb70694f8d1ac34e45246b0ac988f025e1e5b55",
              "status": "affected",
              "version": "c73be61cede5882f9605a852414db559c0ebedfd",
              "versionType": "git"
            },
            {
              "lessThan": "e95aada4cb93d42e25c30a0ef9eb2923d9711d4a",
              "status": "affected",
              "version": "c73be61cede5882f9605a852414db559c0ebedfd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/pipe.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.210",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.149",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.210",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.149",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.76",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.15",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.3",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npipe: wakeup wr_wait after setting max_usage\n\nCommit c73be61cede5 (\"pipe: Add general notification queue support\") a\nregression was introduced that would lock up resized pipes under certain\nconditions. See the reproducer in [1].\n\nThe commit resizing the pipe ring size was moved to a different\nfunction, doing that moved the wakeup for pipe-\u003ewr_wait before actually\nraising pipe-\u003emax_usage. If a pipe was full before the resize occured it\nwould result in the wakeup never actually triggering pipe_write.\n\nSet @max_usage and @nr_accounted before waking writers if this isn\u0027t a\nwatch queue.\n\n[Christian Brauner \u003cbrauner@kernel.org\u003e: rewrite to account for watch queues]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:31:26.508Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/162ae0e78bdabf84ef10c1293c4ed7865cb7d3c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/3efbd114b91525bb095b8ae046382197d92126b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/b87a1229d8668fbc78ebd9ca0fc797a76001c60f"
        },
        {
          "url": "https://git.kernel.org/stable/c/68e51bdb1194f11d3452525b99c98aff6f837b24"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fb70694f8d1ac34e45246b0ac988f025e1e5b55"
        },
        {
          "url": "https://git.kernel.org/stable/c/e95aada4cb93d42e25c30a0ef9eb2923d9711d4a"
        }
      ],
      "title": "pipe: wakeup wr_wait after setting max_usage",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52672",
    "datePublished": "2024-05-17T14:02:10.308Z",
    "dateReserved": "2024-03-07T14:49:46.886Z",
    "dateUpdated": "2026-05-11T19:31:26.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52699 (GCVE-0-2023-52699)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2026-05-11 19:31

Title

sysv: don't call sb_bread() with pointers_lock held

Summary

In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sb_bread() with pointers_lock held syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made this problem easier to hit). Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock).

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

8 references

URL	Tags
https://git.kernel.org/stable/c/13b33feb2ebddc2b1…
https://git.kernel.org/stable/c/1b4fe801b5bedec2b…
https://git.kernel.org/stable/c/674c1c4229e743070…
https://git.kernel.org/stable/c/fd203d2c671bdee9a…
https://git.kernel.org/stable/c/53cb1e52c9db618c0…
https://git.kernel.org/stable/c/89e8524135a3902e7…
https://git.kernel.org/stable/c/a69224223746ab96d…
https://git.kernel.org/stable/c/f123dc86388cb669c…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 13b33feb2ebddc2b1aa607f553566b18a4af1d76 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 674c1c4229e743070e09db63a23442950ff000d1 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fd203d2c671bdee9ab77090ff394d3b71b627927 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 53cb1e52c9db618c08335984d1ca80db220ccf09 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 89e8524135a3902e7563a5a59b7b5ec1bf4904ac (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a69224223746ab96d43e5db9d22d136827b7e2d3 (git) Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f123dc86388cb669c3d6322702dc441abc35c31e (git)
Linux	Linux	Affected: 2.6.12 Unaffected: 0 , < 2.6.12 (semver) Unaffected: 4.19.312 , ≤ 4.19.* (semver) Unaffected: 5.4.274 , ≤ 5.4.* (semver) Unaffected: 5.10.215 , ≤ 5.10.* (semver) Unaffected: 5.15.155 , ≤ 5.15.* (semver) Unaffected: 6.1.86 , ≤ 6.1.* (semver) Unaffected: 6.6.27 , ≤ 6.6.* (semver) Unaffected: 6.8.6 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52699",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T15:05:59.108260Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T17:06:03.220Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:35.577Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/674c1c4229e743070e09db63a23442950ff000d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fd203d2c671bdee9ab77090ff394d3b71b627927"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/53cb1e52c9db618c08335984d1ca80db220ccf09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/89e8524135a3902e7563a5a59b7b5ec1bf4904ac"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a69224223746ab96d43e5db9d22d136827b7e2d3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f123dc86388cb669c3d6322702dc441abc35c31e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/sysv/itree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "13b33feb2ebddc2b1aa607f553566b18a4af1d76",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "674c1c4229e743070e09db63a23442950ff000d1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fd203d2c671bdee9ab77090ff394d3b71b627927",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "53cb1e52c9db618c08335984d1ca80db220ccf09",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "89e8524135a3902e7563a5a59b7b5ec1bf4904ac",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a69224223746ab96d43e5db9d22d136827b7e2d3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f123dc86388cb669c3d6322702dc441abc35c31e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/sysv/itree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysv: don\u0027t call sb_bread() with pointers_lock held\n\nsyzbot is reporting sleep in atomic context in SysV filesystem [1], for\nsb_bread() is called with rw_spinlock held.\n\nA \"write_lock(\u0026pointers_lock) =\u003e read_lock(\u0026pointers_lock) deadlock\" bug\nand a \"sb_bread() with write_lock(\u0026pointers_lock)\" bug were introduced by\n\"Replace BKL for chain locking with sysvfs-private rwlock\" in Linux 2.5.12.\n\nThen, \"[PATCH] err1-40: sysvfs locking fix\" in Linux 2.6.8 fixed the\nformer bug by moving pointers_lock lock to the callers, but instead\nintroduced a \"sb_bread() with read_lock(\u0026pointers_lock)\" bug (which made\nthis problem easier to hit).\n\nAl Viro suggested that why not to do like get_branch()/get_block()/\nfind_shared() in Minix filesystem does. And doing like that is almost a\nrevert of \"[PATCH] err1-40: sysvfs locking fix\" except that get_branch()\n from with find_shared() is called without write_lock(\u0026pointers_lock)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:31:56.467Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f"
        },
        {
          "url": "https://git.kernel.org/stable/c/674c1c4229e743070e09db63a23442950ff000d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd203d2c671bdee9ab77090ff394d3b71b627927"
        },
        {
          "url": "https://git.kernel.org/stable/c/53cb1e52c9db618c08335984d1ca80db220ccf09"
        },
        {
          "url": "https://git.kernel.org/stable/c/89e8524135a3902e7563a5a59b7b5ec1bf4904ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/a69224223746ab96d43e5db9d22d136827b7e2d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/f123dc86388cb669c3d6322702dc441abc35c31e"
        }
      ],
      "title": "sysv: don\u0027t call sb_bread() with pointers_lock held",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52699",
    "datePublished": "2024-05-19T10:10:30.381Z",
    "dateReserved": "2024-03-07T14:49:46.890Z",
    "dateUpdated": "2026-05-11T19:31:56.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52735 (GCVE-0-2023-52735)

Vulnerability from cvelistv5 – Published: 2024-05-21 15:22 – Updated: 2026-05-23 15:26

Title

bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a stack overflow in favor of a resource leak. [1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Assigner

Linux

References

3 references

URL	Tags
https://git.kernel.org/stable/c/f312367f5246e04df…
https://git.kernel.org/stable/c/7499859881488da97…
https://git.kernel.org/stable/c/5b4a79ba65a1ab479…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: c5cc0d23c5414d23438c5024890e367cc5a0e645 , < f312367f5246e04df564d341044286e9e37a97ba (git) Affected: c5d2177a72a1659554922728fc407f59950aa929 , < 7499859881488da97589f3c79cc66fa75748ad49 (git) Affected: c5d2177a72a1659554922728fc407f59950aa929 , < 5b4a79ba65a1ab479903fff2e604865d229b70a9 (git) Affected: 0580e47c8895a4d61ee095f086cba1ded7ca5e7f (git) Affected: 5.15.3 , < 5.15.95 (semver) Affected: 5.14.19 , < 5.15 (semver)
Linux	Linux	Affected: 5.16 Unaffected: 0 , < 5.16 (semver) Unaffected: 5.15.95 , ≤ 5.15.* (semver) Unaffected: 6.1.13 , ≤ 6.1.* (semver) Unaffected: 6.2 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "1da177e4c3f4"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "5.15.95"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.1.13"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52735",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T20:47:22.743454Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-120",
                "description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T13:34:33.705Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:35.223Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f312367f5246e04df564d341044286e9e37a97ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7499859881488da97589f3c79cc66fa75748ad49"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5b4a79ba65a1ab479903fff2e604865d229b70a9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/sock_map.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f312367f5246e04df564d341044286e9e37a97ba",
              "status": "affected",
              "version": "c5cc0d23c5414d23438c5024890e367cc5a0e645",
              "versionType": "git"
            },
            {
              "lessThan": "7499859881488da97589f3c79cc66fa75748ad49",
              "status": "affected",
              "version": "c5d2177a72a1659554922728fc407f59950aa929",
              "versionType": "git"
            },
            {
              "lessThan": "5b4a79ba65a1ab479903fff2e604865d229b70a9",
              "status": "affected",
              "version": "c5d2177a72a1659554922728fc407f59950aa929",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "0580e47c8895a4d61ee095f086cba1ded7ca5e7f",
              "versionType": "git"
            },
            {
              "lessThan": "5.15.95",
              "status": "affected",
              "version": "5.15.3",
              "versionType": "semver"
            },
            {
              "lessThan": "5.15",
              "status": "affected",
              "version": "5.14.19",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/sock_map.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.2",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.95",
                  "versionStartIncluding": "5.15.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.13",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.2",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.14.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, sockmap: Don\u0027t let sock_map_{close,destroy,unhash} call itself\n\nsock_map proto callbacks should never call themselves by design. Protect\nagainst bugs like [1] and break out of the recursive loop to avoid a stack\noverflow in favor of a resource leak.\n\n[1] https://lore.kernel.org/all/00000000000073b14905ef2e7401@google.com/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-23T15:26:46.476Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f312367f5246e04df564d341044286e9e37a97ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/7499859881488da97589f3c79cc66fa75748ad49"
        },
        {
          "url": "https://git.kernel.org/stable/c/5b4a79ba65a1ab479903fff2e604865d229b70a9"
        }
      ],
      "title": "bpf, sockmap: Don\u0027t let sock_map_{close,destroy,unhash} call itself",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52735",
    "datePublished": "2024-05-21T15:22:59.893Z",
    "dateReserved": "2024-05-21T15:19:24.232Z",
    "dateUpdated": "2026-05-23T15:26:46.476Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52749 (GCVE-0-2023-52749)

Vulnerability from cvelistv5 – Published: 2024-05-21 15:30 – Updated: 2026-05-11 19:32

Title

spi: Fix null dereference on suspend

Summary

In the Linux kernel, the following vulnerability has been resolved: spi: Fix null dereference on suspend A race condition exists where a synchronous (noqueue) transfer can be active during a system suspend. This can cause a null pointer dereference exception to occur when the system resumes. Example order of events leading to the exception: 1. spi_sync() calls __spi_transfer_message_noqueue() which sets ctlr->cur_msg 2. Spi transfer begins via spi_transfer_one_message() 3. System is suspended interrupting the transfer context 4. System is resumed 6. spi_controller_resume() calls spi_start_queue() which resets cur_msg to NULL 7. Spi transfer context resumes and spi_finalize_current_message() is called which dereferences cur_msg (which is now NULL) Wait for synchronous transfers to complete before suspending by acquiring the bus mutex and setting/checking a suspend flag.

Severity

No CVSS data available.

Assigner

Linux

References

3 references

URL	Tags
https://git.kernel.org/stable/c/4ec4508db97502a12…
https://git.kernel.org/stable/c/96474ea47dc67b070…
https://git.kernel.org/stable/c/bef4a48f4ef798c4f…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: ae7d2346dc89ae89a6e0aabe6037591a11e593c0 , < 4ec4508db97502a12daee88c74782e8d35ced068 (git) Affected: ae7d2346dc89ae89a6e0aabe6037591a11e593c0 , < 96474ea47dc67b0704392d59192b233c8197db0e (git) Affected: ae7d2346dc89ae89a6e0aabe6037591a11e593c0 , < bef4a48f4ef798c4feddf045d49e53c8a97d5e37 (git)
Linux	Linux	Affected: 6.0 Unaffected: 0 , < 6.0 (semver) Unaffected: 6.1.66 , ≤ 6.1.* (semver) Unaffected: 6.6.3 , ≤ 6.6.* (semver) Unaffected: 6.7 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52749",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:36:59.089454Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:37:26.791Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:35.612Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/spi/spi.c",
            "include/linux/spi/spi.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4ec4508db97502a12daee88c74782e8d35ced068",
              "status": "affected",
              "version": "ae7d2346dc89ae89a6e0aabe6037591a11e593c0",
              "versionType": "git"
            },
            {
              "lessThan": "96474ea47dc67b0704392d59192b233c8197db0e",
              "status": "affected",
              "version": "ae7d2346dc89ae89a6e0aabe6037591a11e593c0",
              "versionType": "git"
            },
            {
              "lessThan": "bef4a48f4ef798c4feddf045d49e53c8a97d5e37",
              "status": "affected",
              "version": "ae7d2346dc89ae89a6e0aabe6037591a11e593c0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/spi/spi.c",
            "include/linux/spi/spi.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.66",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.66",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.3",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix null dereference on suspend\n\nA race condition exists where a synchronous (noqueue) transfer can be\nactive during a system suspend. This can cause a null pointer\ndereference exception to occur when the system resumes.\n\nExample order of events leading to the exception:\n1. spi_sync() calls __spi_transfer_message_noqueue() which sets\n   ctlr-\u003ecur_msg\n2. Spi transfer begins via spi_transfer_one_message()\n3. System is suspended interrupting the transfer context\n4. System is resumed\n6. spi_controller_resume() calls spi_start_queue() which resets cur_msg\n   to NULL\n7. Spi transfer context resumes and spi_finalize_current_message() is\n   called which dereferences cur_msg (which is now NULL)\n\nWait for synchronous transfers to complete before suspending by\nacquiring the bus mutex and setting/checking a suspend flag."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T19:32:27.438Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4ec4508db97502a12daee88c74782e8d35ced068"
        },
        {
          "url": "https://git.kernel.org/stable/c/96474ea47dc67b0704392d59192b233c8197db0e"
        },
        {
          "url": "https://git.kernel.org/stable/c/bef4a48f4ef798c4feddf045d49e53c8a97d5e37"
        }
      ],
      "title": "spi: Fix null dereference on suspend",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52749",
    "datePublished": "2024-05-21T15:30:38.904Z",
    "dateReserved": "2024-05-21T15:19:24.234Z",
    "dateUpdated": "2026-05-11T19:32:27.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2024-AVI-0632

Solutions

CVE-2021-47432 (GCVE-0-2021-47432)

CVE-2022-48772 (GCVE-0-2022-48772)

CVE-2023-38417 (GCVE-0-2023-38417)

CVE-2023-47210 (GCVE-0-2023-47210)

CVE-2023-52622 (GCVE-0-2023-52622)

CVE-2023-52656 (GCVE-0-2023-52656)

CVE-2023-52672 (GCVE-0-2023-52672)

CVE-2023-52699 (GCVE-0-2023-52699)

CVE-2023-52735 (GCVE-0-2023-52735)

CVE-2023-52749 (GCVE-0-2023-52749)

Tags

Sightings

Nomenclature