Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0718
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | N/A | Red Hat Enterprise Linux Server - AUS 8.6 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux Server - TUS 8.6 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64 | ||
| Red Hat | N/A | Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux Server - AUS 8.6 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 8.6 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-36904",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36904"
},
{
"name": "CVE-2022-48799",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48799"
},
{
"name": "CVE-2023-52864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2021-47468",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47468"
},
{
"name": "CVE-2024-36941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36941"
},
{
"name": "CVE-2024-38570",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38570"
},
{
"name": "CVE-2023-52434",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52434"
},
{
"name": "CVE-2024-36016",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36016"
},
{
"name": "CVE-2023-52610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52610"
},
{
"name": "CVE-2021-47069",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47069"
},
{
"name": "CVE-2022-48793",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48793"
},
{
"name": "CVE-2021-47356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47356"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0718",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Red Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": "2024-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:5692",
"url": "https://access.redhat.com/errata/RHSA-2024:5692"
},
{
"published_at": "2024-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:5673",
"url": "https://access.redhat.com/errata/RHSA-2024:5673"
},
{
"published_at": "2024-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2024:5672",
"url": "https://access.redhat.com/errata/RHSA-2024:5672"
}
]
}
CVE-2021-47069 (GCVE-0-2021-47069)
Vulnerability from cvelistv5 – Published: 2024-03-01 21:15 – Updated: 2026-05-11 13:47
VLAI
EPSS
Title
ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry
Summary
In the Linux kernel, the following vulnerability has been resolved:
ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry
do_mq_timedreceive calls wq_sleep with a stack local address. The
sender (do_mq_timedsend) uses this address to later call pipelined_send.
This leads to a very hard to trigger race where a do_mq_timedreceive
call might return and leave do_mq_timedsend to rely on an invalid
address, causing the following crash:
RIP: 0010:wake_q_add_safe+0x13/0x60
Call Trace:
__x64_sys_mq_timedsend+0x2a9/0x490
do_syscall_64+0x80/0x680
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f5928e40343
The race occurs as:
1. do_mq_timedreceive calls wq_sleep with the address of `struct
ext_wait_queue` on function stack (aliased as `ewq_addr` here) - it
holds a valid `struct ext_wait_queue *` as long as the stack has not
been overwritten.
2. `ewq_addr` gets added to info->e_wait_q[RECV].list in wq_add, and
do_mq_timedsend receives it via wq_get_first_waiter(info, RECV) to call
__pipelined_op.
3. Sender calls __pipelined_op::smp_store_release(&this->state,
STATE_READY). Here is where the race window begins. (`this` is
`ewq_addr`.)
4. If the receiver wakes up now in do_mq_timedreceive::wq_sleep, it
will see `state == STATE_READY` and break.
5. do_mq_timedreceive returns, and `ewq_addr` is no longer guaranteed
to be a `struct ext_wait_queue *` since it was on do_mq_timedreceive's
stack. (Although the address may not get overwritten until another
function happens to touch it, which means it can persist around for an
indefinite time.)
6. do_mq_timedsend::__pipelined_op() still believes `ewq_addr` is a
`struct ext_wait_queue *`, and uses it to find a task_struct to pass to
the wake_q_add_safe call. In the lucky case where nothing has
overwritten `ewq_addr` yet, `ewq_addr->task` is the right task_struct.
In the unlucky case, __pipelined_op::wake_q_add_safe gets handed a
bogus address as the receiver's task_struct causing the crash.
do_mq_timedsend::__pipelined_op() should not dereference `this` after
setting STATE_READY, as the receiver counterpart is now free to return.
Change __pipelined_op to call wake_q_add_safe on the receiver's
task_struct returned by get_task_struct, instead of dereferencing `this`
which sits on the receiver's stack.
As Manfred pointed out, the race potentially also exists in
ipc/msg.c::expunge_all and ipc/sem.c::wake_up_sem_queue_prepare. Fix
those in the same way.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04 , < 4528c0c323085e645b8765913b4a7fd42cf49b65
(git)
Affected: c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04 , < 807fa14536b26803b858da878b643be72952a097 (git) Affected: c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04 , < a11ddb37bf367e6b5239b95ca759e5389bb46048 (git) |
|
| Linux | Linux |
Affected:
5.6
Unaffected: 0 , < 5.6 (semver) Unaffected: 5.10.40 , ≤ 5.10.* (semver) Unaffected: 5.12.7 , ≤ 5.12.* (semver) Unaffected: 5.13 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:15:09.996738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:15:20.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:24:39.653Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4528c0c323085e645b8765913b4a7fd42cf49b65"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/807fa14536b26803b858da878b643be72952a097"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a11ddb37bf367e6b5239b95ca759e5389bb46048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"ipc/mqueue.c",
"ipc/msg.c",
"ipc/sem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "4528c0c323085e645b8765913b4a7fd42cf49b65",
"status": "affected",
"version": "c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04",
"versionType": "git"
},
{
"lessThan": "807fa14536b26803b858da878b643be72952a097",
"status": "affected",
"version": "c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04",
"versionType": "git"
},
{
"lessThan": "a11ddb37bf367e6b5239b95ca759e5389bb46048",
"status": "affected",
"version": "c5b2cbdbdac563f46ecd5e187253ab1abbd6fc04",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"ipc/mqueue.c",
"ipc/msg.c",
"ipc/sem.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.6"
},
{
"lessThan": "5.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.40",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.13",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.40",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.7",
"versionStartIncluding": "5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13",
"versionStartIncluding": "5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry\n\ndo_mq_timedreceive calls wq_sleep with a stack local address. The\nsender (do_mq_timedsend) uses this address to later call pipelined_send.\n\nThis leads to a very hard to trigger race where a do_mq_timedreceive\ncall might return and leave do_mq_timedsend to rely on an invalid\naddress, causing the following crash:\n\n RIP: 0010:wake_q_add_safe+0x13/0x60\n Call Trace:\n __x64_sys_mq_timedsend+0x2a9/0x490\n do_syscall_64+0x80/0x680\n entry_SYSCALL_64_after_hwframe+0x44/0xa9\n RIP: 0033:0x7f5928e40343\n\nThe race occurs as:\n\n1. do_mq_timedreceive calls wq_sleep with the address of `struct\n ext_wait_queue` on function stack (aliased as `ewq_addr` here) - it\n holds a valid `struct ext_wait_queue *` as long as the stack has not\n been overwritten.\n\n2. `ewq_addr` gets added to info-\u003ee_wait_q[RECV].list in wq_add, and\n do_mq_timedsend receives it via wq_get_first_waiter(info, RECV) to call\n __pipelined_op.\n\n3. Sender calls __pipelined_op::smp_store_release(\u0026this-\u003estate,\n STATE_READY). Here is where the race window begins. (`this` is\n `ewq_addr`.)\n\n4. If the receiver wakes up now in do_mq_timedreceive::wq_sleep, it\n will see `state == STATE_READY` and break.\n\n5. do_mq_timedreceive returns, and `ewq_addr` is no longer guaranteed\n to be a `struct ext_wait_queue *` since it was on do_mq_timedreceive\u0027s\n stack. (Although the address may not get overwritten until another\n function happens to touch it, which means it can persist around for an\n indefinite time.)\n\n6. do_mq_timedsend::__pipelined_op() still believes `ewq_addr` is a\n `struct ext_wait_queue *`, and uses it to find a task_struct to pass to\n the wake_q_add_safe call. In the lucky case where nothing has\n overwritten `ewq_addr` yet, `ewq_addr-\u003etask` is the right task_struct.\n In the unlucky case, __pipelined_op::wake_q_add_safe gets handed a\n bogus address as the receiver\u0027s task_struct causing the crash.\n\ndo_mq_timedsend::__pipelined_op() should not dereference `this` after\nsetting STATE_READY, as the receiver counterpart is now free to return.\nChange __pipelined_op to call wake_q_add_safe on the receiver\u0027s\ntask_struct returned by get_task_struct, instead of dereferencing `this`\nwhich sits on the receiver\u0027s stack.\n\nAs Manfred pointed out, the race potentially also exists in\nipc/msg.c::expunge_all and ipc/sem.c::wake_up_sem_queue_prepare. Fix\nthose in the same way."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:47:28.778Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/4528c0c323085e645b8765913b4a7fd42cf49b65"
},
{
"url": "https://git.kernel.org/stable/c/807fa14536b26803b858da878b643be72952a097"
},
{
"url": "https://git.kernel.org/stable/c/a11ddb37bf367e6b5239b95ca759e5389bb46048"
}
],
"title": "ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47069",
"datePublished": "2024-03-01T21:15:08.598Z",
"dateReserved": "2024-02-29T22:33:44.296Z",
"dateUpdated": "2026-05-11T13:47:28.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47356 (GCVE-0-2021-47356)
Vulnerability from cvelistv5 – Published: 2024-05-21 14:35 – Updated: 2026-05-11 13:53
VLAI
EPSS
Title
mISDN: fix possible use-after-free in HFC_cleanup()
Summary
In the Linux kernel, the following vulnerability has been resolved:
mISDN: fix possible use-after-free in HFC_cleanup()
This module's remove path calls del_timer(). However, that function
does not wait until the timer handler finishes. This means that the
timer handler may still be running after the driver's remove function
has finished, which would result in a use-after-free.
Fix by calling del_timer_sync(), which makes sure the timer handler
has finished, and unable to re-schedule itself.
Severity
7.7 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < 49331c07ef0f8fdfa42b30ba6a83a657b29d7fbe
(git)
Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < 54ff3202928952a100c477248e65ac6db01258a7 (git) Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < 7867ddc5f3de7f289aee63233afc0df4b62834c5 (git) Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < 5f2818185da0fe82a932f0856633038b66faf124 (git) Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < 3ecd228c636ee17c14662729737fa07242a93cb0 (git) Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < b7ee9ae1e0cf55a037c4a99af2acc5d78cb7802d (git) Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < 61370ff07e0acc657559a8fac02551dfeb9d3020 (git) Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < ed7c3739d0a07e2ec3ccbffe7e93cea01c438cda (git) Affected: 87c5fa1bb42624254a2013cbbc3b170d6017f5d6 , < 009fc857c5f6fda81f2f7dd851b2d54193a8e733 (git) |
|
| Linux | Linux |
Affected:
2.6.29
Unaffected: 0 , < 2.6.29 (semver) Unaffected: 4.4.276 , ≤ 4.4.* (semver) Unaffected: 4.9.276 , ≤ 4.9.* (semver) Unaffected: 4.14.240 , ≤ 4.14.* (semver) Unaffected: 4.19.198 , ≤ 4.19.* (semver) Unaffected: 5.4.133 , ≤ 5.4.* (semver) Unaffected: 5.10.51 , ≤ 5.10.* (semver) Unaffected: 5.12.18 , ≤ 5.12.* (semver) Unaffected: 5.13.3 , ≤ 5.13.* (semver) Unaffected: 5.14 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "49331c07ef0f",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "54ff32029289",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "7867ddc5f3de",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "5f2818185da0",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "3ecd228c636e",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b7ee9ae1e0cf",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "61370ff07e0a",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "ed7c3739d0a0",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "009fc857c5f6",
"status": "affected",
"version": "1da177e4c3f4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.276",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.276",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.240",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.198",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.133",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.51",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.18",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThanOrEqual": "5.13.*",
"status": "unaffected",
"version": "5.13.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.14"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47356",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:04:48.759363Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:05:18.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:08.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49331c07ef0f8fdfa42b30ba6a83a657b29d7fbe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/54ff3202928952a100c477248e65ac6db01258a7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7867ddc5f3de7f289aee63233afc0df4b62834c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f2818185da0fe82a932f0856633038b66faf124"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3ecd228c636ee17c14662729737fa07242a93cb0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b7ee9ae1e0cf55a037c4a99af2acc5d78cb7802d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61370ff07e0acc657559a8fac02551dfeb9d3020"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ed7c3739d0a07e2ec3ccbffe7e93cea01c438cda"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/009fc857c5f6fda81f2f7dd851b2d54193a8e733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/isdn/hardware/mISDN/hfcpci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "49331c07ef0f8fdfa42b30ba6a83a657b29d7fbe",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "54ff3202928952a100c477248e65ac6db01258a7",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "7867ddc5f3de7f289aee63233afc0df4b62834c5",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "5f2818185da0fe82a932f0856633038b66faf124",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "3ecd228c636ee17c14662729737fa07242a93cb0",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "b7ee9ae1e0cf55a037c4a99af2acc5d78cb7802d",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "61370ff07e0acc657559a8fac02551dfeb9d3020",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "ed7c3739d0a07e2ec3ccbffe7e93cea01c438cda",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
},
{
"lessThan": "009fc857c5f6fda81f2f7dd851b2d54193a8e733",
"status": "affected",
"version": "87c5fa1bb42624254a2013cbbc3b170d6017f5d6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/isdn/hardware/mISDN/hfcpci.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.29"
},
{
"lessThan": "2.6.29",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.276",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.240",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.198",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.133",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.51",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.12.*",
"status": "unaffected",
"version": "5.12.18",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.13.*",
"status": "unaffected",
"version": "5.13.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.14",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.276",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.276",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.240",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.198",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.133",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.51",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.12.18",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.13.3",
"versionStartIncluding": "2.6.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14",
"versionStartIncluding": "2.6.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: fix possible use-after-free in HFC_cleanup()\n\nThis module\u0027s remove path calls del_timer(). However, that function\ndoes not wait until the timer handler finishes. This means that the\ntimer handler may still be running after the driver\u0027s remove function\nhas finished, which would result in a use-after-free.\n\nFix by calling del_timer_sync(), which makes sure the timer handler\nhas finished, and unable to re-schedule itself."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:53:07.476Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/49331c07ef0f8fdfa42b30ba6a83a657b29d7fbe"
},
{
"url": "https://git.kernel.org/stable/c/54ff3202928952a100c477248e65ac6db01258a7"
},
{
"url": "https://git.kernel.org/stable/c/7867ddc5f3de7f289aee63233afc0df4b62834c5"
},
{
"url": "https://git.kernel.org/stable/c/5f2818185da0fe82a932f0856633038b66faf124"
},
{
"url": "https://git.kernel.org/stable/c/3ecd228c636ee17c14662729737fa07242a93cb0"
},
{
"url": "https://git.kernel.org/stable/c/b7ee9ae1e0cf55a037c4a99af2acc5d78cb7802d"
},
{
"url": "https://git.kernel.org/stable/c/61370ff07e0acc657559a8fac02551dfeb9d3020"
},
{
"url": "https://git.kernel.org/stable/c/ed7c3739d0a07e2ec3ccbffe7e93cea01c438cda"
},
{
"url": "https://git.kernel.org/stable/c/009fc857c5f6fda81f2f7dd851b2d54193a8e733"
}
],
"title": "mISDN: fix possible use-after-free in HFC_cleanup()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47356",
"datePublished": "2024-05-21T14:35:59.097Z",
"dateReserved": "2024-05-21T14:28:16.987Z",
"dateUpdated": "2026-05-11T13:53:07.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47468 (GCVE-0-2021-47468)
Vulnerability from cvelistv5 – Published: 2024-05-22 06:23 – Updated: 2026-05-11 13:55
VLAI
EPSS
Title
isdn: mISDN: Fix sleeping function called from invalid context
Summary
In the Linux kernel, the following vulnerability has been resolved:
isdn: mISDN: Fix sleeping function called from invalid context
The driver can call card->isac.release() function from an atomic
context.
Fix this by calling this function after releasing the lock.
The following log reveals it:
[ 44.168226 ] BUG: sleeping function called from invalid context at kernel/workqueue.c:3018
[ 44.168941 ] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 5475, name: modprobe
[ 44.169574 ] INFO: lockdep is turned off.
[ 44.169899 ] irq event stamp: 0
[ 44.170160 ] hardirqs last enabled at (0): [<0000000000000000>] 0x0
[ 44.170627 ] hardirqs last disabled at (0): [<ffffffff814209ed>] copy_process+0x132d/0x3e00
[ 44.171240 ] softirqs last enabled at (0): [<ffffffff81420a1a>] copy_process+0x135a/0x3e00
[ 44.171852 ] softirqs last disabled at (0): [<0000000000000000>] 0x0
[ 44.172318 ] Preemption disabled at:
[ 44.172320 ] [<ffffffffa009b0a9>] nj_release+0x69/0x500 [netjet]
[ 44.174441 ] Call Trace:
[ 44.174630 ] dump_stack_lvl+0xa8/0xd1
[ 44.174912 ] dump_stack+0x15/0x17
[ 44.175166 ] ___might_sleep+0x3a2/0x510
[ 44.175459 ] ? nj_release+0x69/0x500 [netjet]
[ 44.175791 ] __might_sleep+0x82/0xe0
[ 44.176063 ] ? start_flush_work+0x20/0x7b0
[ 44.176375 ] start_flush_work+0x33/0x7b0
[ 44.176672 ] ? trace_irq_enable_rcuidle+0x85/0x170
[ 44.177034 ] ? kasan_quarantine_put+0xaa/0x1f0
[ 44.177372 ] ? kasan_quarantine_put+0xaa/0x1f0
[ 44.177711 ] __flush_work+0x11a/0x1a0
[ 44.177991 ] ? flush_work+0x20/0x20
[ 44.178257 ] ? lock_release+0x13c/0x8f0
[ 44.178550 ] ? __kasan_check_write+0x14/0x20
[ 44.178872 ] ? do_raw_spin_lock+0x148/0x360
[ 44.179187 ] ? read_lock_is_recursive+0x20/0x20
[ 44.179530 ] ? __kasan_check_read+0x11/0x20
[ 44.179846 ] ? do_raw_spin_unlock+0x55/0x900
[ 44.180168 ] ? ____kasan_slab_free+0x116/0x140
[ 44.180505 ] ? _raw_spin_unlock_irqrestore+0x41/0x60
[ 44.180878 ] ? skb_queue_purge+0x1a3/0x1c0
[ 44.181189 ] ? kfree+0x13e/0x290
[ 44.181438 ] flush_work+0x17/0x20
[ 44.181695 ] mISDN_freedchannel+0xe8/0x100
[ 44.182006 ] isac_release+0x210/0x260 [mISDNipac]
[ 44.182366 ] nj_release+0xf6/0x500 [netjet]
[ 44.182685 ] nj_remove+0x48/0x70 [netjet]
[ 44.182989 ] pci_device_remove+0xa9/0x250
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
a900845e56617edc005fd8f35bfd5a407aaf96c8 , < 6f95c97e0f9d6eb39c3f2cb45e8fa4268d1b372b
(git)
Affected: a900845e56617edc005fd8f35bfd5a407aaf96c8 , < ef269a8808cb1759245a98a7fe16fceaebad894c (git) Affected: a900845e56617edc005fd8f35bfd5a407aaf96c8 , < 37e4f57b22cc5ebb3f80cf0f74fdeb487f082367 (git) Affected: a900845e56617edc005fd8f35bfd5a407aaf96c8 , < a5b34409d3fc52114c828be4adbc30744fa3258b (git) Affected: a900845e56617edc005fd8f35bfd5a407aaf96c8 , < 4054b869dc263228d30a4755800b78f0f2ba0c89 (git) Affected: a900845e56617edc005fd8f35bfd5a407aaf96c8 , < 9f591cbdbed3d7822b2bdba89b34a6d7b434317d (git) Affected: a900845e56617edc005fd8f35bfd5a407aaf96c8 , < f5966ba53013149bcf94e1536644a958dd00a026 (git) Affected: a900845e56617edc005fd8f35bfd5a407aaf96c8 , < 6510e80a0b81b5d814e3aea6297ba42f5e76f73c (git) |
|
| Linux | Linux |
Affected:
2.6.32
Unaffected: 0 , < 2.6.32 (semver) Unaffected: 4.4.290 , ≤ 4.4.* (semver) Unaffected: 4.9.288 , ≤ 4.9.* (semver) Unaffected: 4.14.253 , ≤ 4.14.* (semver) Unaffected: 4.19.214 , ≤ 4.19.* (semver) Unaffected: 5.4.156 , ≤ 5.4.* (semver) Unaffected: 5.10.76 , ≤ 5.10.* (semver) Unaffected: 5.14.15 , ≤ 5.14.* (semver) Unaffected: 5.15 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:39:59.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6f95c97e0f9d6eb39c3f2cb45e8fa4268d1b372b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ef269a8808cb1759245a98a7fe16fceaebad894c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/37e4f57b22cc5ebb3f80cf0f74fdeb487f082367"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a5b34409d3fc52114c828be4adbc30744fa3258b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4054b869dc263228d30a4755800b78f0f2ba0c89"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9f591cbdbed3d7822b2bdba89b34a6d7b434317d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5966ba53013149bcf94e1536644a958dd00a026"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6510e80a0b81b5d814e3aea6297ba42f5e76f73c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:08.496744Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:53.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/isdn/hardware/mISDN/netjet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6f95c97e0f9d6eb39c3f2cb45e8fa4268d1b372b",
"status": "affected",
"version": "a900845e56617edc005fd8f35bfd5a407aaf96c8",
"versionType": "git"
},
{
"lessThan": "ef269a8808cb1759245a98a7fe16fceaebad894c",
"status": "affected",
"version": "a900845e56617edc005fd8f35bfd5a407aaf96c8",
"versionType": "git"
},
{
"lessThan": "37e4f57b22cc5ebb3f80cf0f74fdeb487f082367",
"status": "affected",
"version": "a900845e56617edc005fd8f35bfd5a407aaf96c8",
"versionType": "git"
},
{
"lessThan": "a5b34409d3fc52114c828be4adbc30744fa3258b",
"status": "affected",
"version": "a900845e56617edc005fd8f35bfd5a407aaf96c8",
"versionType": "git"
},
{
"lessThan": "4054b869dc263228d30a4755800b78f0f2ba0c89",
"status": "affected",
"version": "a900845e56617edc005fd8f35bfd5a407aaf96c8",
"versionType": "git"
},
{
"lessThan": "9f591cbdbed3d7822b2bdba89b34a6d7b434317d",
"status": "affected",
"version": "a900845e56617edc005fd8f35bfd5a407aaf96c8",
"versionType": "git"
},
{
"lessThan": "f5966ba53013149bcf94e1536644a958dd00a026",
"status": "affected",
"version": "a900845e56617edc005fd8f35bfd5a407aaf96c8",
"versionType": "git"
},
{
"lessThan": "6510e80a0b81b5d814e3aea6297ba42f5e76f73c",
"status": "affected",
"version": "a900845e56617edc005fd8f35bfd5a407aaf96c8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/isdn/hardware/mISDN/netjet.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.32"
},
{
"lessThan": "2.6.32",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.4.*",
"status": "unaffected",
"version": "4.4.290",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.9.*",
"status": "unaffected",
"version": "4.9.288",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.253",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.156",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.76",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.14.*",
"status": "unaffected",
"version": "5.14.15",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.15",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.290",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.288",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.253",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.214",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.156",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.76",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.14.15",
"versionStartIncluding": "2.6.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15",
"versionStartIncluding": "2.6.32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nisdn: mISDN: Fix sleeping function called from invalid context\n\nThe driver can call card-\u003eisac.release() function from an atomic\ncontext.\n\nFix this by calling this function after releasing the lock.\n\nThe following log reveals it:\n\n[ 44.168226 ] BUG: sleeping function called from invalid context at kernel/workqueue.c:3018\n[ 44.168941 ] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 5475, name: modprobe\n[ 44.169574 ] INFO: lockdep is turned off.\n[ 44.169899 ] irq event stamp: 0\n[ 44.170160 ] hardirqs last enabled at (0): [\u003c0000000000000000\u003e] 0x0\n[ 44.170627 ] hardirqs last disabled at (0): [\u003cffffffff814209ed\u003e] copy_process+0x132d/0x3e00\n[ 44.171240 ] softirqs last enabled at (0): [\u003cffffffff81420a1a\u003e] copy_process+0x135a/0x3e00\n[ 44.171852 ] softirqs last disabled at (0): [\u003c0000000000000000\u003e] 0x0\n[ 44.172318 ] Preemption disabled at:\n[ 44.172320 ] [\u003cffffffffa009b0a9\u003e] nj_release+0x69/0x500 [netjet]\n[ 44.174441 ] Call Trace:\n[ 44.174630 ] dump_stack_lvl+0xa8/0xd1\n[ 44.174912 ] dump_stack+0x15/0x17\n[ 44.175166 ] ___might_sleep+0x3a2/0x510\n[ 44.175459 ] ? nj_release+0x69/0x500 [netjet]\n[ 44.175791 ] __might_sleep+0x82/0xe0\n[ 44.176063 ] ? start_flush_work+0x20/0x7b0\n[ 44.176375 ] start_flush_work+0x33/0x7b0\n[ 44.176672 ] ? trace_irq_enable_rcuidle+0x85/0x170\n[ 44.177034 ] ? kasan_quarantine_put+0xaa/0x1f0\n[ 44.177372 ] ? kasan_quarantine_put+0xaa/0x1f0\n[ 44.177711 ] __flush_work+0x11a/0x1a0\n[ 44.177991 ] ? flush_work+0x20/0x20\n[ 44.178257 ] ? lock_release+0x13c/0x8f0\n[ 44.178550 ] ? __kasan_check_write+0x14/0x20\n[ 44.178872 ] ? do_raw_spin_lock+0x148/0x360\n[ 44.179187 ] ? read_lock_is_recursive+0x20/0x20\n[ 44.179530 ] ? __kasan_check_read+0x11/0x20\n[ 44.179846 ] ? do_raw_spin_unlock+0x55/0x900\n[ 44.180168 ] ? ____kasan_slab_free+0x116/0x140\n[ 44.180505 ] ? _raw_spin_unlock_irqrestore+0x41/0x60\n[ 44.180878 ] ? skb_queue_purge+0x1a3/0x1c0\n[ 44.181189 ] ? kfree+0x13e/0x290\n[ 44.181438 ] flush_work+0x17/0x20\n[ 44.181695 ] mISDN_freedchannel+0xe8/0x100\n[ 44.182006 ] isac_release+0x210/0x260 [mISDNipac]\n[ 44.182366 ] nj_release+0xf6/0x500 [netjet]\n[ 44.182685 ] nj_remove+0x48/0x70 [netjet]\n[ 44.182989 ] pci_device_remove+0xa9/0x250"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:55:18.400Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6f95c97e0f9d6eb39c3f2cb45e8fa4268d1b372b"
},
{
"url": "https://git.kernel.org/stable/c/ef269a8808cb1759245a98a7fe16fceaebad894c"
},
{
"url": "https://git.kernel.org/stable/c/37e4f57b22cc5ebb3f80cf0f74fdeb487f082367"
},
{
"url": "https://git.kernel.org/stable/c/a5b34409d3fc52114c828be4adbc30744fa3258b"
},
{
"url": "https://git.kernel.org/stable/c/4054b869dc263228d30a4755800b78f0f2ba0c89"
},
{
"url": "https://git.kernel.org/stable/c/9f591cbdbed3d7822b2bdba89b34a6d7b434317d"
},
{
"url": "https://git.kernel.org/stable/c/f5966ba53013149bcf94e1536644a958dd00a026"
},
{
"url": "https://git.kernel.org/stable/c/6510e80a0b81b5d814e3aea6297ba42f5e76f73c"
}
],
"title": "isdn: mISDN: Fix sleeping function called from invalid context",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-47468",
"datePublished": "2024-05-22T06:23:26.982Z",
"dateReserved": "2024-05-22T06:20:56.199Z",
"dateUpdated": "2026-05-11T13:55:18.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48793 (GCVE-0-2022-48793)
Vulnerability from cvelistv5 – Published: 2024-07-16 11:43 – Updated: 2026-05-11 18:47
VLAI
EPSS
Title
KVM: x86: nSVM: fix potential NULL derefernce on nested migration
Summary
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: nSVM: fix potential NULL derefernce on nested migration
Turns out that due to review feedback and/or rebases
I accidentally moved the call to nested_svm_load_cr3 to be too early,
before the NPT is enabled, which is very wrong to do.
KVM can't even access guest memory at that point as nested NPT
is needed for that, and of course it won't initialize the walk_mmu,
which is main issue the patch was addressing.
Fix this for real.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
232f75d3b4b5456de6f0b671aa86345d62de1473 , < 74b426bea4f7e3b081add2b88d4fba16d3af7ab6
(git)
Affected: 232f75d3b4b5456de6f0b671aa86345d62de1473 , < 352193edda48e08e8824a7ece09aec830a603cfe (git) Affected: 232f75d3b4b5456de6f0b671aa86345d62de1473 , < e1779c2714c3023e4629825762bcbc43a3b943df (git) |
|
| Linux | Linux |
Affected:
5.13
Unaffected: 0 , < 5.13 (semver) Unaffected: 5.15.25 , ≤ 5.15.* (semver) Unaffected: 5.16.11 , ≤ 5.16.* (semver) Unaffected: 5.17 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:01.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/74b426bea4f7e3b081add2b88d4fba16d3af7ab6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/352193edda48e08e8824a7ece09aec830a603cfe"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e1779c2714c3023e4629825762bcbc43a3b943df"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:59:28.890983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:15.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/svm/nested.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "74b426bea4f7e3b081add2b88d4fba16d3af7ab6",
"status": "affected",
"version": "232f75d3b4b5456de6f0b671aa86345d62de1473",
"versionType": "git"
},
{
"lessThan": "352193edda48e08e8824a7ece09aec830a603cfe",
"status": "affected",
"version": "232f75d3b4b5456de6f0b671aa86345d62de1473",
"versionType": "git"
},
{
"lessThan": "e1779c2714c3023e4629825762bcbc43a3b943df",
"status": "affected",
"version": "232f75d3b4b5456de6f0b671aa86345d62de1473",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/kvm/svm/nested.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.13"
},
{
"lessThan": "5.13",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.25",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.25",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.11",
"versionStartIncluding": "5.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "5.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: nSVM: fix potential NULL derefernce on nested migration\n\nTurns out that due to review feedback and/or rebases\nI accidentally moved the call to nested_svm_load_cr3 to be too early,\nbefore the NPT is enabled, which is very wrong to do.\n\nKVM can\u0027t even access guest memory at that point as nested NPT\nis needed for that, and of course it won\u0027t initialize the walk_mmu,\nwhich is main issue the patch was addressing.\n\nFix this for real."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T18:47:12.267Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/74b426bea4f7e3b081add2b88d4fba16d3af7ab6"
},
{
"url": "https://git.kernel.org/stable/c/352193edda48e08e8824a7ece09aec830a603cfe"
},
{
"url": "https://git.kernel.org/stable/c/e1779c2714c3023e4629825762bcbc43a3b943df"
}
],
"title": "KVM: x86: nSVM: fix potential NULL derefernce on nested migration",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48793",
"datePublished": "2024-07-16T11:43:48.749Z",
"dateReserved": "2024-07-16T11:38:08.894Z",
"dateUpdated": "2026-05-11T18:47:12.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-48799 (GCVE-0-2022-48799)
Vulnerability from cvelistv5 – Published: 2024-07-16 11:43 – Updated: 2026-05-11 18:47
VLAI
EPSS
Title
perf: Fix list corruption in perf_cgroup_switch()
Summary
In the Linux kernel, the following vulnerability has been resolved:
perf: Fix list corruption in perf_cgroup_switch()
There's list corruption on cgrp_cpuctx_list. This happens on the
following path:
perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list)
cpu_ctx_sched_in
ctx_sched_in
ctx_pinned_sched_in
merge_sched_in
perf_cgroup_event_disable: remove the event from the list
Use list_for_each_entry_safe() to allow removing an entry during
iteration.
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
058fe1c0440e68a1ba3c2270ae43e9f0298b27d8 , < 5d76ed4223403f90421782adb2f20a9ecbc93186
(git)
Affected: 058fe1c0440e68a1ba3c2270ae43e9f0298b27d8 , < 30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727 (git) Affected: 058fe1c0440e68a1ba3c2270ae43e9f0298b27d8 , < a2ed7b29d0673ba361546e2d87dbbed149456c45 (git) Affected: 058fe1c0440e68a1ba3c2270ae43e9f0298b27d8 , < f6b5d51976fcefef5732da3e3feb3ccff680f7c8 (git) Affected: 058fe1c0440e68a1ba3c2270ae43e9f0298b27d8 , < 7969fe91c9830e045901970e9d755b7505881d4a (git) Affected: 058fe1c0440e68a1ba3c2270ae43e9f0298b27d8 , < 2142bc1469a316fddd10012d76428f7265258f81 (git) Affected: 058fe1c0440e68a1ba3c2270ae43e9f0298b27d8 , < 5f4e5ce638e6a490b976ade4a40017b40abb2da0 (git) |
|
| Linux | Linux |
Affected:
4.11
Unaffected: 0 , < 4.11 (semver) Unaffected: 4.14.267 , ≤ 4.14.* (semver) Unaffected: 4.19.230 , ≤ 4.19.* (semver) Unaffected: 5.4.180 , ≤ 5.4.* (semver) Unaffected: 5.10.101 , ≤ 5.10.* (semver) Unaffected: 5.15.24 , ≤ 5.15.* (semver) Unaffected: 5.16.10 , ≤ 5.16.* (semver) Unaffected: 5.17 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:25:01.607Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d76ed4223403f90421782adb2f20a9ecbc93186"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/a2ed7b29d0673ba361546e2d87dbbed149456c45"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f6b5d51976fcefef5732da3e3feb3ccff680f7c8"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7969fe91c9830e045901970e9d755b7505881d4a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2142bc1469a316fddd10012d76428f7265258f81"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5f4e5ce638e6a490b976ade4a40017b40abb2da0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48799",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:59:09.842596Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:34:14.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"kernel/events/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "5d76ed4223403f90421782adb2f20a9ecbc93186",
"status": "affected",
"version": "058fe1c0440e68a1ba3c2270ae43e9f0298b27d8",
"versionType": "git"
},
{
"lessThan": "30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727",
"status": "affected",
"version": "058fe1c0440e68a1ba3c2270ae43e9f0298b27d8",
"versionType": "git"
},
{
"lessThan": "a2ed7b29d0673ba361546e2d87dbbed149456c45",
"status": "affected",
"version": "058fe1c0440e68a1ba3c2270ae43e9f0298b27d8",
"versionType": "git"
},
{
"lessThan": "f6b5d51976fcefef5732da3e3feb3ccff680f7c8",
"status": "affected",
"version": "058fe1c0440e68a1ba3c2270ae43e9f0298b27d8",
"versionType": "git"
},
{
"lessThan": "7969fe91c9830e045901970e9d755b7505881d4a",
"status": "affected",
"version": "058fe1c0440e68a1ba3c2270ae43e9f0298b27d8",
"versionType": "git"
},
{
"lessThan": "2142bc1469a316fddd10012d76428f7265258f81",
"status": "affected",
"version": "058fe1c0440e68a1ba3c2270ae43e9f0298b27d8",
"versionType": "git"
},
{
"lessThan": "5f4e5ce638e6a490b976ade4a40017b40abb2da0",
"status": "affected",
"version": "058fe1c0440e68a1ba3c2270ae43e9f0298b27d8",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"kernel/events/core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.11"
},
{
"lessThan": "4.11",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.267",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.180",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.101",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.16.*",
"status": "unaffected",
"version": "5.16.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.267",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.230",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.180",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.101",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.24",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16.10",
"versionStartIncluding": "4.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.17",
"versionStartIncluding": "4.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf: Fix list corruption in perf_cgroup_switch()\n\nThere\u0027s list corruption on cgrp_cpuctx_list. This happens on the\nfollowing path:\n\n perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list)\n cpu_ctx_sched_in\n ctx_sched_in\n ctx_pinned_sched_in\n merge_sched_in\n perf_cgroup_event_disable: remove the event from the list\n\nUse list_for_each_entry_safe() to allow removing an entry during\niteration."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T18:47:21.780Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/5d76ed4223403f90421782adb2f20a9ecbc93186"
},
{
"url": "https://git.kernel.org/stable/c/30d9f3cbe47e1018ddc8069ac5b5c9e66fbdf727"
},
{
"url": "https://git.kernel.org/stable/c/a2ed7b29d0673ba361546e2d87dbbed149456c45"
},
{
"url": "https://git.kernel.org/stable/c/f6b5d51976fcefef5732da3e3feb3ccff680f7c8"
},
{
"url": "https://git.kernel.org/stable/c/7969fe91c9830e045901970e9d755b7505881d4a"
},
{
"url": "https://git.kernel.org/stable/c/2142bc1469a316fddd10012d76428f7265258f81"
},
{
"url": "https://git.kernel.org/stable/c/5f4e5ce638e6a490b976ade4a40017b40abb2da0"
}
],
"title": "perf: Fix list corruption in perf_cgroup_switch()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2022-48799",
"datePublished": "2024-07-16T11:43:52.894Z",
"dateReserved": "2024-07-16T11:38:08.895Z",
"dateUpdated": "2026-05-11T18:47:21.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52434 (GCVE-0-2023-52434)
Vulnerability from cvelistv5 – Published: 2024-02-20 18:04 – Updated: 2026-05-11 19:27
VLAI
EPSS
Title
smb: client: fix potential OOBs in smb2_parse_contexts()
Summary
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential OOBs in smb2_parse_contexts()
Validate offsets and lengths before dereferencing create contexts in
smb2_parse_contexts().
This fixes following oops when accessing invalid create contexts from
server:
BUG: unable to handle page fault for address: ffff8881178d8cc3
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 4a01067 P4D 4a01067 PUD 0
Oops: 0000 [#1] PREEMPT SMP NOPTI
CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS
rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014
RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs]
Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00
00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 <0f> b7
7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00
RSP: 0018:ffffc900007939e0 EFLAGS: 00010216
RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90
RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000
RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000
R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000
R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22
FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000)
knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0
PKRU: 55555554
Call Trace:
<TASK>
? __die+0x23/0x70
? page_fault_oops+0x181/0x480
? search_module_extables+0x19/0x60
? srso_alias_return_thunk+0x5/0xfbef5
? exc_page_fault+0x1b6/0x1c0
? asm_exc_page_fault+0x26/0x30
? smb2_parse_contexts+0xa0/0x3a0 [cifs]
SMB2_open+0x38d/0x5f0 [cifs]
? smb2_is_path_accessible+0x138/0x260 [cifs]
smb2_is_path_accessible+0x138/0x260 [cifs]
cifs_is_path_remote+0x8d/0x230 [cifs]
cifs_mount+0x7e/0x350 [cifs]
cifs_smb3_do_mount+0x128/0x780 [cifs]
smb3_get_tree+0xd9/0x290 [cifs]
vfs_get_tree+0x2c/0x100
? capable+0x37/0x70
path_mount+0x2d7/0xb80
? srso_alias_return_thunk+0x5/0xfbef5
? _raw_spin_unlock_irqrestore+0x44/0x60
__x64_sys_mount+0x11a/0x150
do_syscall_64+0x47/0xf0
entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7f8737657b1e
Severity
No CVSS data available.
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
b8c32dbb0deb287a5fcb78251e4eae6c7275760d , < 6726429c18c62dbf5e96ebbd522f262e016553fb
(git)
Affected: b8c32dbb0deb287a5fcb78251e4eae6c7275760d , < 13fb0fc4917621f3dfa285a27eaf7151d770b5e5 (git) Affected: b8c32dbb0deb287a5fcb78251e4eae6c7275760d , < 890bc4fac3c0973a49cac35f634579bebba7fe48 (git) Affected: b8c32dbb0deb287a5fcb78251e4eae6c7275760d , < 1ae3c59355dc9882e09c020afe8ffbd895ad0f29 (git) Affected: b8c32dbb0deb287a5fcb78251e4eae6c7275760d , < 17a0f64cc02d4972e21c733d9f21d1c512963afa (git) Affected: b8c32dbb0deb287a5fcb78251e4eae6c7275760d , < af1689a9b7701d9907dfc84d2a4b57c4bc907144 (git) |
|
| Linux | Linux |
Affected:
3.7
Unaffected: 0 , < 3.7 (semver) Unaffected: 5.4.277 , ≤ 5.4.* (semver) Unaffected: 5.10.211 , ≤ 5.10.* (semver) Unaffected: 5.15.150 , ≤ 5.15.* (semver) Unaffected: 6.1.79 , ≤ 6.1.* (semver) Unaffected: 6.6.8 , ≤ 6.6.* (semver) Unaffected: 6.7 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52434",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-20T19:31:41.798943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:08.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-17T20:02:50.854Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/6726429c18c62dbf5e96ebbd522f262e016553fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/13fb0fc4917621f3dfa285a27eaf7151d770b5e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/890bc4fac3c0973a49cac35f634579bebba7fe48"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1ae3c59355dc9882e09c020afe8ffbd895ad0f29"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/af1689a9b7701d9907dfc84d2a4b57c4bc907144"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250117-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/smb/client/cached_dir.c",
"fs/smb/client/smb2pdu.c",
"fs/smb/client/smb2proto.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6726429c18c62dbf5e96ebbd522f262e016553fb",
"status": "affected",
"version": "b8c32dbb0deb287a5fcb78251e4eae6c7275760d",
"versionType": "git"
},
{
"lessThan": "13fb0fc4917621f3dfa285a27eaf7151d770b5e5",
"status": "affected",
"version": "b8c32dbb0deb287a5fcb78251e4eae6c7275760d",
"versionType": "git"
},
{
"lessThan": "890bc4fac3c0973a49cac35f634579bebba7fe48",
"status": "affected",
"version": "b8c32dbb0deb287a5fcb78251e4eae6c7275760d",
"versionType": "git"
},
{
"lessThan": "1ae3c59355dc9882e09c020afe8ffbd895ad0f29",
"status": "affected",
"version": "b8c32dbb0deb287a5fcb78251e4eae6c7275760d",
"versionType": "git"
},
{
"lessThan": "17a0f64cc02d4972e21c733d9f21d1c512963afa",
"status": "affected",
"version": "b8c32dbb0deb287a5fcb78251e4eae6c7275760d",
"versionType": "git"
},
{
"lessThan": "af1689a9b7701d9907dfc84d2a4b57c4bc907144",
"status": "affected",
"version": "b8c32dbb0deb287a5fcb78251e4eae6c7275760d",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/smb/client/cached_dir.c",
"fs/smb/client/smb2pdu.c",
"fs/smb/client/smb2proto.h"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.277",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.211",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.150",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.79",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.277",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.211",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.150",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.79",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.8",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix potential OOBs in smb2_parse_contexts()\n\nValidate offsets and lengths before dereferencing create contexts in\nsmb2_parse_contexts().\n\nThis fixes following oops when accessing invalid create contexts from\nserver:\n\n BUG: unable to handle page fault for address: ffff8881178d8cc3\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 4a01067 P4D 4a01067 PUD 0\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 3 PID: 1736 Comm: mount.cifs Not tainted 6.7.0-rc4 #1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS\n rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014\n RIP: 0010:smb2_parse_contexts+0xa0/0x3a0 [cifs]\n Code: f8 10 75 13 48 b8 93 ad 25 50 9c b4 11 e7 49 39 06 0f 84 d2 00\n 00 00 8b 45 00 85 c0 74 61 41 29 c5 48 01 c5 41 83 fd 0f 76 55 \u003c0f\u003e b7\n 7d 04 0f b7 45 06 4c 8d 74 3d 00 66 83 f8 04 75 bc ba 04 00\n RSP: 0018:ffffc900007939e0 EFLAGS: 00010216\n RAX: ffffc90000793c78 RBX: ffff8880180cc000 RCX: ffffc90000793c90\n RDX: ffffc90000793cc0 RSI: ffff8880178d8cc0 RDI: ffff8880180cc000\n RBP: ffff8881178d8cbf R08: ffffc90000793c22 R09: 0000000000000000\n R10: ffff8880180cc000 R11: 0000000000000024 R12: 0000000000000000\n R13: 0000000000000020 R14: 0000000000000000 R15: ffffc90000793c22\n FS: 00007f873753cbc0(0000) GS:ffff88806bc00000(0000)\n knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: ffff8881178d8cc3 CR3: 00000000181ca000 CR4: 0000000000750ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n ? __die+0x23/0x70\n ? page_fault_oops+0x181/0x480\n ? search_module_extables+0x19/0x60\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? exc_page_fault+0x1b6/0x1c0\n ? asm_exc_page_fault+0x26/0x30\n ? smb2_parse_contexts+0xa0/0x3a0 [cifs]\n SMB2_open+0x38d/0x5f0 [cifs]\n ? smb2_is_path_accessible+0x138/0x260 [cifs]\n smb2_is_path_accessible+0x138/0x260 [cifs]\n cifs_is_path_remote+0x8d/0x230 [cifs]\n cifs_mount+0x7e/0x350 [cifs]\n cifs_smb3_do_mount+0x128/0x780 [cifs]\n smb3_get_tree+0xd9/0x290 [cifs]\n vfs_get_tree+0x2c/0x100\n ? capable+0x37/0x70\n path_mount+0x2d7/0xb80\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? _raw_spin_unlock_irqrestore+0x44/0x60\n __x64_sys_mount+0x11a/0x150\n do_syscall_64+0x47/0xf0\n entry_SYSCALL_64_after_hwframe+0x6f/0x77\n RIP: 0033:0x7f8737657b1e"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T19:27:16.654Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6726429c18c62dbf5e96ebbd522f262e016553fb"
},
{
"url": "https://git.kernel.org/stable/c/13fb0fc4917621f3dfa285a27eaf7151d770b5e5"
},
{
"url": "https://git.kernel.org/stable/c/890bc4fac3c0973a49cac35f634579bebba7fe48"
},
{
"url": "https://git.kernel.org/stable/c/1ae3c59355dc9882e09c020afe8ffbd895ad0f29"
},
{
"url": "https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa"
},
{
"url": "https://git.kernel.org/stable/c/af1689a9b7701d9907dfc84d2a4b57c4bc907144"
}
],
"title": "smb: client: fix potential OOBs in smb2_parse_contexts()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52434",
"datePublished": "2024-02-20T18:04:44.006Z",
"dateReserved": "2024-02-20T12:30:33.290Z",
"dateUpdated": "2026-05-11T19:27:16.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52610 (GCVE-0-2023-52610)
Vulnerability from cvelistv5 – Published: 2024-03-18 10:07 – Updated: 2026-05-11 19:30
VLAI
EPSS
Title
net/sched: act_ct: fix skb leak and crash on ooo frags
Summary
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_ct: fix skb leak and crash on ooo frags
act_ct adds skb->users before defragmentation. If frags arrive in order,
the last frag's reference is reset in:
inet_frag_reasm_prepare
skb_morph
which is not straightforward.
However when frags arrive out of order, nobody unref the last frag, and
all frags are leaked. The situation is even worse, as initiating packet
capture can lead to a crash[0] when skb has been cloned and shared at the
same time.
Fix the issue by removing skb_get() before defragmentation. act_ct
returns TC_ACT_CONSUMED when defrag failed or in progress.
[0]:
[ 843.804823] ------------[ cut here ]------------
[ 843.809659] kernel BUG at net/core/skbuff.c:2091!
[ 843.814516] invalid opcode: 0000 [#1] PREEMPT SMP
[ 843.819296] CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G S 6.7.0-rc3 #2
[ 843.824107] Hardware name: XFUSION 1288H V6/BC13MBSBD, BIOS 1.29 11/25/2022
[ 843.828953] RIP: 0010:pskb_expand_head+0x2ac/0x300
[ 843.833805] Code: 8b 70 28 48 85 f6 74 82 48 83 c6 08 bf 01 00 00 00 e8 38 bd ff ff 8b 83 c0 00 00 00 48 03 83 c8 00 00 00 e9 62 ff ff ff 0f 0b <0f> 0b e8 8d d0 ff ff e9 b3 fd ff ff 81 7c 24 14 40 01 00 00 4c 89
[ 843.843698] RSP: 0018:ffffc9000cce07c0 EFLAGS: 00010202
[ 843.848524] RAX: 0000000000000002 RBX: ffff88811a211d00 RCX: 0000000000000820
[ 843.853299] RDX: 0000000000000640 RSI: 0000000000000000 RDI: ffff88811a211d00
[ 843.857974] RBP: ffff888127d39518 R08: 00000000bee97314 R09: 0000000000000000
[ 843.862584] R10: 0000000000000000 R11: ffff8881109f0000 R12: 0000000000000880
[ 843.867147] R13: ffff888127d39580 R14: 0000000000000640 R15: ffff888170f7b900
[ 843.871680] FS: 0000000000000000(0000) GS:ffff889ffffc0000(0000) knlGS:0000000000000000
[ 843.876242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 843.880778] CR2: 00007fa42affcfb8 CR3: 000000011433a002 CR4: 0000000000770ef0
[ 843.885336] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 843.889809] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 843.894229] PKRU: 55555554
[ 843.898539] Call Trace:
[ 843.902772] <IRQ>
[ 843.906922] ? __die_body+0x1e/0x60
[ 843.911032] ? die+0x3c/0x60
[ 843.915037] ? do_trap+0xe2/0x110
[ 843.918911] ? pskb_expand_head+0x2ac/0x300
[ 843.922687] ? do_error_trap+0x65/0x80
[ 843.926342] ? pskb_expand_head+0x2ac/0x300
[ 843.929905] ? exc_invalid_op+0x50/0x60
[ 843.933398] ? pskb_expand_head+0x2ac/0x300
[ 843.936835] ? asm_exc_invalid_op+0x1a/0x20
[ 843.940226] ? pskb_expand_head+0x2ac/0x300
[ 843.943580] inet_frag_reasm_prepare+0xd1/0x240
[ 843.946904] ip_defrag+0x5d4/0x870
[ 843.950132] nf_ct_handle_fragments+0xec/0x130 [nf_conntrack]
[ 843.953334] tcf_ct_act+0x252/0xd90 [act_ct]
[ 843.956473] ? tcf_mirred_act+0x516/0x5a0 [act_mirred]
[ 843.959657] tcf_action_exec+0xa1/0x160
[ 843.962823] fl_classify+0x1db/0x1f0 [cls_flower]
[ 843.966010] ? skb_clone+0x53/0xc0
[ 843.969173] tcf_classify+0x24d/0x420
[ 843.972333] tc_run+0x8f/0xf0
[ 843.975465] __netif_receive_skb_core+0x67a/0x1080
[ 843.978634] ? dev_gro_receive+0x249/0x730
[ 843.981759] __netif_receive_skb_list_core+0x12d/0x260
[ 843.984869] netif_receive_skb_list_internal+0x1cb/0x2f0
[ 843.987957] ? mlx5e_handle_rx_cqe_mpwrq_rep+0xfa/0x1a0 [mlx5_core]
[ 843.991170] napi_complete_done+0x72/0x1a0
[ 843.994305] mlx5e_napi_poll+0x28c/0x6d0 [mlx5_core]
[ 843.997501] __napi_poll+0x25/0x1b0
[ 844.000627] net_rx_action+0x256/0x330
[ 844.003705] __do_softirq+0xb3/0x29b
[ 844.006718] irq_exit_rcu+0x9e/0xc0
[ 844.009672] common_interrupt+0x86/0xa0
[ 844.012537] </IRQ>
[ 844.015285] <TASK>
[ 844.017937] asm_common_interrupt+0x26/0x40
[ 844.020591] RIP: 0010:acpi_safe_halt+0x1b/0x20
[ 844.023247] Code: ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 65 48 8b 04 25 00 18 03 00 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 81 d0 44 00 fb
---truncated---
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
b57dc7c13ea90e09ae15f821d2583fa0231b4935 , < 172ba7d46c202e679f3ccb10264c67416aaeb1c4
(git)
Affected: b57dc7c13ea90e09ae15f821d2583fa0231b4935 , < 0b5b831122fc3789fff75be433ba3e4dd7b779d4 (git) Affected: b57dc7c13ea90e09ae15f821d2583fa0231b4935 , < 73f7da5fd124f2cda9161e2e46114915e6e82e97 (git) Affected: b57dc7c13ea90e09ae15f821d2583fa0231b4935 , < f5346df0591d10bc948761ca854b1fae6d2ef441 (git) Affected: b57dc7c13ea90e09ae15f821d2583fa0231b4935 , < 3f14b377d01d8357eba032b4cabc8c1149b458b6 (git) |
|
| Linux | Linux |
Affected:
5.3
Unaffected: 0 , < 5.3 (semver) Unaffected: 5.15.148 , ≤ 5.15.* (semver) Unaffected: 6.1.75 , ≤ 6.1.* (semver) Unaffected: 6.6.14 , ≤ 6.6.* (semver) Unaffected: 6.7.2 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52610",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-21T16:09:12.830591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T16:09:22.568Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/172ba7d46c202e679f3ccb10264c67416aaeb1c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b5b831122fc3789fff75be433ba3e4dd7b779d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/73f7da5fd124f2cda9161e2e46114915e6e82e97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f5346df0591d10bc948761ca854b1fae6d2ef441"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3f14b377d01d8357eba032b4cabc8c1149b458b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/sched/act_ct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "172ba7d46c202e679f3ccb10264c67416aaeb1c4",
"status": "affected",
"version": "b57dc7c13ea90e09ae15f821d2583fa0231b4935",
"versionType": "git"
},
{
"lessThan": "0b5b831122fc3789fff75be433ba3e4dd7b779d4",
"status": "affected",
"version": "b57dc7c13ea90e09ae15f821d2583fa0231b4935",
"versionType": "git"
},
{
"lessThan": "73f7da5fd124f2cda9161e2e46114915e6e82e97",
"status": "affected",
"version": "b57dc7c13ea90e09ae15f821d2583fa0231b4935",
"versionType": "git"
},
{
"lessThan": "f5346df0591d10bc948761ca854b1fae6d2ef441",
"status": "affected",
"version": "b57dc7c13ea90e09ae15f821d2583fa0231b4935",
"versionType": "git"
},
{
"lessThan": "3f14b377d01d8357eba032b4cabc8c1149b458b6",
"status": "affected",
"version": "b57dc7c13ea90e09ae15f821d2583fa0231b4935",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/sched/act_ct.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: act_ct: fix skb leak and crash on ooo frags\n\nact_ct adds skb-\u003eusers before defragmentation. If frags arrive in order,\nthe last frag\u0027s reference is reset in:\n\n inet_frag_reasm_prepare\n skb_morph\n\nwhich is not straightforward.\n\nHowever when frags arrive out of order, nobody unref the last frag, and\nall frags are leaked. The situation is even worse, as initiating packet\ncapture can lead to a crash[0] when skb has been cloned and shared at the\nsame time.\n\nFix the issue by removing skb_get() before defragmentation. act_ct\nreturns TC_ACT_CONSUMED when defrag failed or in progress.\n\n[0]:\n[ 843.804823] ------------[ cut here ]------------\n[ 843.809659] kernel BUG at net/core/skbuff.c:2091!\n[ 843.814516] invalid opcode: 0000 [#1] PREEMPT SMP\n[ 843.819296] CPU: 7 PID: 0 Comm: swapper/7 Kdump: loaded Tainted: G S 6.7.0-rc3 #2\n[ 843.824107] Hardware name: XFUSION 1288H V6/BC13MBSBD, BIOS 1.29 11/25/2022\n[ 843.828953] RIP: 0010:pskb_expand_head+0x2ac/0x300\n[ 843.833805] Code: 8b 70 28 48 85 f6 74 82 48 83 c6 08 bf 01 00 00 00 e8 38 bd ff ff 8b 83 c0 00 00 00 48 03 83 c8 00 00 00 e9 62 ff ff ff 0f 0b \u003c0f\u003e 0b e8 8d d0 ff ff e9 b3 fd ff ff 81 7c 24 14 40 01 00 00 4c 89\n[ 843.843698] RSP: 0018:ffffc9000cce07c0 EFLAGS: 00010202\n[ 843.848524] RAX: 0000000000000002 RBX: ffff88811a211d00 RCX: 0000000000000820\n[ 843.853299] RDX: 0000000000000640 RSI: 0000000000000000 RDI: ffff88811a211d00\n[ 843.857974] RBP: ffff888127d39518 R08: 00000000bee97314 R09: 0000000000000000\n[ 843.862584] R10: 0000000000000000 R11: ffff8881109f0000 R12: 0000000000000880\n[ 843.867147] R13: ffff888127d39580 R14: 0000000000000640 R15: ffff888170f7b900\n[ 843.871680] FS: 0000000000000000(0000) GS:ffff889ffffc0000(0000) knlGS:0000000000000000\n[ 843.876242] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 843.880778] CR2: 00007fa42affcfb8 CR3: 000000011433a002 CR4: 0000000000770ef0\n[ 843.885336] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[ 843.889809] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[ 843.894229] PKRU: 55555554\n[ 843.898539] Call Trace:\n[ 843.902772] \u003cIRQ\u003e\n[ 843.906922] ? __die_body+0x1e/0x60\n[ 843.911032] ? die+0x3c/0x60\n[ 843.915037] ? do_trap+0xe2/0x110\n[ 843.918911] ? pskb_expand_head+0x2ac/0x300\n[ 843.922687] ? do_error_trap+0x65/0x80\n[ 843.926342] ? pskb_expand_head+0x2ac/0x300\n[ 843.929905] ? exc_invalid_op+0x50/0x60\n[ 843.933398] ? pskb_expand_head+0x2ac/0x300\n[ 843.936835] ? asm_exc_invalid_op+0x1a/0x20\n[ 843.940226] ? pskb_expand_head+0x2ac/0x300\n[ 843.943580] inet_frag_reasm_prepare+0xd1/0x240\n[ 843.946904] ip_defrag+0x5d4/0x870\n[ 843.950132] nf_ct_handle_fragments+0xec/0x130 [nf_conntrack]\n[ 843.953334] tcf_ct_act+0x252/0xd90 [act_ct]\n[ 843.956473] ? tcf_mirred_act+0x516/0x5a0 [act_mirred]\n[ 843.959657] tcf_action_exec+0xa1/0x160\n[ 843.962823] fl_classify+0x1db/0x1f0 [cls_flower]\n[ 843.966010] ? skb_clone+0x53/0xc0\n[ 843.969173] tcf_classify+0x24d/0x420\n[ 843.972333] tc_run+0x8f/0xf0\n[ 843.975465] __netif_receive_skb_core+0x67a/0x1080\n[ 843.978634] ? dev_gro_receive+0x249/0x730\n[ 843.981759] __netif_receive_skb_list_core+0x12d/0x260\n[ 843.984869] netif_receive_skb_list_internal+0x1cb/0x2f0\n[ 843.987957] ? mlx5e_handle_rx_cqe_mpwrq_rep+0xfa/0x1a0 [mlx5_core]\n[ 843.991170] napi_complete_done+0x72/0x1a0\n[ 843.994305] mlx5e_napi_poll+0x28c/0x6d0 [mlx5_core]\n[ 843.997501] __napi_poll+0x25/0x1b0\n[ 844.000627] net_rx_action+0x256/0x330\n[ 844.003705] __do_softirq+0xb3/0x29b\n[ 844.006718] irq_exit_rcu+0x9e/0xc0\n[ 844.009672] common_interrupt+0x86/0xa0\n[ 844.012537] \u003c/IRQ\u003e\n[ 844.015285] \u003cTASK\u003e\n[ 844.017937] asm_common_interrupt+0x26/0x40\n[ 844.020591] RIP: 0010:acpi_safe_halt+0x1b/0x20\n[ 844.023247] Code: ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 65 48 8b 04 25 00 18 03 00 48 8b 00 a8 08 75 0c 66 90 0f 00 2d 81 d0 44 00 fb\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T19:30:18.643Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/172ba7d46c202e679f3ccb10264c67416aaeb1c4"
},
{
"url": "https://git.kernel.org/stable/c/0b5b831122fc3789fff75be433ba3e4dd7b779d4"
},
{
"url": "https://git.kernel.org/stable/c/73f7da5fd124f2cda9161e2e46114915e6e82e97"
},
{
"url": "https://git.kernel.org/stable/c/f5346df0591d10bc948761ca854b1fae6d2ef441"
},
{
"url": "https://git.kernel.org/stable/c/3f14b377d01d8357eba032b4cabc8c1149b458b6"
}
],
"title": "net/sched: act_ct: fix skb leak and crash on ooo frags",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52610",
"datePublished": "2024-03-18T10:07:46.065Z",
"dateReserved": "2024-03-06T09:52:12.088Z",
"dateUpdated": "2026-05-11T19:30:18.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52864 (GCVE-0-2023-52864)
Vulnerability from cvelistv5 – Published: 2024-05-21 15:31 – Updated: 2026-05-11 19:34
VLAI
EPSS
Title
platform/x86: wmi: Fix opening of char device
Summary
In the Linux kernel, the following vulnerability has been resolved:
platform/x86: wmi: Fix opening of char device
Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via
file private data"), the miscdevice stores a pointer to itself inside
filp->private_data, which means that private_data will not be NULL when
wmi_char_open() is called. This might cause memory corruption should
wmi_char_open() be unable to find its driver, something which can
happen when the associated WMI device is deleted in wmi_free_devices().
Fix the problem by using the miscdevice pointer to retrieve the WMI
device data associated with a char device using container_of(). This
also avoids wmi_char_open() picking a wrong WMI device bound to a
driver with the same name as the original driver.
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < cf098e937dd125c0317a0d6f261ac2a950a233d6
(git)
Affected: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < 9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203 (git) Affected: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < d426a2955e45a95b2282764105fcfb110a540453 (git) Affected: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < e0bf076b734a2fab92d8fddc2b8b03462eee7097 (git) Affected: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < 44a96796d25809502c75771d40ee693c2e44724e (git) Affected: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < 36d85fa7ae0d6be651c1a745191fa7ef055db43e (git) Affected: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < fb7b06b59c6887659c6ed0ecd3110835eecbb6a3 (git) Affected: 44b6b7661132b1b0e5fd3147ded66f1e4a817ca9 , < eba9ac7abab91c8f6d351460239108bef5e7a0b6 (git) |
|
| Linux | Linux |
Affected:
4.15
Unaffected: 0 , < 4.15 (semver) Unaffected: 4.19.299 , ≤ 4.19.* (semver) Unaffected: 5.4.261 , ≤ 5.4.* (semver) Unaffected: 5.10.201 , ≤ 5.10.* (semver) Unaffected: 5.15.139 , ≤ 5.15.* (semver) Unaffected: 6.1.63 , ≤ 6.1.* (semver) Unaffected: 6.5.12 , ≤ 6.5.* (semver) Unaffected: 6.6.2 , ≤ 6.6.* (semver) Unaffected: 6.7 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:21:10.578430Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:07.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835eecbb6a3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eba9ac7abab91c8f6d351460239108bef5e7a0b6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cf098e937dd125c0317a0d6f261ac2a950a233d6",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "d426a2955e45a95b2282764105fcfb110a540453",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "e0bf076b734a2fab92d8fddc2b8b03462eee7097",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "44a96796d25809502c75771d40ee693c2e44724e",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "36d85fa7ae0d6be651c1a745191fa7ef055db43e",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "fb7b06b59c6887659c6ed0ecd3110835eecbb6a3",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
},
{
"lessThan": "eba9ac7abab91c8f6d351460239108bef5e7a0b6",
"status": "affected",
"version": "44b6b7661132b1b0e5fd3147ded66f1e4a817ca9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/platform/x86/wmi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.15"
},
{
"lessThan": "4.15",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.299",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.261",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.201",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.139",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.299",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.261",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.201",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.139",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.63",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.12",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.2",
"versionStartIncluding": "4.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86: wmi: Fix opening of char device\n\nSince commit fa1f68db6ca7 (\"drivers: misc: pass miscdevice pointer via\nfile private data\"), the miscdevice stores a pointer to itself inside\nfilp-\u003eprivate_data, which means that private_data will not be NULL when\nwmi_char_open() is called. This might cause memory corruption should\nwmi_char_open() be unable to find its driver, something which can\nhappen when the associated WMI device is deleted in wmi_free_devices().\n\nFix the problem by using the miscdevice pointer to retrieve the WMI\ndevice data associated with a char device using container_of(). This\nalso avoids wmi_char_open() picking a wrong WMI device bound to a\ndriver with the same name as the original driver."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T19:34:30.188Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cf098e937dd125c0317a0d6f261ac2a950a233d6"
},
{
"url": "https://git.kernel.org/stable/c/9fb0eed09e1470cd4021ff52b2b9dfcbcee4c203"
},
{
"url": "https://git.kernel.org/stable/c/d426a2955e45a95b2282764105fcfb110a540453"
},
{
"url": "https://git.kernel.org/stable/c/e0bf076b734a2fab92d8fddc2b8b03462eee7097"
},
{
"url": "https://git.kernel.org/stable/c/44a96796d25809502c75771d40ee693c2e44724e"
},
{
"url": "https://git.kernel.org/stable/c/36d85fa7ae0d6be651c1a745191fa7ef055db43e"
},
{
"url": "https://git.kernel.org/stable/c/fb7b06b59c6887659c6ed0ecd3110835eecbb6a3"
},
{
"url": "https://git.kernel.org/stable/c/eba9ac7abab91c8f6d351460239108bef5e7a0b6"
}
],
"title": "platform/x86: wmi: Fix opening of char device",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52864",
"datePublished": "2024-05-21T15:31:55.875Z",
"dateReserved": "2024-05-21T15:19:24.261Z",
"dateUpdated": "2026-05-11T19:34:30.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-35845 (GCVE-0-2024-35845)
Vulnerability from cvelistv5 – Published: 2024-05-17 14:40 – Updated: 2026-05-12 11:52
VLAI
EPSS
Title
wifi: iwlwifi: dbg-tlv: ensure NUL termination
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: dbg-tlv: ensure NUL termination
The iwl_fw_ini_debug_info_tlv is used as a string, so we must
ensure the string is terminated correctly before using it.
Severity
9.1 (Critical)
CWE
- CWE-134 - Use of Externally-Controlled Format String
Assigner
References
7 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
a9248de42464e546b624e3fc6a8b04b991af3591 , < fabe2db7de32a881e437ee69db32e0de785a6209
(git)
Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < 96aa40761673da045a7774f874487cdb50c6a2f7 (git) Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a (git) Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < 783d413f332a3ebec916664b366c28f58147f82c (git) Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < fec14d1cdd92f340b9ba2bd220abf96f9609f2a9 (git) Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < 71d4186d470e9cda7cd1a0921b4afda737c6f641 (git) Affected: a9248de42464e546b624e3fc6a8b04b991af3591 , < ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea (git) |
|
| Linux | Linux |
Affected:
5.5
Unaffected: 0 , < 5.5 (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "a9248de42464"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "5.5"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "0"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.10.214"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "5.15.153"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.1.83"
}
]
},
{
"cpes": [
"cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.6.23"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.7.11"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.8.2"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "unaffected",
"version": "6.9"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-35845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-17T17:22:01.418573Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-134",
"description": "CWE-134 Use of Externally-Controlled Format String",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:19:05.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:21:48.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fabe2db7de32a881e437ee69db32e0de785a6209"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/96aa40761673da045a7774f874487cdb50c6a2f7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/783d413f332a3ebec916664b366c28f58147f82c"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fec14d1cdd92f340b9ba2bd220abf96f9609f2a9"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/71d4186d470e9cda7cd1a0921b4afda737c6f641"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:52:15.312Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "fabe2db7de32a881e437ee69db32e0de785a6209",
"status": "affected",
"version": "a9248de42464e546b624e3fc6a8b04b991af3591",
"versionType": "git"
},
{
"lessThan": "96aa40761673da045a7774f874487cdb50c6a2f7",
"status": "affected",
"version": "a9248de42464e546b624e3fc6a8b04b991af3591",
"versionType": "git"
},
{
"lessThan": "c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a",
"status": "affected",
"version": "a9248de42464e546b624e3fc6a8b04b991af3591",
"versionType": "git"
},
{
"lessThan": "783d413f332a3ebec916664b366c28f58147f82c",
"status": "affected",
"version": "a9248de42464e546b624e3fc6a8b04b991af3591",
"versionType": "git"
},
{
"lessThan": "fec14d1cdd92f340b9ba2bd220abf96f9609f2a9",
"status": "affected",
"version": "a9248de42464e546b624e3fc6a8b04b991af3591",
"versionType": "git"
},
{
"lessThan": "71d4186d470e9cda7cd1a0921b4afda737c6f641",
"status": "affected",
"version": "a9248de42464e546b624e3fc6a8b04b991af3591",
"versionType": "git"
},
{
"lessThan": "ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea",
"status": "affected",
"version": "a9248de42464e546b624e3fc6a8b04b991af3591",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.5"
},
{
"lessThan": "5.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "5.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: dbg-tlv: ensure NUL termination\n\nThe iwl_fw_ini_debug_info_tlv is used as a string, so we must\nensure the string is terminated correctly before using it."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:12:15.194Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/fabe2db7de32a881e437ee69db32e0de785a6209"
},
{
"url": "https://git.kernel.org/stable/c/96aa40761673da045a7774f874487cdb50c6a2f7"
},
{
"url": "https://git.kernel.org/stable/c/c855a1a5b7e3de57e6b1b29563113d5e3bfdb89a"
},
{
"url": "https://git.kernel.org/stable/c/783d413f332a3ebec916664b366c28f58147f82c"
},
{
"url": "https://git.kernel.org/stable/c/fec14d1cdd92f340b9ba2bd220abf96f9609f2a9"
},
{
"url": "https://git.kernel.org/stable/c/71d4186d470e9cda7cd1a0921b4afda737c6f641"
},
{
"url": "https://git.kernel.org/stable/c/ea1d166fae14e05d49ffb0ea9fcd4658f8d3dcea"
}
],
"title": "wifi: iwlwifi: dbg-tlv: ensure NUL termination",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-35845",
"datePublished": "2024-05-17T14:40:12.134Z",
"dateReserved": "2024-05-17T13:50:33.105Z",
"dateUpdated": "2026-05-12T11:52:15.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-36016 (GCVE-0-2024-36016)
Vulnerability from cvelistv5 – Published: 2024-05-29 18:46 – Updated: 2026-05-11 20:15
VLAI
EPSS
Title
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
Summary
In the Linux kernel, the following vulnerability has been resolved:
tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
Assuming the following:
- side A configures the n_gsm in basic option mode
- side B sends the header of a basic option mode frame with data length 1
- side A switches to advanced option mode
- side B sends 2 data bytes which exceeds gsm->len
Reason: gsm->len is not used in advanced option mode.
- side A switches to basic option mode
- side B keeps sending until gsm0_receive() writes past gsm->buf
Reason: Neither gsm->state nor gsm->len have been reset after
reconfiguration.
Fix this by changing gsm->count to gsm->len comparison from equal to less
than. Also add upper limit checks against the constant MAX_MRU in
gsm0_receive() and gsm1_receive() to harden against memory corruption of
gsm->len and gsm->mru.
All other checks remain as we still need to limit the data according to the
user configuration and actual payload size.
Severity
7.7 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 9513d4148950b05bc99fa7314dc883cc0e1605e5
(git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56 (git) Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 0fb736c9931e02dbc7d9a75044c8e1c039e50f04 (git) Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 4c267110fc110390704cc065edb9817fdd10ff54 (git) Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 46f52c89a7e7d2691b97a9728e4591d071ca8abc (git) Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 774d83b008eccb1c48c14dc5486e7aa255731350 (git) Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < f126ce7305fe88f49cdabc6db4168b9318898ea3 (git) Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < b890d45aaf02b564e6cae2d2a590f9649330857d (git) Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 47388e807f85948eefc403a8a5fdc5b406a65d5a (git) |
|
| Linux | Linux |
Affected:
2.6.35
Unaffected: 0 , < 2.6.35 (semver) Unaffected: 4.19.316 , ≤ 4.19.* (semver) Unaffected: 5.4.278 , ≤ 5.4.* (semver) Unaffected: 5.10.219 , ≤ 5.10.* (semver) Unaffected: 5.15.161 , ≤ 5.15.* (semver) Unaffected: 6.1.93 , ≤ 6.1.* (semver) Unaffected: 6.6.33 , ≤ 6.6.* (semver) Unaffected: 6.8.12 , ≤ 6.8.* (semver) Unaffected: 6.9.3 , ≤ 6.9.* (semver) Unaffected: 6.10 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "b890d45aaf02",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "47388e807f85",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:2.6.35:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
}
]
},
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "f126ce7305fe",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "9513d4148950",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "b229bc6c6ea9",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "0fb736c9931e",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "4c267110fc11",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThanOrEqual": "46f52c89a7e7",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "774d83b008ec",
"status": "affected",
"version": "e1eaea46bb40",
"versionType": "custom"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.20",
"status": "unaffected",
"version": "4.19.316",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.5",
"status": "unaffected",
"version": "5.4.278",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.11",
"status": "unaffected",
"version": "5.10.219",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.16",
"status": "unaffected",
"version": "5.15.161",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2",
"status": "unaffected",
"version": "6.1.93",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.7",
"status": "unaffected",
"version": "6.6.33",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.9",
"status": "unaffected",
"version": "6.8.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.10",
"status": "unaffected",
"version": "6.9.3",
"versionType": "custom"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36016",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-30T18:00:26.164343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T17:58:33.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:57.711Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9513d4148950b05bc99fa7314dc883cc0e1605e5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0fb736c9931e02dbc7d9a75044c8e1c039e50f04"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4c267110fc110390704cc065edb9817fdd10ff54"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/46f52c89a7e7d2691b97a9728e4591d071ca8abc"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/774d83b008eccb1c48c14dc5486e7aa255731350"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f126ce7305fe88f49cdabc6db4168b9318898ea3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/b890d45aaf02b564e6cae2d2a590f9649330857d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/47388e807f85948eefc403a8a5fdc5b406a65d5a"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/tty/n_gsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "9513d4148950b05bc99fa7314dc883cc0e1605e5",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "0fb736c9931e02dbc7d9a75044c8e1c039e50f04",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "4c267110fc110390704cc065edb9817fdd10ff54",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "46f52c89a7e7d2691b97a9728e4591d071ca8abc",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "774d83b008eccb1c48c14dc5486e7aa255731350",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "f126ce7305fe88f49cdabc6db4168b9318898ea3",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "b890d45aaf02b564e6cae2d2a590f9649330857d",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
},
{
"lessThan": "47388e807f85948eefc403a8a5fdc5b406a65d5a",
"status": "affected",
"version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/tty/n_gsm.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.35"
},
{
"lessThan": "2.6.35",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.316",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.278",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.219",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.161",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.93",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.9.*",
"status": "unaffected",
"version": "6.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.10",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.316",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.278",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.219",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.161",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.93",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.33",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.12",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.3",
"versionStartIncluding": "2.6.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.10",
"versionStartIncluding": "2.6.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix possible out-of-bounds in gsm0_receive()\n\nAssuming the following:\n- side A configures the n_gsm in basic option mode\n- side B sends the header of a basic option mode frame with data length 1\n- side A switches to advanced option mode\n- side B sends 2 data bytes which exceeds gsm-\u003elen\n Reason: gsm-\u003elen is not used in advanced option mode.\n- side A switches to basic option mode\n- side B keeps sending until gsm0_receive() writes past gsm-\u003ebuf\n Reason: Neither gsm-\u003estate nor gsm-\u003elen have been reset after\n reconfiguration.\n\nFix this by changing gsm-\u003ecount to gsm-\u003elen comparison from equal to less\nthan. Also add upper limit checks against the constant MAX_MRU in\ngsm0_receive() and gsm1_receive() to harden against memory corruption of\ngsm-\u003elen and gsm-\u003emru.\n\nAll other checks remain as we still need to limit the data according to the\nuser configuration and actual payload size."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:15:41.860Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/9513d4148950b05bc99fa7314dc883cc0e1605e5"
},
{
"url": "https://git.kernel.org/stable/c/b229bc6c6ea9fe459fc3fa94fd0a27a2f32aca56"
},
{
"url": "https://git.kernel.org/stable/c/0fb736c9931e02dbc7d9a75044c8e1c039e50f04"
},
{
"url": "https://git.kernel.org/stable/c/4c267110fc110390704cc065edb9817fdd10ff54"
},
{
"url": "https://git.kernel.org/stable/c/46f52c89a7e7d2691b97a9728e4591d071ca8abc"
},
{
"url": "https://git.kernel.org/stable/c/774d83b008eccb1c48c14dc5486e7aa255731350"
},
{
"url": "https://git.kernel.org/stable/c/f126ce7305fe88f49cdabc6db4168b9318898ea3"
},
{
"url": "https://git.kernel.org/stable/c/b890d45aaf02b564e6cae2d2a590f9649330857d"
},
{
"url": "https://git.kernel.org/stable/c/47388e807f85948eefc403a8a5fdc5b406a65d5a"
}
],
"title": "tty: n_gsm: fix possible out-of-bounds in gsm0_receive()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-36016",
"datePublished": "2024-05-29T18:46:34.778Z",
"dateReserved": "2024-05-17T13:50:33.154Z",
"dateUpdated": "2026-05-11T20:15:41.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…